Problem mit selbstständigen øffnen neuer Tabs und Popups (Reimage) im google chrome

syldron · 18.03.2016, 19:21

Hallo,

ich hab mir offensichtlich irgendwas bøses eingefangen. Ich weiss weder wie noch wo, aber seit heute morgen kann ich meinen Laptop nicht mehr wirklich benutzen. Ich hab windows 8 und surfe mit chrome.
Eigentlich hab ich Adblock aktiviert, aber seit heute morgen hab ich ständig irgendwelche popups auf dem Schirm und es øffnen sich ständig eigenständig lauter neue Tabs mit irgendwelchen Casinokram oder Reimage.

Das erste was mir aufgefallen ist, ist das ich beim Adblock auf einmal gar nix mehr einstellen kann, das Tool reagiert auf nix.

Dann hab ich ein bisschen gegooglet und aufgrund der Suchergebnisse erst mal versucht Reimage aus den Programms zu løschen. Das klappte dann schon mal nicht, weil in der Programmliste nix mit Reimage zu finden war.
Darüber hinaus hab ich noch chrome auf Standarteinstellungen zurück gestellt.

Dann hab ich ADW Cleaner und revo runter geladen und laufen lassen. Darüber hinaus hab ich noch Malwarebytes anti malware, welches eh schon installiert war, laufen lassen.
Leider ist das Problem immer noch da.

Wann immer ich ein neues tab øffne bekomme ich eine Warnung von Malewarebytes angezeigt, das eine seite blockiert wurde. Domåne ist m55.dnsqa.me , ip 82.163.143.92, port 49859, type outbound

Kønnt ihr mir helfen?

M-K-D-B · 18.03.2016, 21:30

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Bitte alle Logdateien von AdwCleaner und MBAM mit den Funden posten!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdateien von AdwCleaner und MBAM,
die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

syldron · 19.03.2016, 18:30

ok, dann versuche ich das mal. hier loggfile von mbam

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Skannedato: 19.03.2016
Skannetid: 03:36
Loggfil: 
Administrator: Ja

Versjon: 2.2.0.1024
Malwaredatabase: v2016.03.18.06
Rootkitdatabase: v2016.03.12.01
Lisens: Prøveversjon
Malwarebeskyttelse: Aktivert
Ondsinnet Nettsidebeskyttelse: Aktivert
Selvbeskyttelse: Deaktivert

OS: Windows 8.1
CPU: x64
Filsystem: NTFS
Bruker: Hein

Skannetype: Trusselskann
Resultat: Fullført
Objekter skannet: 387636
Tid brukt: 6 min, 25 sek

Minne: Aktivert
Oppstart: Aktivert
Filsystem: Aktivert
Arkiv: Aktivert
Rootkits: Deaktivert
Heuristikk: Aktivert
PUP: Aktivert
PUM: Aktivert

Prosesser: 0
(Ingen ondsinnede elementer funnet)

Moduler: 0
(Ingen ondsinnede elementer funnet)

Registernøkler: 0
(Ingen ondsinnede elementer funnet)

Registerverdier: 0
(Ingen ondsinnede elementer funnet)

Registerdata: 0
(Ingen ondsinnede elementer funnet)

Mapper: 0
(Ingen ondsinnede elementer funnet)

Filer: 0
(Ingen ondsinnede elementer funnet)

Fysiske sektorer: 0
(Ingen ondsinnede elementer funnet)


(end)

und dieses hier

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 19.03.2016 00:27, SYSTEM, RECHENSCHLAMPE, Scheduler, Malware Database, 2016.3.18.4, 2016.3.18.6, 
Protection, 19.03.2016 00:27, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Starting, 
Protection, 19.03.2016 00:27, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopping, 
Protection, 19.03.2016 00:27, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopped, 
Protection, 19.03.2016 00:27, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Success, 
Protection, 19.03.2016 00:27, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Starting, 
Protection, 19.03.2016 00:27, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Started, 
Detection, 19.03.2016 00:27, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50343, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 00:27, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50343, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 00:27, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50344, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 00:28, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50357, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 00:29, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50374, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 00:29, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50375, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 00:56, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50651, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 00:59, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50672, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 01:18, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50862, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 01:18, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50863, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 01:18, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50864, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 01:19, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50972, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 01:19, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 51011, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 01:19, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 51045, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:07, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52016, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:07, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52017, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:07, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52018, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:08, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52049, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:08, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52050, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:08, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52051, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:08, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52053, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:08, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52054, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:08, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52055, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:27, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52875, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:27, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52893, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:36, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52971, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:36, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52972, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:36, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52973, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:36, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52974, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:36, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52975, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:36, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52979, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:36, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52980, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:36, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52984, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:36, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52985, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:36, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 52986, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:52, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 53184, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:52, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 53185, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:52, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 53190, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:52, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 53191, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:52, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 53192, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 02:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 53310, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 03:27, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 53986, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Scan, 19.03.2016 03:42, SYSTEM, RECHENSCHLAMPE, Context, Start: 19.03.2016 03:36, Varighet: 6 min 25 sek, Trusselskann, Fullført, 0 Malwareidentifiseringer, 0 PUP/PUM-identifiseringer, 
Detection, 19.03.2016 03:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 54295, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 03:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 54295, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 03:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 54296, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 03:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 54297, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 03:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 54300, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 03:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 54420, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 04:27, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 54743, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 19.03.2016 04:53, SYSTEM, RECHENSCHLAMPE, Scheduler, Malware Database, 2016.3.18.6, 2016.3.19.1, 
Protection, 19.03.2016 04:53, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Starting, 
Protection, 19.03.2016 04:53, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopping, 
Protection, 19.03.2016 04:53, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopped, 
Protection, 19.03.2016 04:54, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Success, 
Protection, 19.03.2016 04:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Starting, 
Protection, 19.03.2016 04:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Started, 
Detection, 19.03.2016 04:56, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55130, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 04:56, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55130, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 04:56, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55131, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 04:56, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55132, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 04:56, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55134, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 04:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55190, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 04:59, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55208, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 04:59, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55209, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 19.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Scheduler, Malware Database, 2016.3.19.1, 2016.3.19.2, 
Protection, 19.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Starting, 
Protection, 19.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopping, 
Protection, 19.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopped, 
Protection, 19.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Success, 
Protection, 19.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Starting, 
Protection, 19.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Started, 
Detection, 19.03.2016 09:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55354, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 09:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55354, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 09:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55355, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 09:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55359, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 09:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55360, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 09:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55361, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 09:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55372, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 09:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55373, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 09:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55374, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 12:30, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55576, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 12:30, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55577, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 12:30, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55617, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 12:30, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55618, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 12:50, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55827, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 12:50, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55840, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 12:52, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 55971, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:06, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56147, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 19.03.2016 14:06, SYSTEM, RECHENSCHLAMPE, Scheduler, Malware Database, 2016.3.19.2, 2016.3.19.3, 
Protection, 19.03.2016 14:06, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Starting, 
Protection, 19.03.2016 14:06, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopping, 
Protection, 19.03.2016 14:06, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopped, 
Protection, 19.03.2016 14:07, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Success, 
Protection, 19.03.2016 14:07, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Starting, 
Protection, 19.03.2016 14:07, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Started, 
Detection, 19.03.2016 14:36, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56373, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:36, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56374, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:36, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56373, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:41, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56430, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:41, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56431, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:41, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56432, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56438, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56439, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56443, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56444, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56445, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56454, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56462, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56463, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56497, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56501, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56502, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56503, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56504, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56505, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56517, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56532, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:43, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56559, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:43, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56570, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56575, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56576, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56577, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56578, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56590, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56602, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56603, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56604, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56620, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:45, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56631, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:46, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56654, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:47, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56659, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:47, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56665, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:47, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56671, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56675, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56683, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56684, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56688, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56689, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56690, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56710, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56711, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56720, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56721, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 14:49, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56722, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 19.03.2016 14:54, SYSTEM, RECHENSCHLAMPE, Scheduler, Domain Database, 2016.3.18.2, 2016.3.19.1, 
Protection, 19.03.2016 14:54, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Starting, 
Protection, 19.03.2016 14:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopping, 
Protection, 19.03.2016 14:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopped, 
Protection, 19.03.2016 14:54, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Success, 
Protection, 19.03.2016 14:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Starting, 
Protection, 19.03.2016 14:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Started, 
Detection, 19.03.2016 15:06, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56904, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:06, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56904, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:06, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 56905, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:34, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57214, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:37, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57390, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:37, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57402, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:37, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57403, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:37, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57408, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:37, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57409, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:37, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57410, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:39, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57425, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:39, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57426, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:39, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57430, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:39, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57431, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:39, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57432, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:40, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57462, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:40, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57463, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:40, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57466, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:40, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57467, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:40, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57468, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:40, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57473, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 15:40, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 57474, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 16:07, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 58279, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 16:37, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 58462, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 16:47, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 58737, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 16:48, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 58798, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 17:07, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 59041, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 17:22, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 60102, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 17:51, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 60418, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 17:51, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 60436, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 17:52, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 60482, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 19.03.2016 17:57, SYSTEM, RECHENSCHLAMPE, Scheduler, Malware Database, 2016.3.19.3, 2016.3.19.4, 
Protection, 19.03.2016 17:57, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Starting, 
Protection, 19.03.2016 17:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopping, 
Protection, 19.03.2016 17:57, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopped, 
Protection, 19.03.2016 17:58, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Success, 
Protection, 19.03.2016 17:58, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Starting, 
Protection, 19.03.2016 17:58, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Started, 
Detection, 19.03.2016 18:00, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 60603, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 18:00, SYSTEM, RECHENSCHLAME, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 60603, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 18:00, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 60604, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 18:00, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 60614, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 19.03.2016 18:00, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 60622, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

(end)

was ADW angeht, so konnte ich kein loggfile von gestern aufrufen. Hängt vieleicht damit zusammen, dass mir aufgrund der popup und reimage probleme gestern abend es nicht møglich war irgendwelche Seiten zu øffnen, geschweige denn irgendwelche tools runterzuladen. deswegen hab ich ADW über einen zweiten laptop runtergeladen und auf disc gebrannt und von der disc gestartet. Als ich ADW eben geøffnet habe, war kein loggfile augeführt. Deswegen hab ich einen neuscan gemacht, der aber so wie es aussieht ergebnislos war

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v5.102 - Logfile created 19/03/2016 at 18:08:00
# Updated 13/03/2016 by Xplode
# Database : 2016-03-19.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Hein - RECHENSCHLAMPE
# Running from : D:\AdwCleaner_5.102.exe
# Option : Scan
# Support : hxxp://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [4038 bytes] - [18/03/2016 17:57:12]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C2].txt - [1273 bytes] - [18/03/2016 18:50:21]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [4136 bytes] - [18/03/2016 17:55:01]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [1101 bytes] - [18/03/2016 18:48:56]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S3].txt - [951 bytes] - [19/03/2016 18:08:00]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S3].txt - [1043 bytes] ##########

--- --- ---

jetzt funktioniert der laptop zumindestens wieder so weit, das ich seiten øffnen und sachen downloaden kann, aber ich bekomme halt ständig wie schon gestern geschrieben die warnfenster vom MBAM.
Werde mich jetzt an FRST TDSS machen und das dann hier gleich posten.

Vielen Dank schon mal für Eure Hilfe!

die loggfiles von FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Hein (administrator) on RECHENSCHLAMPE (19-03-2016 18:26:44)
Running from C:\Users\Hein\Desktop
Loaded Profiles: Hein (Available Profiles: Hein & Administrator)
Platform: Windows 8.1 (X64) Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics Incorporated\SynFP\Shared\SensorDBSynch.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
() C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [384344 2014-02-18] (Lenovo.)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [938032 2014-03-06] (Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcesses
HKLM\...\Run: [LMCSSTART2] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStart
HKLM\...\Run: [LMCSSTART3] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDrop
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-03-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ThinkPad OneLink Dock Management.lnk [2014-12-20]
ShortcutTarget: ThinkPad OneLink Dock Management.lnk -> C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1	mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{013EA3FE-019E-4995-B068-4399A10F735A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{013EA3FE-019E-4995-B068-4399A10F735A}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{2F0BE758-366B-4C4D-83DD-22E4910B970E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2F0BE758-366B-4C4D-83DD-22E4910B970E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{475A88DF-E6F3-43DC-A187-E822B6F2884F}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{822EC8C9-51FF-4F99-9A55-6DB6B298CE91}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{DA56E7A7-3C80-4F6B-841E-41C7392344DB}: [DhcpNameServer] 82.163.143.171

Internet Explorer:
==================
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-331516496-3851143654-2456111117-1001 -> DefaultScope {E62BFBAE-43EE-4CF5-BD6E-423F055F1485} URL = 
SearchScopes: HKU\S-1-5-21-331516496-3851143654-2456111117-1001 -> {E62BFBAE-43EE-4CF5-BD6E-423F055F1485} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Präsentationen) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-30]
CHR Extension: (Google Docs) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-30]
CHR Extension: (Google Drive) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-30]
CHR Extension: (YouTube) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-30]
CHR Extension: (Adblock Plus) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-18]
CHR Extension: (Google-Suche) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-30]
CHR Extension: (Google Tabellen) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-30]
CHR Extension: (Google Mail) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-21] (Lenovo Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2013-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016472 2015-01-23] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-21] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-09] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-22] (Lenovo)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [474160 2014-03-06] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-09] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61936 2014-06-12] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [327152 2014-06-12] (Lenovo Group Limited)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 valWBFPolicyService; C:\Windows\System32\valWBFPolicyService.exe [47504 2014-06-13] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\windows\system32\valWbioSyncSvc.exe [32256 2014-06-25] (Synaptics Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [192456 2014-05-30] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77456 2013-08-19] (Intel Corporation)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-08] (Lenovo)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3440096 2014-04-16] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
R1 SMIDriver; C:\Windows\System32\drivers\smi.sys [19760 2014-06-13] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-19 18:26 - 2016-03-19 18:26 - 00021081 _____ C:\Users\Hein\Desktop\FRST.txt
2016-03-19 18:26 - 2016-03-19 18:26 - 00000000 ____D C:\FRST
2016-03-19 18:25 - 2016-03-19 18:25 - 02374144 _____ (Farbar) C:\Users\Hein\Desktop\FRST64.exe
2016-03-19 12:28 - 2016-03-19 12:28 - 00000000 ____D C:\Users\Hein\AppData\Local\CEF
2016-03-18 18:00 - 2016-03-18 18:00 - 00001291 _____ C:\Users\Hein\Desktop\Revo Uninstaller.lnk
2016-03-18 18:00 - 2016-03-18 18:00 - 00000000 ____D C:\Users\Hein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-03-18 18:00 - 2016-03-18 18:00 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-03-18 17:54 - 2016-03-19 18:08 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-18 17:14 - 2016-03-18 17:15 - 00772016 _____ (Reimage®) C:\Users\Hein\Downloads\ReimageRepair.exe
2016-03-18 17:04 - 2016-03-18 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-03-18 17:04 - 2016-03-18 17:04 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-03-18 16:34 - 2016-03-18 17:04 - 00001991 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-03-18 16:34 - 2016-03-18 16:42 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-18 16:34 - 2016-03-18 16:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-18 16:34 - 2016-03-18 16:34 - 00002078 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-03-18 16:34 - 2016-03-18 16:34 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-03-18 16:34 - 2016-03-18 16:34 - 00000000 ____D C:\ProgramData\McAfee
2016-03-15 18:24 - 2016-03-15 18:24 - 00000000 ____D C:\Users\Hein\AppData\LocalLow\Temp
2016-03-11 09:35 - 2016-03-11 09:35 - 00000000 _____ C:\Users\Hein\Downloads\Download (1)
2016-03-11 09:35 - 2016-03-11 09:35 - 00000000 _____ C:\Users\Hein\Downloads\Download
2016-03-07 22:35 - 2016-03-18 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2016-03-07 22:35 - 2016-03-07 22:35 - 00000000 ____D C:\Users\Hein\Documents\My PDFill
2016-03-07 22:35 - 2016-03-07 22:35 - 00000000 ____D C:\ProgramData\PlotSoft
2016-03-07 22:35 - 2016-03-07 22:35 - 00000000 ____D C:\Program Files (x86)\PlotSoft
2016-03-07 22:05 - 2016-03-07 22:05 - 00970154 _____ C:\Users\Hein\Downloads\membercard_48970.pdf
2016-03-07 22:04 - 2016-03-07 22:04 - 00016985 _____ C:\Users\Hein\Downloads\faktura41614.pdf
2016-03-03 18:34 - 2016-03-03 18:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-02-29 21:12 - 2016-03-17 21:04 - 00000000 ____D C:\Users\Hein\AppData\Local\CrashDumps
2016-02-25 21:55 - 2016-02-25 21:55 - 00115402 _____ C:\Users\Hein\Downloads\tickets_19535452.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-19 18:23 - 2015-12-25 16:56 - 00000000 ____D C:\Users\Hein\AppData\Local\ClassicShell
2016-03-19 18:04 - 2015-12-25 16:49 - 00001030 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-19 17:57 - 2015-12-26 00:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-19 02:43 - 2015-11-26 19:19 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-331516496-3851143654-2456111117-1001
2016-03-19 01:43 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-19 01:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-19 01:05 - 2015-12-25 16:50 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-19 01:05 - 2015-12-25 16:50 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-18 18:56 - 2014-12-20 00:28 - 00449910 _____ C:\WINDOWS\system32\perfh014.dat
2016-03-18 18:56 - 2014-12-20 00:28 - 00077052 _____ C:\WINDOWS\system32\perfc014.dat
2016-03-18 18:56 - 2014-03-18 10:53 - 01377824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-18 18:56 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-18 18:55 - 2014-12-20 00:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-03-18 18:52 - 2015-12-30 09:32 - 00000322 _____ C:\WINDOWS\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein at logon.job
2016-03-18 18:52 - 2015-12-30 09:32 - 00000296 _____ C:\WINDOWS\Tasks\Start WinZip Driver Updater for RECHENSCHLAMPE@Hein(logon).job
2016-03-18 18:52 - 2015-12-25 16:49 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-18 18:51 - 2015-04-29 15:09 - 00000000 ___DO C:\Users\Hein\OneDrive
2016-03-18 18:51 - 2014-12-20 00:27 - 00000000 ____D C:\ProgramData\Validity
2016-03-18 18:51 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-18 18:16 - 2014-12-20 00:22 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-03-18 18:16 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-18 18:06 - 2015-11-26 19:25 - 00000000 ____D C:\Users\Hein\AppData\Local\Adobe
2016-03-18 16:39 - 2014-12-20 00:24 - 00000000 ____D C:\ProgramData\Adobe
2016-03-18 16:38 - 2015-11-26 19:13 - 00000000 ____D C:\Users\Hein\AppData\Roaming\Adobe
2016-03-18 16:34 - 2014-12-20 00:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-18 13:38 - 2015-11-26 19:06 - 00000000 ____D C:\Users\Hein
2016-03-18 13:37 - 2015-12-25 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-18 13:37 - 2015-12-25 16:56 - 00000000 ____D C:\ProgramData\ClassicShell
2016-03-18 13:37 - 2014-12-20 00:14 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-03-18 13:37 - 2014-12-19 08:08 - 00000000 ____D C:\ProgramData\Lenovo
2016-03-18 13:37 - 2014-04-03 19:18 - 00000000 ____D C:\Users\Administrator
2016-03-18 13:35 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\registration
2016-02-25 20:52 - 2016-01-08 07:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-02-25 19:53 - 2014-12-20 00:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-02-25 19:50 - 2014-12-20 00:04 - 00000000 ____D C:\Program Files\Lenovo
2016-02-25 19:48 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-02-25 19:47 - 2014-12-20 00:03 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-02-25 19:26 - 2015-11-26 19:13 - 00000000 ____D C:\Users\Hein\AppData\Local\Lenovo

==================== Files in the root of some directories =======

2014-12-20 00:07 - 2014-12-20 00:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-20 00:29 - 2014-12-20 00:29 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-12-20 00:27 - 2014-12-20 00:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-12-20 00:28 - 2014-12-20 00:28 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-12-20 00:28 - 2014-12-20 00:29 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Some files in TEMP:
====================
C:\Users\Hein\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\Hein\AppData\Local\Temp\octB126.tmp.exe
C:\Users\Hein\AppData\Local\Temp\octE37B.tmp.exe
C:\Users\Hein\AppData\Local\Temp\tu17p84.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-17 06:10

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

[CODE]Additional
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Hein (2016-03-19 18:27:12)
Running from C:\Users\Hein\Desktop
Windows 8.1 (X64) (2015-11-26 18:07:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-331516496-3851143654-2456111117-500 - Administrator - Disabled) => C:\Users\Administrator
Gjest (S-1-5-21-331516496-3851143654-2456111117-501 - Limited - Disabled)
Hein (S-1-5-21-331516496-3851143654-2456111117-1001 - Administrator - Enabled) => C:\Users\Hein
HomeGroupUser$ (S-1-5-21-331516496-3851143654-2456111117-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.17.50 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3604 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.3604 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Dependency Package Update (Version: 1.6.26.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1014 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo HID HW Radio Driver 1.0.0.58 (HKLM\...\{E5325F32-D15A-4131-B029-4A5B7609E532}_is1) (Version: 1.0.0.58 - Lenovo)
Lenovo Multimedia and Communications Core Runtime (HKLM\...\{033DC0E0-DA89-4C33-B66C-89B64D312CD1}_is1) (Version: 5.0.13.94 - Lenovo Corporation)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo QuickControl (HKLM-x32\...\{4855C42F-5197-4AAD-A50D-5066D2CC4647}) (Version: 2.20 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.19.209 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.4.0.5 - Lenovo Group Limited)
Lenovo Settings - Power (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 7.49.4 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.33 - Lenovo Group Limited)
Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 2.3.0.84 - Lenovo)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.3.7 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.42.8185 - Intel(R) Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{AFD7B869-3B70-40C7-8983-769256BA3BD2}) (Version: 2.2.0003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware versjon 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.5.0 - Mozilla)
Mozilla Thunderbird 38.6.0 (x86 nb-NO) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 nb-NO)) (Version: 38.6.0 - Mozilla)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.33.00 - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (x32 Version: 10.0.1.2704 - CyberLink Corp.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Synaptics WBF DDK 5011 (HKLM\...\{491728AE-BFF0-44F2-A9F1-9AE218E36E2D}) (Version: 4.5.263.0 - Synaptics)
Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.263.0 - )
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.25 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.40 - Synaptics Incorporated)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.8.911.2013 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden
Windows Driver Package - Intel Corporation (iaStorA) HDC  (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows Driver Package - Lenovo 1.67.04.05 (12/17/2013 1.67.04.05) (HKLM\...\68ECF461D6E85BB67AFC110D2FEBF1955C9F26B5) (Version: 12/17/2013 1.67.04.05 - Lenovo)
WinZip Driver Updater (HKLM\...\WinZip Driver Updater) (Version: 5.3.2.54 - VAPC (Lux) S.a.r.L)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E27045A-699B-48F5-A9AE-FE2565F1FFCB} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {1A007918-0FAD-420F-9A27-6809D63F5A1E} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {258786F3-6780-4510-84F4-F4DC0C1225CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {31841FC0-9CDB-44F0-9F5F-448017D45E05} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
Task: {42C14980-900E-4EFA-BAAE-A86F8409251D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {49101344-6C76-46D5-A5F2-776A4831F494} - System32\Tasks\Diner Browser => Rundll32.exe "C:\Users\Hein\AppData\Local\Diner Browser\{7420D55C-28E9-72F7-ABB0-767FACF2478B}\DinerBrowser.dll",#1 <==== ATTENTION
Task: {501FE315-3E58-4A4A-988F-85F98192C12A} - System32\Tasks\Start WinZip Driver Updater Update => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {513819BA-6109-4CF9-B53B-81A9330851A2} - System32\Tasks\Diner Browser2 => Rundll32.exe "C:\Users\Hein\AppData\Local\Diner Browser\{7420D55C-28E9-72F7-ABB0-767FACF2478B}\vqelekf.dll",#1 <==== ATTENTION
Task: {52340366-8AB4-4507-98B5-C83E40EB0036} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {56AF9621-5123-45F2-852D-62BF905F958A} - System32\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {60BEB501-9AD5-45CF-A44B-DFFD735C1704} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo)
Task: {62B8B0BC-78EF-4257-84F6-24819EE57AE0} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-07] (CyberLink)
Task: {6F01A077-D156-493B-92CA-82C3EE8D6A55} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-07] (Synaptics Incorporated)
Task: {7A2EAC43-1D01-458A-B3AE-9DF7389FEB31} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {85944945-8F16-4432-9CD4-77F84C066944} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {922C9785-042D-4A1C-B98E-A4FFDFA0B32E} - System32\Tasks\Start WinZip Driver Updater Schedule => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {A42755FE-7E6E-44B0-9546-B19C5B0F91AB} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {AE685F9E-9C02-4D89-97B8-A376389BFF53} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2013-06-29] (CyberLink Corp.)
Task: {B36A6187-A80F-4959-A41B-FD222C61CB8A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {C0F659EF-7BCF-4649-975C-432E4FA4CF4D} - System32\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein at logon => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {D722B938-2AA9-403D-B597-F224DC56F6DA} - System32\Tasks\Start WinZip Driver Updater for RECHENSCHLAMPE@Hein(logon) => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {ED246180-ED51-4764-80A2-FD6F062EF138} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {F9514689-9757-4AA4-90F4-CB90AB92EEB4} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater for RECHENSCHLAMPE@Hein(logon).job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein at logon.job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe-runExecutable SRTray.exe
Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein.job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe-runExecutable SRTray.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-12-20 00:33 - 2015-01-16 07:49 - 00105472 ____N () C:\Program Files (x86)\ThinkPad\Utilities\NO\PWMRT64V.dll
2014-12-20 00:26 - 2012-04-24 11:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-12-20 00:07 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-02-18 03:38 - 2014-02-18 03:38 - 00246104 _____ () C:\Program Files\ThinkPad\TpShocks\MUI\0414\TpShocks.dll
2014-12-20 00:03 - 2013-10-29 01:48 - 00915968 _____ () C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
2014-12-20 00:33 - 2015-01-16 07:49 - 00105472 ____N () C:\Program Files (x86)\ThinkPad\Utilities\NO\PWMRT64V.DLL
2014-12-20 00:33 - 2015-01-09 15:40 - 00469720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2014-12-20 00:33 - 2015-01-09 15:40 - 00013528 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2016-01-29 19:42 - 2016-01-29 19:42 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2015-12-25 15:07 - 2015-12-25 15:07 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
2016-01-31 05:34 - 2016-01-31 05:34 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2013-03-07 06:49 - 2013-03-07 06:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2013-03-07 06:52 - 2013-03-07 06:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-12-20 00:01 - 2013-09-16 04:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-02-20 12:05 - 2016-02-18 05:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-20 12:05 - 2016-02-18 05:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2016-01-08 07:44 - 2016-02-25 20:51 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2016-01-08 07:44 - 2016-02-25 20:51 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2016-02-20 12:05 - 2016-02-18 05:15 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Hein\Downloads\Classic Shell - CHIP-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\FreeCAD - CHIP-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\Microsoft Rechner Plus - CHIP-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\OpenOffice - CHIP-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\Setup.X86.nb-NO_HomeStudentRetail_18f91a2b-0c0f-4b6e-b2b2-db75bb097d82_TX_DB_.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\Support-LogMeInRescue (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\Support-LogMeInRescue.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-03-18 17:04 - 00000854 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1	mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hein\Desktop\Pictures\Pictures\bilder für email\10350632_10152164393638002_5661559173947843649_n.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{53150976-E673-43CD-96E1-8EAED71603DB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1A71CB6B-B0CD-4EB6-A482-CDE9BEFF72FB}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{F5817868-B22F-45D0-BA41-2753D601F50E}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{42175962-ED99-4625-93A7-9E0ABA3F0612}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{06D2607C-A9FA-401E-8EFE-D689547E5C2C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{1316B1EA-4B06-41E5-8D3E-39C8F18EB6D3}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{D9C34587-731C-4E37-9789-C4DAD83C8557}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{3609141A-55E3-4FEB-9ABA-3664D5910F6D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{C0CBF5E6-D70F-4351-86B5-9F3CFF0262B0}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{7BFEA752-06F5-4F90-9FDD-5C5DDE9CFE4A}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{30320B62-554D-4CAE-BB91-B64B9C096E7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{6F90D5DD-098E-4A47-9A7E-7A1134B76698}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9FA48342-C48C-4042-BC2D-8006A6F8E7D5}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{BF11FF53-1ABF-4EB1-BC0F-F5D7527BEBF9}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{08B22EA0-8B70-40B2-8D8D-60CFDA0EB406}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-03-2016 08:26:40 Planlagt kontrollpunkt
18-03-2016 13:34:43 Gjenopprettingsoperasjon

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2016 04:41:43 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (03/18/2016 04:30:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHENSCHLAMPE)
Description: Aktiveringen av appen Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader mislyktes med feilen: -2147009284 Se loggen for Microsoft-Windows-TWinUI/Operational hvis du vil ha mer informasjon.

Error: (03/18/2016 04:29:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHENSCHLAMPE)
Description: Aktiveringen av appen Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader mislyktes med feilen: -2147009284 Se loggen for Microsoft-Windows-TWinUI/Operational hvis du vil ha mer informasjon.

Error: (03/18/2016 04:28:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1652) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU000B0.log.

Error: (03/17/2016 08:44:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Programnavn med feil: chrome.exe, versjon: 48.0.2564.116, tidsangivelse: 0x56c52f1d
Modulnavn med feil: chrome.dll, versjon: 48.0.2564.116, tidsangivelse: 0x56c52969
Unntakskode: 0x80000003
Feilforskyvning: 0x00548ec4
Feil prosess-ID: 0x4d0
Feil starttid for program: 0xchrome.exe0
Feil programbane: chrome.exe1
Feil modulbane: chrome.exe2
Rapport-ID: chrome.exe3
Fullstendig navn på feilpakke: chrome.exe4
Relativ program-ID for feilpakke: chrome.exe5

Error: (03/17/2016 08:04:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe versjon 17.5.9600.20911 sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet, åpner du problemloggen i kontrollpanelet for Handlingssenter.

Prosess-ID: 1950

Starttidspunkt: 01d1807fb592649f

Avslutningstidspunkt: 4294967295

Programbane: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 03af8b7b-ec73-11e5-8272-801934d39d0b

Fullstendig navn på feilpakke: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Relativ program-ID for feilpakke: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/15/2016 08:11:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volumet WINRE_DRV ble ikke optimalisert fordi det oppstod en feil: Feil parameter. (0x80070057)

Error: (03/09/2016 08:00:42 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volumet WINRE_DRV ble ikke optimalisert fordi det oppstod en feil: Feil parameter. (0x80070057)

Error: (03/07/2016 08:17:04 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volumet WINRE_DRV ble ikke optimalisert fordi det oppstod en feil: Feil parameter. (0x80070057)

Error: (03/07/2016 06:37:26 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volumet WINRE_DRV ble ikke optimalisert fordi det oppstod en feil: Feil parameter. (0x80070057)


System errors:
=============
Error: (03/18/2016 06:51:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen for WLAN-utvidelse er stoppet uventet.

Modulbane: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/18/2016 06:51:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen for WLAN-utvidelse er stoppet uventet.

Modulbane: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/18/2016 06:51:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Lenovo PM Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/18/2016 06:51:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen for WLAN-utvidelse er stoppet uventet.

Modulbane: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/18/2016 06:50:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Lenovo Settings Power Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/18/2016 06:50:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten LocationTaskManager avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/18/2016 06:50:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten lnvDiscoveryWinSvc avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/18/2016 06:50:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Intel(R) Dynamic Application Loader Host Interface Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/18/2016 06:50:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Lenovo Hotkey Client Loader avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/18/2016 06:50:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Cyberlink RichVideo64 Service(CRVS) avsluttet uventet. Det har den gjort 1 gang(er).


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4100M CPU @ 2.50GHz
Percentage of memory in use: 66%
Total physical RAM: 3986.58 MB
Available physical RAM: 1317.82 MB
Total Virtual: 6290.58 MB
Available Virtual: 2791.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:97.94 GB) (Free:41.2 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 7BA096CD)

Partition: GPT.

==================== End of Addition.txt ============================

--- --- ---

--- --- ---

syldron · 19.03.2016, 19:05

Code:

ATTFilter

18:32:26.0171 0x1d40  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
18:32:26.0171 0x1d40  UEFI system
18:32:31.0828 0x1d40  ============================================================
18:32:31.0828 0x1d40  Current date / time: 2016/03/19 18:32:31.0828
18:32:31.0828 0x1d40  SystemInfo:
18:32:31.0828 0x1d40  
18:32:31.0828 0x1d40  OS Version: 6.3.9600 ServicePack: 0.0
18:32:31.0828 0x1d40  Product type: Workstation
18:32:31.0828 0x1d40  ComputerName: RECHENSCHLAMPE
18:32:31.0828 0x1d40  UserName: Hein
18:32:31.0828 0x1d40  Windows directory: C:\WINDOWS
18:32:31.0828 0x1d40  System windows directory: C:\WINDOWS
18:32:31.0828 0x1d40  Running under WOW64
18:32:31.0828 0x1d40  Processor architecture: Intel x64
18:32:31.0828 0x1d40  Number of processors: 4
18:32:31.0828 0x1d40  Page size: 0x1000
18:32:31.0828 0x1d40  Boot type: Normal boot
18:32:31.0828 0x1d40  ============================================================
18:32:31.0906 0x1d40  KLMD registered as C:\WINDOWS\system32\drivers\09327476.sys
18:32:32.0805 0x1d40  System UUID: {222CB145-ED2A-B708-8858-38567434627F}
18:32:33.0555 0x1d40  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:32:33.0555 0x1d40  ============================================================
18:32:33.0555 0x1d40  \Device\Harddisk0\DR0:
18:32:33.0555 0x1d40  GPT partitions:
18:32:33.0555 0x1d40  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {607D6300-DDE9-4269-BC22-57CC189EFE98}, Name: , StartLBA 0x800, BlocksNum 0x1F4000
18:32:33.0555 0x1d40  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {50BDC475-CC10-4D52-9E59-C5B74950C27B}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
18:32:33.0555 0x1d40  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EBB4E252-2C8D-49D9-8E61-AC6FF6C63F26}, Name: Microsoft reserved partition, StartLBA 0x276800, BlocksNum 0x40000
18:32:33.0555 0x1d40  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A105032A-0C84-489A-A7BE-4EBD9D84C5D5}, Name: Basic data partition, StartLBA 0x2B6800, BlocksNum 0xC3E2000
18:32:33.0555 0x1d40  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {74B38F32-453D-4C0D-8D2F-499182D17FFB}, Name: , StartLBA 0xC698800, BlocksNum 0x27E3800
18:32:33.0555 0x1d40  MBR partitions:
18:32:33.0555 0x1d40  ============================================================
18:32:33.0555 0x1d40  C: <-> \Device\Harddisk0\DR0\Partition4
18:32:33.0555 0x1d40  ============================================================
18:32:33.0555 0x1d40  Initialize success
18:32:33.0555 0x1d40  ============================================================
18:32:35.0957 0x16c8  ============================================================
18:32:35.0957 0x16c8  Scan started
18:32:35.0957 0x16c8  Mode: Manual; 
18:32:35.0957 0x16c8  ============================================================
18:32:35.0957 0x16c8  KSN ping started
18:32:38.0757 0x16c8  KSN ping finished: true
18:32:39.0007 0x16c8  ================ Scan system memory ========================
18:32:39.0007 0x16c8  System memory - ok
18:32:39.0023 0x16c8  ================ Scan services =============================
18:32:39.0070 0x16c8  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
18:32:39.0070 0x16c8  1394ohci - ok
18:32:39.0085 0x16c8  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
18:32:39.0085 0x16c8  3ware - ok
18:32:39.0101 0x16c8  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
18:32:39.0117 0x16c8  ACPI - ok
18:32:39.0117 0x16c8  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
18:32:39.0132 0x16c8  acpiex - ok
18:32:39.0132 0x16c8  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
18:32:39.0132 0x16c8  acpipagr - ok
18:32:39.0132 0x16c8  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
18:32:39.0132 0x16c8  AcpiPmi - ok
18:32:39.0148 0x16c8  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
18:32:39.0148 0x16c8  acpitime - ok
18:32:39.0148 0x16c8  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:32:39.0148 0x16c8  AdobeARMservice - ok
18:32:39.0185 0x16c8  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
18:32:39.0193 0x16c8  ADP80XX - ok
18:32:39.0209 0x16c8  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
18:32:39.0209 0x16c8  AeLookupSvc - ok
18:32:39.0224 0x16c8  [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD             C:\WINDOWS\system32\drivers\afd.sys
18:32:39.0240 0x16c8  AFD - ok
18:32:39.0240 0x16c8  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
18:32:39.0240 0x16c8  agp440 - ok
18:32:39.0256 0x16c8  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
18:32:39.0256 0x16c8  ahcache - ok
18:32:39.0256 0x16c8  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
18:32:39.0256 0x16c8  ALG - ok
18:32:39.0271 0x16c8  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
18:32:39.0271 0x16c8  AmdK8 - ok
18:32:39.0271 0x16c8  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
18:32:39.0271 0x16c8  AmdPPM - ok
18:32:39.0287 0x16c8  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
18:32:39.0287 0x16c8  amdsata - ok
18:32:39.0302 0x16c8  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
18:32:39.0307 0x16c8  amdsbs - ok
18:32:39.0311 0x16c8  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
18:32:39.0311 0x16c8  amdxata - ok
18:32:39.0319 0x16c8  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
18:32:39.0319 0x16c8  AppID - ok
18:32:39.0323 0x16c8  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
18:32:39.0327 0x16c8  AppIDSvc - ok
18:32:39.0327 0x16c8  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
18:32:39.0327 0x16c8  Appinfo - ok
18:32:39.0343 0x16c8  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
18:32:39.0358 0x16c8  AppReadiness - ok
18:32:39.0390 0x16c8  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
18:32:39.0405 0x16c8  AppXSvc - ok
18:32:39.0421 0x16c8  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
18:32:39.0421 0x16c8  arcsas - ok
18:32:39.0421 0x16c8  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
18:32:39.0421 0x16c8  atapi - ok
18:32:39.0436 0x16c8  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
18:32:39.0436 0x16c8  AudioEndpointBuilder - ok
18:32:39.0452 0x16c8  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
18:32:39.0468 0x16c8  Audiosrv - ok
18:32:39.0499 0x16c8  [ 70502DE460D4AE53D0BC76C3B0B98BCE, 0A4E7B1B0673B1459847DCF3EAD11154C01B613A82BC37CB75BD6B0E46020F93 ] AVControlCenter C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
18:32:39.0499 0x16c8  AVControlCenter - ok
18:32:39.0515 0x16c8  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
18:32:39.0515 0x16c8  AxInstSV - ok
18:32:39.0530 0x16c8  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
18:32:39.0530 0x16c8  b06bdrv - ok
18:32:39.0546 0x16c8  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
18:32:39.0546 0x16c8  BasicDisplay - ok
18:32:39.0546 0x16c8  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
18:32:39.0546 0x16c8  BasicRender - ok
18:32:39.0561 0x16c8  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
18:32:39.0561 0x16c8  bcmfn2 - ok
18:32:39.0577 0x16c8  [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
18:32:39.0577 0x16c8  BDESVC - ok
18:32:39.0577 0x16c8  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:32:39.0577 0x16c8  Beep - ok
18:32:39.0608 0x16c8  [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE             C:\WINDOWS\System32\bfe.dll
18:32:39.0624 0x16c8  BFE - ok
18:32:39.0671 0x16c8  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
18:32:39.0702 0x16c8  BITS - ok
18:32:39.0749 0x16c8  [ FEFF60CA0FBC86A043495FA79581CEA9, E8C4762AB9168C59DE6BABF6CEF5D02918D79F255FA86E7EA4324384C91733D0 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:32:39.0780 0x16c8  Bluetooth Device Monitor - ok
18:32:39.0811 0x16c8  [ 075D93A7094E1BCBDE3A2D8EBA803745, 9E141EB26358D5B526D30A224DBF4EBE00EFAA19A78A22881AAF5E51C20DBED6 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:32:39.0858 0x16c8  Bluetooth OBEX Service - ok
18:32:39.0858 0x16c8  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
18:32:39.0874 0x16c8  bowser - ok
18:32:39.0874 0x16c8  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
18:32:39.0874 0x16c8  BrokerInfrastructure - ok
18:32:39.0890 0x16c8  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
18:32:39.0890 0x16c8  Browser - ok
18:32:39.0890 0x16c8  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
18:32:39.0890 0x16c8  BthAvrcpTg - ok
18:32:39.0905 0x16c8  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
18:32:39.0905 0x16c8  BthEnum - ok
18:32:39.0905 0x16c8  [ 67343511D80BF3D6D9EEDB5BA8D0B06B, 28436B2E62762686C4FF4FA3F9E7ABB56DA9D6884B6C924ACC544161400593DD ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
18:32:39.0905 0x16c8  BthHFEnum - ok
18:32:39.0921 0x16c8  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
18:32:39.0921 0x16c8  bthhfhid - ok
18:32:39.0936 0x16c8  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
18:32:39.0936 0x16c8  BthHFSrv - ok
18:32:39.0952 0x16c8  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
18:32:39.0952 0x16c8  BthLEEnum - ok
18:32:39.0952 0x16c8  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
18:32:39.0952 0x16c8  BTHMODEM - ok
18:32:39.0968 0x16c8  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
18:32:39.0968 0x16c8  BthPan - ok
18:32:39.0999 0x16c8  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
18:32:40.0030 0x16c8  BTHPORT - ok
18:32:40.0030 0x16c8  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
18:32:40.0030 0x16c8  bthserv - ok
18:32:40.0046 0x16c8  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
18:32:40.0046 0x16c8  BTHUSB - ok
18:32:40.0046 0x16c8  [ 4E10213D463B3AC9D003980398A16F01, F04CC0693006E5A8336A358F1E31C239EB3CED5D4487CD1F95F75C43A6BAFEC4 ] btmaux          C:\WINDOWS\system32\DRIVERS\btmaux.sys
18:32:40.0046 0x16c8  btmaux - ok
18:32:40.0093 0x16c8  [ FF0F9DC5EE4BB8F5F94654A8E9F7F911, 787E87B358A2AAA69FBB22475BC7EDA30E9B207F1E77F123914266D07D918300 ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
18:32:40.0108 0x16c8  btmhsf - ok
18:32:40.0124 0x16c8  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
18:32:40.0124 0x16c8  cdfs - ok
18:32:40.0124 0x16c8  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
18:32:40.0124 0x16c8  cdrom - ok
18:32:40.0140 0x16c8  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
18:32:40.0140 0x16c8  CertPropSvc - ok
18:32:40.0155 0x16c8  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
18:32:40.0155 0x16c8  circlass - ok
18:32:40.0155 0x16c8  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
18:32:40.0171 0x16c8  CLFS - ok
18:32:40.0171 0x16c8  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
18:32:40.0171 0x16c8  CmBatt - ok
18:32:40.0186 0x16c8  [ C9ACE28CDCD5FF473033A01AA510A184, 8A423D613894EB531C48025A11F1ABB923AFB38070E0A24A8D71909B217CE406 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
18:32:40.0202 0x16c8  CNG - ok
18:32:40.0249 0x16c8  [ E49404E4B6F590F08F95E5EF02AEA916, 143038B699B0C0D456F64776079939074034F60C1F5432BE047599BB5231A70B ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys
18:32:40.0265 0x16c8  CnxtHdAudService - ok
18:32:40.0280 0x16c8  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
18:32:40.0280 0x16c8  CompositeBus - ok
18:32:40.0280 0x16c8  COMSysApp - ok
18:32:40.0280 0x16c8  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
18:32:40.0280 0x16c8  condrv - ok
18:32:40.0311 0x16c8  [ F8A54F25F3CA93B52A77B653F7C67399, 6C59EFB6D4F6FD291456FB2A2999FBCDD0699F573AC2135B7DAADB58F2C8B926 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
18:32:40.0311 0x16c8  cphs - ok
18:32:40.0327 0x16c8  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
18:32:40.0327 0x16c8  CryptSvc - ok
18:32:40.0327 0x16c8  [ 4E6337DE03F36BCE168110E6B59F6A5B, 2DB940EBBA971B3801E273B80D8CBD975040A8B87908E7E0733E4DBB0EFC2611 ] CxAudMsg        C:\windows\system32\CxAudMsg64.exe
18:32:40.0343 0x16c8  CxAudMsg - ok
18:32:40.0343 0x16c8  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
18:32:40.0343 0x16c8  dam - ok
18:32:40.0358 0x16c8  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:32:40.0374 0x16c8  DcomLaunch - ok
18:32:40.0390 0x16c8  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
18:32:40.0405 0x16c8  defragsvc - ok
18:32:40.0421 0x16c8  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
18:32:40.0421 0x16c8  DeviceAssociationService - ok
18:32:40.0436 0x16c8  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
18:32:40.0436 0x16c8  DeviceInstall - ok
18:32:40.0436 0x16c8  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
18:32:40.0436 0x16c8  Dfsc - ok
18:32:40.0452 0x16c8  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
18:32:40.0468 0x16c8  Dhcp - ok
18:32:40.0468 0x16c8  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
18:32:40.0468 0x16c8  disk - ok
18:32:40.0890 0x16c8  [ 1735BEA87925630B6E8F3A72B8FC7758, 289EB84C1A07E187AB1A2A94ECF2C8A13DD0140944FE1E81DF1D5F4D34155EA7 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
18:32:41.0046 0x16c8  DisplayLinkService - ok
18:32:41.0061 0x16c8  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
18:32:41.0061 0x16c8  dmvsc - ok
18:32:41.0061 0x16c8  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:32:41.0077 0x16c8  Dnscache - ok
18:32:41.0077 0x16c8  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:32:41.0093 0x16c8  dot3svc - ok
18:32:41.0093 0x16c8  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
18:32:41.0093 0x16c8  DPS - ok
18:32:41.0108 0x16c8  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:32:41.0108 0x16c8  drmkaud - ok
18:32:41.0108 0x16c8  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
18:32:41.0124 0x16c8  DsmSvc - ok
18:32:41.0155 0x16c8  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
18:32:41.0202 0x16c8  DXGKrnl - ok
18:32:41.0233 0x16c8  [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress      C:\WINDOWS\system32\DRIVERS\e1i63x64.sys
18:32:41.0249 0x16c8  e1iexpress - ok
18:32:41.0265 0x16c8  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
18:32:41.0265 0x16c8  Eaphost - ok
18:32:41.0368 0x16c8  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
18:32:41.0430 0x16c8  ebdrv - ok
18:32:41.0430 0x16c8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
18:32:41.0430 0x16c8  EFS - ok
18:32:41.0446 0x16c8  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
18:32:41.0446 0x16c8  EhStorClass - ok
18:32:41.0446 0x16c8  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
18:32:41.0446 0x16c8  EhStorTcgDrv - ok
18:32:41.0461 0x16c8  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
18:32:41.0461 0x16c8  ErrDev - ok
18:32:41.0477 0x16c8  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
18:32:41.0477 0x16c8  EventSystem - ok
18:32:41.0508 0x16c8  [ 7876CB89775B67347797E04775B2FAF9, F62D2778F7399B04E3A0DDE2E87428AB92D9FA63FBDF943709BC38A94F0015E6 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:32:41.0524 0x16c8  EvtEng - ok
18:32:41.0539 0x16c8  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
18:32:41.0539 0x16c8  exfat - ok
18:32:41.0555 0x16c8  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
18:32:41.0555 0x16c8  fastfat - ok
18:32:41.0586 0x16c8  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
18:32:41.0602 0x16c8  Fax - ok
18:32:41.0602 0x16c8  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
18:32:41.0602 0x16c8  fdc - ok
18:32:41.0618 0x16c8  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
18:32:41.0618 0x16c8  fdPHost - ok
18:32:41.0618 0x16c8  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
18:32:41.0618 0x16c8  FDResPub - ok
18:32:41.0633 0x16c8  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
18:32:41.0633 0x16c8  fhsvc - ok
18:32:41.0633 0x16c8  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
18:32:41.0633 0x16c8  FileInfo - ok
18:32:41.0649 0x16c8  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
18:32:41.0649 0x16c8  Filetrace - ok
18:32:41.0649 0x16c8  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
18:32:41.0649 0x16c8  flpydisk - ok
18:32:41.0664 0x16c8  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
18:32:41.0664 0x16c8  FltMgr - ok
18:32:41.0696 0x16c8  [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache       C:\WINDOWS\system32\FntCache.dll
18:32:41.0727 0x16c8  FontCache - ok
18:32:41.0727 0x16c8  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:32:41.0727 0x16c8  FontCache3.0.0.0 - ok
18:32:41.0743 0x16c8  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
18:32:41.0743 0x16c8  FsDepends - ok
18:32:41.0743 0x16c8  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:32:41.0743 0x16c8  Fs_Rec - ok
18:32:41.0758 0x16c8  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
18:32:41.0774 0x16c8  fvevol - ok
18:32:41.0774 0x16c8  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
18:32:41.0774 0x16c8  FxPPM - ok
18:32:41.0789 0x16c8  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
18:32:41.0789 0x16c8  gagp30kx - ok
18:32:41.0789 0x16c8  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
18:32:41.0789 0x16c8  gencounter - ok
18:32:41.0789 0x16c8  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
18:32:41.0805 0x16c8  GPIOClx0101 - ok
18:32:41.0836 0x16c8  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
18:32:41.0852 0x16c8  gpsvc - ok
18:32:41.0868 0x16c8  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:32:41.0868 0x16c8  gupdate - ok
18:32:41.0868 0x16c8  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:32:41.0868 0x16c8  gupdatem - ok
18:32:41.0883 0x16c8  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
18:32:41.0899 0x16c8  HdAudAddService - ok
18:32:41.0899 0x16c8  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
18:32:41.0899 0x16c8  HDAudBus - ok
18:32:41.0914 0x16c8  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
18:32:41.0914 0x16c8  HidBatt - ok
18:32:41.0914 0x16c8  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
18:32:41.0914 0x16c8  HidBth - ok
18:32:41.0930 0x16c8  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
18:32:41.0930 0x16c8  hidi2c - ok
18:32:41.0930 0x16c8  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
18:32:41.0930 0x16c8  HidIr - ok
18:32:41.0930 0x16c8  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
18:32:41.0930 0x16c8  hidserv - ok
18:32:41.0946 0x16c8  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
18:32:41.0946 0x16c8  HidUsb - ok
18:32:41.0946 0x16c8  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
18:32:41.0946 0x16c8  hkmsvc - ok
18:32:41.0961 0x16c8  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
18:32:41.0961 0x16c8  HomeGroupListener - ok
18:32:41.0977 0x16c8  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
18:32:41.0993 0x16c8  HomeGroupProvider - ok
18:32:41.0993 0x16c8  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
18:32:41.0993 0x16c8  HpSAMD - ok
18:32:42.0024 0x16c8  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
18:32:42.0039 0x16c8  HTTP - ok
18:32:42.0039 0x16c8  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
18:32:42.0039 0x16c8  hwpolicy - ok
18:32:42.0055 0x16c8  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
18:32:42.0055 0x16c8  hyperkbd - ok
18:32:42.0055 0x16c8  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
18:32:42.0055 0x16c8  HyperVideo - ok
18:32:42.0055 0x16c8  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
18:32:42.0055 0x16c8  i8042prt - ok
18:32:42.0071 0x16c8  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
18:32:42.0071 0x16c8  iaLPSSi_GPIO - ok
18:32:42.0071 0x16c8  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
18:32:42.0071 0x16c8  iaLPSSi_I2C - ok
18:32:42.0102 0x16c8  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
18:32:42.0102 0x16c8  iaStorA - ok
18:32:42.0133 0x16c8  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
18:32:42.0133 0x16c8  iaStorAV - ok
18:32:42.0164 0x16c8  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
18:32:42.0180 0x16c8  iaStorV - ok
18:32:42.0180 0x16c8  [ 6C7FE2FD06EF34A7972E34C876FC78DF, B545A10DEEF59B8145D3D20361DA7F1C0FD27B6273B126B500594D6456C3FC06 ] IBMPMDRV        C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
18:32:42.0196 0x16c8  IBMPMDRV - ok
18:32:42.0196 0x16c8  [ 5A1E3B4BA187327DF5FF122F96FA753A, AED93AA268F75D46752FCE5189392EE41225DA45F7D67C73B77629C8227E5084 ] IBMPMSVC        C:\WINDOWS\system32\ibmpmsvc.exe
18:32:42.0196 0x16c8  IBMPMSVC - ok
18:32:42.0211 0x16c8  [ 29CDC2B6023431560B6035A79799E416, 1E4BB83A91BEA2C2576021E93797D2DE7B3620E614C349874802F14716BE0679 ] ibtusb          C:\WINDOWS\system32\DRIVERS\ibtusb.sys
18:32:42.0227 0x16c8  ibtusb - ok
18:32:42.0227 0x16c8  IEEtwCollectorService - ok
18:32:42.0368 0x16c8  [ 4F6363C26B4A3DDBC9FAFCBA68602B01, 0920551F9312D967AAA68003BD8C4A312AA8F1E8B826DDE8BF59B9B639AB5F3B ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
18:32:42.0430 0x16c8  igfx - ok
18:32:42.0461 0x16c8  [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
18:32:42.0493 0x16c8  IKEEXT - ok
18:32:42.0508 0x16c8  [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
18:32:42.0508 0x16c8  intaud_WaveExtensible - ok
18:32:42.0524 0x16c8  [ EC80E6B9E27DC3E22ED5B2E0E75A39C0, 8EEC89F88AE79DA256BB651983397773F6B25139006C8A7C8F77960F47774CF5 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
18:32:42.0539 0x16c8  IntcDAud - ok
18:32:42.0586 0x16c8  [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:32:42.0602 0x16c8  Intel(R) Capability Licensing Service Interface - ok
18:32:42.0633 0x16c8  [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
18:32:42.0649 0x16c8  Intel(R) Capability Licensing Service TCP IP Interface - ok
18:32:42.0649 0x16c8  [ E3F57FEBB3498C7AB35704365927A073, CE36DBEF13367DC5397FD3B8AA2AB900ECBBAB8A0F48EE17230616712DD7D4B1 ] IntelHSWPcc     C:\WINDOWS\system32\drivers\IntelPcc.sys
18:32:42.0649 0x16c8  IntelHSWPcc - ok
18:32:42.0664 0x16c8  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
18:32:42.0664 0x16c8  intelide - ok
18:32:42.0664 0x16c8  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
18:32:42.0664 0x16c8  intelpep - ok
18:32:42.0664 0x16c8  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
18:32:42.0680 0x16c8  intelppm - ok
18:32:42.0680 0x16c8  [ E832B0C776EE8EB0EDEE3B746A5DDBAA, 673FDF479558CD81BB9389B3C7C3B0009F1160F678F344A569B2D96851FE56CC ] intelsba        C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
18:32:42.0680 0x16c8  intelsba - ok
18:32:42.0696 0x16c8  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:32:42.0696 0x16c8  IpFilterDriver - ok
18:32:42.0711 0x16c8  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
18:32:42.0727 0x16c8  iphlpsvc - ok
18:32:42.0743 0x16c8  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
18:32:42.0743 0x16c8  IPMIDRV - ok
18:32:42.0743 0x16c8  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
18:32:42.0743 0x16c8  IPNAT - ok
18:32:42.0758 0x16c8  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
18:32:42.0758 0x16c8  IRENUM - ok
18:32:42.0758 0x16c8  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
18:32:42.0758 0x16c8  isapnp - ok
18:32:42.0774 0x16c8  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
18:32:42.0774 0x16c8  iScsiPrt - ok
18:32:42.0789 0x16c8  [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
18:32:42.0789 0x16c8  iwdbus - ok
18:32:42.0789 0x16c8  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:32:42.0789 0x16c8  jhi_service - ok
18:32:42.0805 0x16c8  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
18:32:42.0805 0x16c8  kbdclass - ok
18:32:42.0805 0x16c8  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
18:32:42.0805 0x16c8  kbdhid - ok
18:32:42.0821 0x16c8  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
18:32:42.0821 0x16c8  kdnic - ok
18:32:42.0821 0x16c8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
18:32:42.0821 0x16c8  KeyIso - ok
18:32:42.0821 0x16c8  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
18:32:42.0821 0x16c8  KSecDD - ok
18:32:42.0836 0x16c8  [ A950AB512ED2BD847789FAAD3E967AFA, 005340965B30C5A14E4E081E2CDF7214D2C00BAF05C62DA9ED63EA3026E70C8A ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
18:32:42.0836 0x16c8  KSecPkg - ok
18:32:42.0836 0x16c8  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
18:32:42.0836 0x16c8  ksthunk - ok
18:32:42.0852 0x16c8  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
18:32:42.0868 0x16c8  KtmRm - ok
18:32:42.0868 0x16c8  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
18:32:42.0883 0x16c8  LanmanServer - ok
18:32:42.0883 0x16c8  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
18:32:42.0899 0x16c8  LanmanWorkstation - ok
18:32:42.0914 0x16c8  [ DA297A7BAB4E3889CFF60C02AE7BFB5D, 9E533D6FE2C9777A298F1E09C6E74F4135CC32D406382655EA9C0B7B2C533F3E ] Lenovo EasyPlus Hotspot C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
18:32:42.0930 0x16c8  Lenovo EasyPlus Hotspot - ok
18:32:42.0993 0x16c8  [ F1E4002541DC3FF409CFF8DA653E3504, C82B3146EB2E3F6CC590AFA9935A557261A6C9DBBC8F562FD0E037DDCB6167A3 ] Lenovo Settings Service C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
18:32:43.0024 0x16c8  Lenovo Settings Service - ok
18:32:43.0055 0x16c8  [ 4DC782F7AE5774BA202DB1193D44D09F, 117F4155323F4B6562A4B662BF119D4E216FF12874C4B55EDE2A49CD125B9B58 ] Lenovo System Agent Service C:\Program Files\Lenovo\iMController\SystemAgentService.exe
18:32:43.0071 0x16c8  Lenovo System Agent Service - ok
18:32:43.0086 0x16c8  [ AB678C691773820CD73AEAFAF5A21AD8, E099D424D79C759A4AF64B60D88906153165AC7E01461EB48FEC0B8559776B00 ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\cammute.exe
18:32:43.0086 0x16c8  LENOVO.CAMMUTE - ok
18:32:43.0102 0x16c8  [ BC381F006A302D01D20B0B5768AE3A94, 5DCBC9F6992C62D11001EF0340CA7813BD5AA84B74C990AC6889B81DBC8B9DBA ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
18:32:43.0102 0x16c8  LENOVO.MICMUTE - ok
18:32:43.0118 0x16c8  [ 5A89EDA6545ADCB5767EB49AF0728A00, 15F28A58F1D4A013BA3763BE2578A1D22B44E664111E974F8D761ED6F15BDD32 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
18:32:43.0133 0x16c8  LENOVO.TPKNRSVC - ok
18:32:43.0149 0x16c8  [ 4E9E21789513A45FD51C7316528F4775, ADAA91DA2FBA0816A225499FD41A0A9DD92EB52EDA1C56D0A659B96F50102BAA ] LENOVO.TVTVCAM  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
18:32:43.0149 0x16c8  LENOVO.TVTVCAM - ok
18:32:43.0164 0x16c8  [ EE982F13F0957AB40992DDBC47164A76, C75AA052A8B2E5A1CBA06C32D855B74C576F2E349B8D1A4570F7E991933FEE6A ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
18:32:43.0164 0x16c8  Lenovo.VIRTSCRLSVC - ok
18:32:43.0180 0x16c8  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
18:32:43.0180 0x16c8  lfsvc - ok
18:32:43.0196 0x16c8  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
18:32:43.0196 0x16c8  lltdio - ok
18:32:43.0211 0x16c8  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
18:32:43.0211 0x16c8  lltdsvc - ok
18:32:43.0211 0x16c8  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
18:32:43.0211 0x16c8  lmhosts - ok
18:32:43.0227 0x16c8  [ 08E2B577DB95156F9A658C988EE71F5D, D229FFD97EE9478169D2418A722FD2AD6AD10108FF1B0156BE9A1ADF38B5633A ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:32:43.0243 0x16c8  LMS - ok
18:32:43.0243 0x16c8  [ 2EA350C5DA798ED5CB3F659A2844E5EF, 597FCE81D1A33C142D0C61E114955E1192C921DBFA8F26C807E91D577E6D4470 ] lnvDiscoveryWinSvc C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
18:32:43.0243 0x16c8  lnvDiscoveryWinSvc - ok
18:32:43.0243 0x16c8  [ FCF77211FAE72F3CB020A2CF51047114, FE93CD029A38B0177A3469C32774649146D18CA670C744F5A9C7B002FAC722A7 ] LnvHIDHW        C:\WINDOWS\System32\drivers\LnvHIDHW.sys
18:32:43.0243 0x16c8  LnvHIDHW - ok
18:32:43.0258 0x16c8  [ D415BA9B73E9B2270320FE53563CA5D8, D22888D548ED05C34463255EB381E223D3AF2D425CFFB0B8847C7B338A8925C9 ] LnvHotSpotSvc   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
18:32:43.0274 0x16c8  LnvHotSpotSvc - ok
18:32:43.0289 0x16c8  [ 2C756AFCEA605EED6731589F34EF2D84, F92A3071FF989DF0A7ECE96410E72F8180DE646E38A94582517F8E59D289F419 ] LocationTaskManager C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
18:32:43.0289 0x16c8  LocationTaskManager - ok
18:32:43.0305 0x16c8  [ 37DFBF0D4E4657C6AD1200A3A1C6DDF1, 6F45469D7E8803419774DBD3A05187574B15358545C8781BE3314F475C56061A ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
18:32:43.0305 0x16c8  LSCWinService - ok
18:32:43.0321 0x16c8  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
18:32:43.0321 0x16c8  LSI_SAS - ok
18:32:43.0321 0x16c8  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
18:32:43.0321 0x16c8  LSI_SAS2 - ok
18:32:43.0336 0x16c8  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
18:32:43.0336 0x16c8  LSI_SAS3 - ok
18:32:43.0336 0x16c8  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
18:32:43.0336 0x16c8  LSI_SSS - ok
18:32:43.0368 0x16c8  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
18:32:43.0383 0x16c8  LSM - ok
18:32:43.0383 0x16c8  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
18:32:43.0383 0x16c8  luafv - ok
18:32:43.0399 0x16c8  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
18:32:43.0399 0x16c8  MBAMProtector - ok
18:32:43.0430 0x16c8  [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
18:32:43.0461 0x16c8  MBAMScheduler - ok
18:32:43.0508 0x16c8  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
18:32:43.0555 0x16c8  MBAMService - ok
18:32:43.0571 0x16c8  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
18:32:43.0571 0x16c8  MBAMSwissArmy - ok
18:32:43.0586 0x16c8  [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
18:32:43.0586 0x16c8  MBAMWebAccessControl - ok
18:32:43.0602 0x16c8  [ 9F09E022819AE3D5E06E3864B0C36821, DDE841E662FC2954FBBF1E3189E25D4C8F41001B3D9A6FBE35BC1999C629B7D2 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe
18:32:43.0602 0x16c8  McComponentHostService - ok
18:32:43.0602 0x16c8  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
18:32:43.0618 0x16c8  megasas - ok
18:32:43.0633 0x16c8  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
18:32:43.0649 0x16c8  megasr - ok
18:32:43.0649 0x16c8  [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64          C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
18:32:43.0665 0x16c8  MEIx64 - ok
18:32:43.0665 0x16c8  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
18:32:43.0665 0x16c8  MMCSS - ok
18:32:43.0680 0x16c8  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
18:32:43.0680 0x16c8  Modem - ok
18:32:43.0680 0x16c8  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
18:32:43.0680 0x16c8  monitor - ok
18:32:43.0696 0x16c8  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
18:32:43.0696 0x16c8  mouclass - ok
18:32:43.0696 0x16c8  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
18:32:43.0711 0x16c8  mouhid - ok
18:32:43.0711 0x16c8  [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
18:32:43.0711 0x16c8  mountmgr - ok
18:32:43.0727 0x16c8  [ 3357B0E793C8C1C22B4FCD3AF7085B10, 9759DA552486D2A3EC974CDED7B226CCAB27549A5D46015912A41A7C571829E0 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:32:43.0727 0x16c8  MozillaMaintenance - ok
18:32:43.0743 0x16c8  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
18:32:43.0743 0x16c8  mpsdrv - ok
18:32:43.0774 0x16c8  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
18:32:43.0789 0x16c8  MpsSvc - ok
18:32:43.0805 0x16c8  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
18:32:43.0805 0x16c8  MRxDAV - ok
18:32:43.0821 0x16c8  [ 767087A3646D01EBA4E8DDD903920BD0, 2BFB9018DBAD5805796B4F8B7E7E8094240A06657AC50C4D9287B25F49D27426 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:32:43.0836 0x16c8  mrxsmb - ok
18:32:43.0852 0x16c8  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
18:32:43.0852 0x16c8  mrxsmb10 - ok
18:32:43.0868 0x16c8  [ D5EB16B7A8FBD925E5A4F27A653E38C9, B7AADCB7F67D6D3933EB8075DC7D8A48F35D704FE8123C2D447677347DC06379 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
18:32:43.0868 0x16c8  mrxsmb20 - ok
18:32:43.0883 0x16c8  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
18:32:43.0883 0x16c8  MsBridge - ok
18:32:43.0899 0x16c8  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
18:32:43.0899 0x16c8  MSDTC - ok
18:32:43.0915 0x16c8  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:32:43.0915 0x16c8  Msfs - ok
18:32:43.0915 0x16c8  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
18:32:43.0915 0x16c8  msgpiowin32 - ok
18:32:43.0930 0x16c8  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
18:32:43.0930 0x16c8  mshidkmdf - ok
18:32:43.0930 0x16c8  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
18:32:43.0930 0x16c8  mshidumdf - ok
18:32:43.0946 0x16c8  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
18:32:43.0946 0x16c8  msisadrv - ok
18:32:43.0946 0x16c8  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
18:32:43.0961 0x16c8  MSiSCSI - ok
18:32:43.0961 0x16c8  msiserver - ok
18:32:43.0961 0x16c8  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:32:43.0961 0x16c8  MSKSSRV - ok
18:32:43.0977 0x16c8  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
18:32:43.0977 0x16c8  MsLldp - ok
18:32:43.0993 0x16c8  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:32:43.0993 0x16c8  MSPCLOCK - ok
18:32:43.0993 0x16c8  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:32:43.0993 0x16c8  MSPQM - ok
18:32:44.0008 0x16c8  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
18:32:44.0024 0x16c8  MsRPC - ok
18:32:44.0024 0x16c8  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
18:32:44.0024 0x16c8  mssmbios - ok
18:32:44.0040 0x16c8  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
18:32:44.0040 0x16c8  MSTEE - ok
18:32:44.0040 0x16c8  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
18:32:44.0040 0x16c8  MTConfig - ok
18:32:44.0055 0x16c8  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
18:32:44.0055 0x16c8  Mup - ok
18:32:44.0055 0x16c8  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
18:32:44.0055 0x16c8  mvumis - ok
18:32:44.0071 0x16c8  [ 35739E6A0C67147A9B75226946CDC903, C9DE77D6812C778F601F52E87ECDD228E52EA691AB9CEAD388998A7B5AFC3B89 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:32:44.0086 0x16c8  MyWiFiDHCPDNS - ok
18:32:44.0102 0x16c8  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
18:32:44.0118 0x16c8  napagent - ok
18:32:44.0133 0x16c8  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
18:32:44.0149 0x16c8  NativeWifiP - ok
18:32:44.0149 0x16c8  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
18:32:44.0149 0x16c8  NcaSvc - ok
18:32:44.0164 0x16c8  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
18:32:44.0164 0x16c8  NcbService - ok
18:32:44.0164 0x16c8  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
18:32:44.0180 0x16c8  NcdAutoSetup - ok
18:32:44.0196 0x16c8  [ 21FE65E2E67C4E31EE95CBD1F91C4B24, 6558F2BC10E6B09F7EE5264722FCF572B861EDB60A1433B58A4F4625EC0ABF63 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
18:32:44.0227 0x16c8  NDIS - ok
18:32:44.0227 0x16c8  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
18:32:44.0227 0x16c8  NdisCap - ok
18:32:44.0227 0x16c8  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
18:32:44.0243 0x16c8  NdisImPlatform - ok
18:32:44.0243 0x16c8  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:32:44.0243 0x16c8  NdisTapi - ok
18:32:44.0243 0x16c8  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:32:44.0243 0x16c8  Ndisuio - ok
18:32:44.0258 0x16c8  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
18:32:44.0258 0x16c8  NdisVirtualBus - ok
18:32:44.0258 0x16c8  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:32:44.0274 0x16c8  NdisWan - ok
18:32:44.0274 0x16c8  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:32:44.0274 0x16c8  NdisWanLegacy - ok
18:32:44.0290 0x16c8  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:32:44.0290 0x16c8  NDProxy - ok
18:32:44.0290 0x16c8  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
18:32:44.0290 0x16c8  Ndu - ok
18:32:44.0305 0x16c8  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:32:44.0305 0x16c8  NetBIOS - ok
18:32:44.0321 0x16c8  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:32:44.0321 0x16c8  NetBT - ok
18:32:44.0321 0x16c8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:32:44.0321 0x16c8  Netlogon - ok
18:32:44.0336 0x16c8  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
18:32:44.0336 0x16c8  Netman - ok
18:32:44.0352 0x16c8  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
18:32:44.0368 0x16c8  netprofm - ok
18:32:44.0383 0x16c8  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:32:44.0383 0x16c8  NetTcpPortSharing - ok
18:32:44.0383 0x16c8  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
18:32:44.0383 0x16c8  netvsc - ok
18:32:44.0493 0x16c8  [ 4014BEEE2399CB8D63AA5E8A50AA47E5, 12B1A104F2618CA4E8FD0169C2192318B1DC6ABE386139778D08FE7EBFFD49D0 ] NETwNb64        C:\WINDOWS\system32\DRIVERS\Netwbw02.sys
18:32:44.0540 0x16c8  NETwNb64 - ok
18:32:44.0680 0x16c8  [ B636B4A8E59A73033B766EA7FD7C3B81, CAC8614DEE83623DE56C969C668A33366793779084B6A23F59ADC98392115F8C ] NETwNe64        C:\WINDOWS\system32\DRIVERS\NETwew02.sys
18:32:44.0758 0x16c8  NETwNe64 - ok
18:32:44.0774 0x16c8  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
18:32:44.0790 0x16c8  NlaSvc - ok
18:32:44.0790 0x16c8  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:32:44.0790 0x16c8  Npfs - ok
18:32:44.0805 0x16c8  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
18:32:44.0805 0x16c8  npsvctrig - ok
18:32:44.0805 0x16c8  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
18:32:44.0805 0x16c8  nsi - ok
18:32:44.0805 0x16c8  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
18:32:44.0821 0x16c8  nsiproxy - ok
18:32:44.0868 0x16c8  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:32:44.0915 0x16c8  Ntfs - ok
18:32:44.0915 0x16c8  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:32:44.0915 0x16c8  Null - ok
18:32:44.0915 0x16c8  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
18:32:44.0930 0x16c8  nvraid - ok
18:32:44.0930 0x16c8  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
18:32:44.0930 0x16c8  nvstor - ok
18:32:44.0946 0x16c8  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
18:32:44.0946 0x16c8  nv_agp - ok
18:32:44.0961 0x16c8  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
18:32:44.0961 0x16c8  p2pimsvc - ok
18:32:44.0977 0x16c8  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
18:32:44.0993 0x16c8  p2psvc - ok
18:32:44.0993 0x16c8  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
18:32:44.0993 0x16c8  Parport - ok
18:32:45.0008 0x16c8  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
18:32:45.0008 0x16c8  partmgr - ok
18:32:45.0024 0x16c8  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
18:32:45.0024 0x16c8  PcaSvc - ok
18:32:45.0040 0x16c8  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
18:32:45.0055 0x16c8  pci - ok
18:32:45.0055 0x16c8  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
18:32:45.0055 0x16c8  pciide - ok
18:32:45.0055 0x16c8  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
18:32:45.0071 0x16c8  pcmcia - ok
18:32:45.0071 0x16c8  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
18:32:45.0071 0x16c8  pcw - ok
18:32:45.0112 0x16c8  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
18:32:45.0120 0x16c8  pdc - ok
18:32:45.0144 0x16c8  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
18:32:45.0156 0x16c8  PEAUTH - ok
18:32:45.0180 0x16c8  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
18:32:45.0184 0x16c8  PerfHost - ok
18:32:45.0216 0x16c8  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
18:32:45.0247 0x16c8  pla - ok
18:32:45.0247 0x16c8  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
18:32:45.0247 0x16c8  PlugPlay - ok
18:32:45.0263 0x16c8  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
18:32:45.0263 0x16c8  PNRPAutoReg - ok
18:32:45.0278 0x16c8  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
18:32:45.0278 0x16c8  PNRPsvc - ok
18:32:45.0294 0x16c8  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
18:32:45.0294 0x16c8  PolicyAgent - ok
18:32:45.0310 0x16c8  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
18:32:45.0310 0x16c8  Power - ok
18:32:45.0356 0x16c8  [ FA9A5B84900443A1309FE62F92C8A228, B915EFC84CF3A16D4EB6CB246AB6819303D871630F3E61416D4CACDF6BBA6487 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
18:32:45.0419 0x16c8  Power Manager DBC Service - ok
18:32:45.0528 0x16c8  [ 346F352E17EA5793C726D3F6582BA855, 5CD830CDCC73335EDC58D26D1BC8B8830DA885CA6D1E21BB7EE763354B5C35EA ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:32:45.0606 0x16c8  PrintNotify - ok
18:32:45.0622 0x16c8  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
18:32:45.0622 0x16c8  Processor - ok
18:32:45.0638 0x16c8  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
18:32:45.0638 0x16c8  ProfSvc - ok
18:32:45.0663 0x16c8  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
18:32:45.0667 0x16c8  Psched - ok
18:32:45.0667 0x16c8  [ EBBDF8AB6882BC042F6E66D8149AA2BD, 7803E430AEF984AE5D6C665C911B319F3EDCD40768BC69C4BD2D75999FA2BA03 ] QuickControlMasterSvc C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe
18:32:45.0667 0x16c8  QuickControlMasterSvc - ok
18:32:45.0682 0x16c8  [ 6ED75B3AEEC64F8111BAB55E2D922352, C3A8588EFC57EEDE9C2D2FED9965F067AE1F152D70E02C17C2DA743200D1DFE8 ] QuickControlService C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
18:32:45.0682 0x16c8  QuickControlService - ok
18:32:45.0698 0x16c8  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
18:32:45.0714 0x16c8  QWAVE - ok
18:32:45.0714 0x16c8  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
18:32:45.0714 0x16c8  QWAVEdrv - ok
18:32:45.0729 0x16c8  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:32:45.0729 0x16c8  RasAcd - ok
18:32:45.0729 0x16c8  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:32:45.0729 0x16c8  RasAuto - ok
18:32:45.0760 0x16c8  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:32:45.0776 0x16c8  RasMan - ok
18:32:45.0776 0x16c8  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:32:45.0776 0x16c8  RasPppoe - ok
18:32:45.0792 0x16c8  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:32:45.0792 0x16c8  rdbss - ok
18:32:45.0807 0x16c8  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
18:32:45.0807 0x16c8  rdpbus - ok
18:32:45.0807 0x16c8  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
18:32:45.0823 0x16c8  RDPDR - ok
18:32:45.0823 0x16c8  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
18:32:45.0823 0x16c8  RdpVideoMiniport - ok
18:32:45.0839 0x16c8  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
18:32:45.0839 0x16c8  rdyboost - ok
18:32:45.0870 0x16c8  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
18:32:45.0885 0x16c8  ReFS - ok
18:32:45.0885 0x16c8  [ BC49E8BDBC6C1B161FDDB350CE423366, D98C7948EE36808164766DD9934C204599275BE9FCD83515F9C0153202D38C34 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:32:45.0885 0x16c8  RegSrvc - ok
18:32:45.0901 0x16c8  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:32:45.0901 0x16c8  RemoteAccess - ok
18:32:45.0917 0x16c8  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:32:45.0917 0x16c8  RemoteRegistry - ok
18:32:45.0932 0x16c8  [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
18:32:45.0932 0x16c8  RFCOMM - ok
18:32:45.0948 0x16c8  [ FBA61BB4C484A01A655AFB18FF86C417, D53B2110CB09D0A909C4E330C468351BFE076BB056CCDDCB8ADA2FB91E96352E ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
18:32:45.0948 0x16c8  RichVideo64 - ok
18:32:45.0964 0x16c8  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
18:32:45.0964 0x16c8  RpcEptMapper - ok
18:32:45.0964 0x16c8  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:32:45.0964 0x16c8  RpcLocator - ok
18:32:45.0979 0x16c8  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
18:32:45.0995 0x16c8  RpcSs - ok
18:32:46.0010 0x16c8  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
18:32:46.0010 0x16c8  rspndr - ok
18:32:46.0026 0x16c8  [ 9F2A38C1170594CF493283CE0B987B70, 1CE15815DD54227C3C8ED4B2E4FA09EB3EB91D55379DC286AAC7A6001850CA98 ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
18:32:46.0042 0x16c8  RTL8168 - ok
18:32:46.0057 0x16c8  [ 61EF084BB097FFAB50D05EE5115F7F98, 334E691C45A473977301DB8E8D03747388D2A2D940D3BC15493476404D801645 ] RTSPER          C:\WINDOWS\system32\DRIVERS\RtsPer.sys
18:32:46.0057 0x16c8  RTSPER - ok
18:32:46.0073 0x16c8  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
18:32:46.0073 0x16c8  s3cap - ok
18:32:46.0073 0x16c8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
18:32:46.0073 0x16c8  SamSs - ok
18:32:46.0073 0x16c8  SAService - ok
18:32:46.0089 0x16c8  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
18:32:46.0089 0x16c8  sbp2port - ok
18:32:46.0089 0x16c8  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
18:32:46.0105 0x16c8  SCardSvr - ok
18:32:46.0113 0x16c8  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
18:32:46.0113 0x16c8  ScDeviceEnum - ok
18:32:46.0113 0x16c8  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
18:32:46.0113 0x16c8  scfilter - ok
18:32:46.0152 0x16c8  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:32:46.0176 0x16c8  Schedule - ok
18:32:46.0184 0x16c8  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
18:32:46.0188 0x16c8  SCPolicySvc - ok
18:32:46.0197 0x16c8  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
18:32:46.0197 0x16c8  sdbus - ok
18:32:46.0213 0x16c8  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
18:32:46.0213 0x16c8  sdstor - ok
18:32:46.0223 0x16c8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
18:32:46.0223 0x16c8  secdrv - ok
18:32:46.0227 0x16c8  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
18:32:46.0231 0x16c8  seclogon - ok
18:32:46.0235 0x16c8  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
18:32:46.0239 0x16c8  SENS - ok
18:32:46.0251 0x16c8  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
18:32:46.0255 0x16c8  SensrSvc - ok
18:32:46.0263 0x16c8  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
18:32:46.0263 0x16c8  SerCx - ok
18:32:46.0271 0x16c8  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
18:32:46.0275 0x16c8  SerCx2 - ok
18:32:46.0283 0x16c8  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
18:32:46.0283 0x16c8  Serenum - ok
18:32:46.0291 0x16c8  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
18:32:46.0291 0x16c8  Serial - ok
18:32:46.0299 0x16c8  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
18:32:46.0299 0x16c8  sermouse - ok
18:32:46.0315 0x16c8  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
18:32:46.0323 0x16c8  SessionEnv - ok
18:32:46.0327 0x16c8  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
18:32:46.0327 0x16c8  sfloppy - ok
18:32:46.0343 0x16c8  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
18:32:46.0351 0x16c8  SharedAccess - ok
18:32:46.0367 0x16c8  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:32:46.0379 0x16c8  ShellHWDetection - ok
18:32:46.0391 0x16c8  [ EF92588890C3ADEE806D6EE7E3892D99, 1B2F9A18D44B42621AE2408997657F7C6D5507980F5EC5F0DDF1876EAA42A471 ] Shockprf        C:\WINDOWS\system32\DRIVERS\Apsx64.sys
18:32:46.0391 0x16c8  Shockprf - ok
18:32:46.0399 0x16c8  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
18:32:46.0399 0x16c8  SiSRaid2 - ok
18:32:46.0407 0x16c8  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
18:32:46.0407 0x16c8  SiSRaid4 - ok
18:32:46.0415 0x16c8  [ 7C5B431BB6CD52C46295D9752C1C5A45, CBC2A342F019359629B7141ADD1A5AE3E97785D39ADD398EC60F897FABDD5554 ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
18:32:46.0415 0x16c8  SmbDrvI - ok
18:32:46.0419 0x16c8  [ 208A85CDA7CD4E09E1A5E4B4499B3E13, 39FD29781C10C371DA8A66EDDF5E3A745825F0CC8A1E159C33BC7660158048D4 ] SMIDriver       C:\WINDOWS\system32\drivers\smi.sys
18:32:46.0419 0x16c8  SMIDriver - ok
18:32:46.0427 0x16c8  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
18:32:46.0427 0x16c8  smphost - ok
18:32:46.0435 0x16c8  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
18:32:46.0435 0x16c8  SNMPTRAP - ok
18:32:46.0451 0x16c8  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
18:32:46.0459 0x16c8  spaceport - ok
18:32:46.0467 0x16c8  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
18:32:46.0467 0x16c8  SpbCx - ok
18:32:46.0487 0x16c8  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
18:32:46.0503 0x16c8  Spooler - ok
18:32:46.0651 0x16c8  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
18:32:46.0759 0x16c8  sppsvc - ok
18:32:46.0783 0x16c8  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:32:46.0791 0x16c8  srv - ok
18:32:46.0811 0x16c8  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
18:32:46.0823 0x16c8  srv2 - ok
18:32:46.0831 0x16c8  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
18:32:46.0835 0x16c8  srvnet - ok
18:32:46.0843 0x16c8  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:32:46.0851 0x16c8  SSDPSRV - ok
18:32:46.0855 0x16c8  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
18:32:46.0859 0x16c8  SstpSvc - ok
18:32:46.0867 0x16c8  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
18:32:46.0867 0x16c8  stexstor - ok
18:32:46.0879 0x16c8  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
18:32:46.0895 0x16c8  stisvc - ok
18:32:46.0895 0x16c8  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
18:32:46.0895 0x16c8  storahci - ok
18:32:46.0910 0x16c8  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
18:32:46.0910 0x16c8  storflt - ok
18:32:46.0910 0x16c8  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
18:32:46.0910 0x16c8  stornvme - ok
18:32:46.0910 0x16c8  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
18:32:46.0926 0x16c8  StorSvc - ok
18:32:46.0926 0x16c8  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
18:32:46.0926 0x16c8  storvsc - ok
18:32:46.0926 0x16c8  [ BC2CF20E9C24423FF8826C601104A4CC, E71D5070B7BA59CDC61D555FB9D8ADD178521FB186174CB522852522929D62D4 ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
18:32:46.0926 0x16c8  SUService - ok
18:32:46.0942 0x16c8  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
18:32:46.0942 0x16c8  svsvc - ok
18:32:46.0942 0x16c8  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
18:32:46.0942 0x16c8  swenum - ok
18:32:46.0957 0x16c8  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
18:32:46.0973 0x16c8  swprv - ok
18:32:46.0989 0x16c8  [ 16021E640CFA11BFA5F4D789322CFC39, E7249AFD865607502A36A6EC931AA9D04185A255B568F9401D45608305DFBF83 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:32:47.0004 0x16c8  SynTP - ok
18:32:47.0035 0x16c8  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\WINDOWS\system32\sysmain.dll
18:32:47.0067 0x16c8  SysMain - ok
18:32:47.0082 0x16c8  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
18:32:47.0098 0x16c8  SystemEventsBroker - ok
18:32:47.0113 0x16c8  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
18:32:47.0113 0x16c8  TabletInputService - ok
18:32:47.0145 0x16c8  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:32:47.0145 0x16c8  TapiSrv - ok
18:32:47.0239 0x16c8  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
18:32:47.0270 0x16c8  Tcpip - ok
18:32:47.0332 0x16c8  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:32:47.0379 0x16c8  TCPIP6 - ok
18:32:47.0395 0x16c8  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
18:32:47.0395 0x16c8  tcpipreg - ok
18:32:47.0395 0x16c8  [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
18:32:47.0395 0x16c8  tdx - ok
18:32:47.0411 0x16c8  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
18:32:47.0411 0x16c8  terminpt - ok
18:32:47.0427 0x16c8  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
18:32:47.0458 0x16c8  TermService - ok
18:32:47.0458 0x16c8  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
18:32:47.0458 0x16c8  Themes - ok
18:32:47.0458 0x16c8  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
18:32:47.0474 0x16c8  THREADORDER - ok
18:32:47.0474 0x16c8  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
18:32:47.0489 0x16c8  TimeBroker - ok
18:32:47.0493 0x16c8  [ A61D61672153DFF710CA33186D2C8B18, 8A126E249D1BEB66153A958ACD2C56F8DD8D0D762F0BB035E69FCC259C0A8757 ] TPDIGIMN        C:\WINDOWS\system32\DRIVERS\ApsHM64.sys
18:32:47.0493 0x16c8  TPDIGIMN - ok
18:32:47.0501 0x16c8  [ 40492513735AED7A4357AAEC84873027, ACBD7F5A2C90866996C7DD0B69AAF6C79AFB0546A31682D8BD9E378DE2A2375C ] TPHDEXLGSVC     C:\WINDOWS\system32\TPHDEXLG64.exe
18:32:47.0501 0x16c8  TPHDEXLGSVC - ok
18:32:47.0509 0x16c8  [ 3B4250CB21F95FFA64162389106F39BA, 2461E6D335D699F837908254FDA43C789D589FE90C9592B5B43D964CFDB43F11 ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
18:32:47.0509 0x16c8  TPHKLOAD - ok
18:32:47.0521 0x16c8  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
18:32:47.0521 0x16c8  TPM - ok
18:32:47.0521 0x16c8  [ A9EF6C7E62DC3B01C51CFB92C1596C62, 432335FDA5DF9FF8C9B86767980A07C720E7158D5362E40D3A745817D4275A07 ] TPPWRIF         C:\WINDOWS\system32\drivers\Tppwr64v.sys
18:32:47.0521 0x16c8  TPPWRIF - ok
18:32:47.0537 0x16c8  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
18:32:47.0537 0x16c8  TrkWks - ok
18:32:47.0537 0x16c8  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
18:32:47.0537 0x16c8  TrustedInstaller - ok
18:32:47.0552 0x16c8  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
18:32:47.0552 0x16c8  TsUsbFlt - ok
18:32:47.0561 0x16c8  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
18:32:47.0561 0x16c8  TsUsbGD - ok
18:32:47.0573 0x16c8  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
18:32:47.0577 0x16c8  tunnel - ok
18:32:47.0581 0x16c8  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
18:32:47.0586 0x16c8  uagp35 - ok
18:32:47.0593 0x16c8  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
18:32:47.0598 0x16c8  UASPStor - ok
18:32:47.0609 0x16c8  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
18:32:47.0613 0x16c8  UCX01000 - ok
18:32:47.0634 0x16c8  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
18:32:47.0642 0x16c8  udfs - ok
18:32:47.0650 0x16c8  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
18:32:47.0650 0x16c8  UEFI - ok
18:32:47.0670 0x16c8  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
18:32:47.0670 0x16c8  UI0Detect - ok
18:32:47.0678 0x16c8  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
18:32:47.0682 0x16c8  uliagpkx - ok
18:32:47.0686 0x16c8  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
18:32:47.0686 0x16c8  umbus - ok
18:32:47.0690 0x16c8  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
18:32:47.0694 0x16c8  UmPass - ok
18:32:47.0702 0x16c8  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
18:32:47.0710 0x16c8  UmRdpService - ok
18:32:47.0726 0x16c8  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:32:47.0734 0x16c8  upnphost - ok
18:32:47.0746 0x16c8  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
18:32:47.0750 0x16c8  usbccgp - ok
18:32:47.0758 0x16c8  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
18:32:47.0762 0x16c8  usbcir - ok
18:32:47.0766 0x16c8  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
18:32:47.0770 0x16c8  usbehci - ok
18:32:47.0786 0x16c8  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
18:32:47.0794 0x16c8  usbhub - ok
18:32:47.0813 0x16c8  [ FAA564A13576F9284546BF016D27B551, 1D2CD13DC0B02DD40657EE4F93F4A13C78D2F2EF91685E563D78E217C96DF544 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
18:32:47.0821 0x16c8  USBHUB3 - ok
18:32:47.0829 0x16c8  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
18:32:47.0829 0x16c8  usbohci - ok
18:32:47.0837 0x16c8  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
18:32:47.0837 0x16c8  usbprint - ok
18:32:47.0845 0x16c8  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
18:32:47.0849 0x16c8  USBSTOR - ok
18:32:47.0853 0x16c8  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
18:32:47.0857 0x16c8  usbuhci - ok
18:32:47.0869 0x16c8  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
18:32:47.0869 0x16c8  usbvideo - ok
18:32:47.0885 0x16c8  [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
18:32:47.0889 0x16c8  USBXHCI - ok
18:32:47.0897 0x16c8  [ 77E93FF16910B5EB65FF60E1F013D600, D1DD42B6015D504969413821D7FBBEA45EE14395E1C0B0A75EA3131991A2A1D0 ] valWBFPolicyService C:\WINDOWS\System32\valWBFPolicyService.exe
18:32:47.0897 0x16c8  valWBFPolicyService - ok
18:32:47.0905 0x16c8  [ 1DD9408AE63DEF517A919E7D66C62452, C653EE90A1087B1E7C3BA1B5F74BCDCC92264016702B1221DEA8673906831685 ] valWbioSyncSvc  C:\windows\system32\valWbioSyncSvc.exe
18:32:47.0905 0x16c8  valWbioSyncSvc - ok
18:32:47.0913 0x16c8  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
18:32:47.0913 0x16c8  VaultSvc - ok
18:32:47.0921 0x16c8  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
18:32:47.0925 0x16c8  vdrvroot - ok
18:32:47.0957 0x16c8  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
18:32:47.0981 0x16c8  vds - ok
18:32:47.0989 0x16c8  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
18:32:47.0993 0x16c8  VerifierExt - ok
18:32:48.0010 0x16c8  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
18:32:48.0022 0x16c8  vhdmp - ok
18:32:48.0026 0x16c8  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
18:32:48.0026 0x16c8  viaide - ok
18:32:48.0060 0x16c8  [ D339DF97110C5E2C01FA191787E60CA0, 0798E9CB36BFC439CF536870E9B7594491D6027DC3FA89779B322761C1B8372D ] vm331avs        C:\WINDOWS\System32\Drivers\vm331avs.sys
18:32:48.0076 0x16c8  vm331avs - ok
18:32:48.0088 0x16c8  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
18:32:48.0088 0x16c8  vmbus - ok
18:32:48.0092 0x16c8  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
18:32:48.0092 0x16c8  VMBusHID - ok
18:32:48.0112 0x16c8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
18:32:48.0120 0x16c8  vmicguestinterface - ok
18:32:48.0136 0x16c8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
18:32:48.0149 0x16c8  vmicheartbeat - ok
18:32:48.0161 0x16c8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
18:32:48.0173 0x16c8  vmickvpexchange - ok
18:32:48.0188 0x16c8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
18:32:48.0197 0x16c8  vmicrdv - ok
18:32:48.0213 0x16c8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
18:32:48.0221 0x16c8  vmicshutdown - ok
18:32:48.0237 0x16c8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
18:32:48.0245 0x16c8  vmictimesync - ok
18:32:48.0261 0x16c8  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
18:32:48.0269 0x16c8  vmicvss - ok
18:32:48.0277 0x16c8  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
18:32:48.0281 0x16c8  volmgr - ok
18:32:48.0297 0x16c8  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
18:32:48.0305 0x16c8  volmgrx - ok
18:32:48.0317 0x16c8  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
18:32:48.0321 0x16c8  volsnap - ok
18:32:48.0330 0x16c8  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
18:32:48.0330 0x16c8  vpci - ok
18:32:48.0338 0x16c8  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
18:32:48.0342 0x16c8  vsmraid - ok
18:32:48.0375 0x16c8  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
18:32:48.0399 0x16c8  VSS - ok
18:32:48.0415 0x16c8  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
18:32:48.0419 0x16c8  VSTXRAID - ok
18:32:48.0423 0x16c8  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
18:32:48.0427 0x16c8  vwifibus - ok
18:32:48.0431 0x16c8  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
18:32:48.0431 0x16c8  vwififlt - ok
18:32:48.0439 0x16c8  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
18:32:48.0439 0x16c8  vwifimp - ok
18:32:48.0451 0x16c8  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
18:32:48.0459 0x16c8  W32Time - ok
18:32:48.0467 0x16c8  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
18:32:48.0467 0x16c8  WacomPen - ok
18:32:48.0503 0x16c8  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
18:32:48.0531 0x16c8  wbengine - ok
18:32:48.0547 0x16c8  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
18:32:48.0555 0x16c8  WbioSrvc - ok
18:32:48.0571 0x16c8  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
18:32:48.0575 0x16c8  Wcmsvc - ok
18:32:48.0591 0x16c8  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
18:32:48.0599 0x16c8  wcncsvc - ok
18:32:48.0607 0x16c8  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
18:32:48.0607 0x16c8  WcsPlugInService - ok
18:32:48.0615 0x16c8  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
18:32:48.0615 0x16c8  WdBoot - ok
18:32:48.0639 0x16c8  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
18:32:48.0643 0x16c8  Wdf01000 - ok
18:32:48.0659 0x16c8  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
18:32:48.0659 0x16c8  WdFilter - ok
18:32:48.0675 0x16c8  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
18:32:48.0675 0x16c8  WdiServiceHost - ok
18:32:48.0675 0x16c8  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
18:32:48.0675 0x16c8  WdiSystemHost - ok
18:32:48.0690 0x16c8  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
18:32:48.0690 0x16c8  WdNisDrv - ok
18:32:48.0690 0x16c8  WdNisSvc - ok
18:32:48.0706 0x16c8  [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:32:48.0706 0x16c8  WebClient - ok
18:32:48.0706 0x16c8  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
18:32:48.0722 0x16c8  Wecsvc - ok
18:32:48.0722 0x16c8  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
18:32:48.0722 0x16c8  WEPHOSTSVC - ok
18:32:48.0737 0x16c8  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
18:32:48.0737 0x16c8  wercplsupport - ok
18:32:48.0737 0x16c8  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
18:32:48.0737 0x16c8  WerSvc - ok
18:32:48.0753 0x16c8  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
18:32:48.0753 0x16c8  WFPLWFS - ok
18:32:48.0753 0x16c8  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
18:32:48.0768 0x16c8  WiaRpc - ok
18:32:48.0768 0x16c8  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
18:32:48.0768 0x16c8  WIMMount - ok
18:32:48.0768 0x16c8  WinDefend - ok
18:32:48.0800 0x16c8  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
18:32:48.0815 0x16c8  WinHttpAutoProxySvc - ok
18:32:48.0815 0x16c8  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:32:48.0831 0x16c8  Winmgmt - ok
18:32:48.0878 0x16c8  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
18:32:48.0925 0x16c8  WinRM - ok
18:32:48.0940 0x16c8  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\System32\drivers\WinUSB.sys
18:32:48.0940 0x16c8  WinUsb - ok
18:32:48.0972 0x16c8  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
18:32:49.0003 0x16c8  WlanSvc - ok
18:32:49.0050 0x16c8  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
18:32:49.0065 0x16c8  wlidsvc - ok
18:32:49.0081 0x16c8  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
18:32:49.0081 0x16c8  WmiAcpi - ok
18:32:49.0097 0x16c8  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
18:32:49.0097 0x16c8  wmiApSrv - ok
18:32:49.0097 0x16c8  WMPNetworkSvc - ok
18:32:49.0097 0x16c8  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
18:32:49.0112 0x16c8  Wof - ok
18:32:49.0143 0x16c8  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
18:32:49.0175 0x16c8  workfolderssvc - ok
18:32:49.0175 0x16c8  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
18:32:49.0175 0x16c8  wpcfltr - ok
18:32:49.0190 0x16c8  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
18:32:49.0190 0x16c8  WPCSvc - ok
18:32:49.0190 0x16c8  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
18:32:49.0190 0x16c8  WPDBusEnum - ok
18:32:49.0206 0x16c8  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
18:32:49.0206 0x16c8  WpdUpFltr - ok
18:32:49.0206 0x16c8  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
18:32:49.0206 0x16c8  ws2ifsl - ok
18:32:49.0222 0x16c8  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
18:32:49.0222 0x16c8  wscsvc - ok
18:32:49.0222 0x16c8  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
18:32:49.0222 0x16c8  WSDPrintDevice - ok
18:32:49.0237 0x16c8  [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan         C:\WINDOWS\System32\drivers\WSDScan.sys
18:32:49.0237 0x16c8  WSDScan - ok
18:32:49.0237 0x16c8  WSearch - ok
18:32:49.0300 0x16c8  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
18:32:49.0362 0x16c8  WSService - ok
18:32:49.0440 0x16c8  [ 688DAAE720E39DA86822785195646663, DB6E0F89496BB74EDF8378E6AE06364B19249701F6ACD176A0DCA1951E81A63D ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
18:32:49.0503 0x16c8  wuauserv - ok
18:32:49.0518 0x16c8  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
18:32:49.0518 0x16c8  WudfPf - ok
18:32:49.0534 0x16c8  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
18:32:49.0534 0x16c8  WUDFRd - ok
18:32:49.0550 0x16c8  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
18:32:49.0550 0x16c8  WUDFSensorLP - ok
18:32:49.0550 0x16c8  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
18:32:49.0565 0x16c8  wudfsvc - ok
18:32:49.0565 0x16c8  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
18:32:49.0565 0x16c8  WUDFWpdFs - ok
18:32:49.0581 0x16c8  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
18:32:49.0597 0x16c8  WwanSvc - ok
18:32:49.0675 0x16c8  [ C3FFB098C24A82B61E1818C3BB978B48, C7BC57A8D549B7478052F05FD0B4C623F1B70187358FD3CB5A7E9B5092FBD75F ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
18:32:49.0737 0x16c8  ZeroConfigService - ok
18:32:49.0768 0x16c8  ================ Scan global ===============================
18:32:49.0768 0x16c8  [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
18:32:49.0768 0x16c8  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
18:32:49.0784 0x16c8  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
18:32:49.0800 0x16c8  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
18:32:49.0800 0x16c8  [ Global ] - ok
18:32:49.0800 0x16c8  ================ Scan MBR ==================================
18:32:49.0815 0x16c8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:32:49.0815 0x16c8  \Device\Harddisk0\DR0 - ok
18:32:49.0815 0x16c8  ================ Scan VBR ==================================
18:32:49.0815 0x16c8  [ 57255BBAAC22B0A839E5D5CF2DAB35A2 ] \Device\Harddisk0\DR0\Partition1
18:32:49.0831 0x16c8  \Device\Harddisk0\DR0\Partition1 - ok
18:32:49.0831 0x16c8  [ B46C4A5ED519E015443785222A0D6FDC ] \Device\Harddisk0\DR0\Partition2
18:32:49.0831 0x16c8  \Device\Harddisk0\DR0\Partition2 - ok
18:32:49.0831 0x16c8  [ 52A8E4C63C8CE6835A94C2D9C7993733 ] \Device\Harddisk0\DR0\Partition3
18:32:49.0831 0x16c8  \Device\Harddisk0\DR0\Partition3 - ok
18:32:49.0847 0x16c8  [ 28A34A45C7CCCAF80155F4357724DDB6 ] \Device\Harddisk0\DR0\Partition4
18:32:49.0847 0x16c8  \Device\Harddisk0\DR0\Partition4 - ok
18:32:49.0847 0x16c8  [ 5505082F0FD8BF10091208F81E2D7CBD ] \Device\Harddisk0\DR0\Partition5
18:32:49.0862 0x16c8  \Device\Harddisk0\DR0\Partition5 - ok
18:32:49.0862 0x16c8  ================ Scan generic autorun ======================
18:32:49.0878 0x16c8  [ 8AA02F53CCC3E22C1051C3287D33C527, F3B3A0799C69D62946AD049E927F5E57B6100AF9C6711B0A5198A4DF8724DD6E ] C:\windows\system32\igfxtray.exe
18:32:49.0893 0x16c8  IgfxTray - ok
18:32:49.0940 0x16c8  [ D13B7F1EC7B22EC5487C57C1865E54D6, FE60FA124446766D88EE11E9D26C23EA4C8BC63C359A38C9023D18FE2B9A28CA ] C:\windows\system32\hkcmd.exe
18:32:49.0972 0x16c8  HotKeysCmds - ok
18:32:50.0003 0x16c8  [ 7F3252749B9C6934D032B986EB04B1A1, 4A6DE9367680DD8B88CBD3EB86E1778E8745E33FD526CA78C54EEDA036560D34 ] C:\windows\system32\igfxpers.exe
18:32:50.0018 0x16c8  Persistence - ok
18:32:50.0034 0x16c8  [ F07CCCED7A7F483305011C24ED41E313, 2141C594AB45F8172DCB6A6EEC5134D2DAC136A5AF5A34BF8EEC820FF0266A63 ] C:\Program Files\Lenovo\HOTKEY\extapsup.exe
18:32:50.0050 0x16c8  LenovoOptMouseUpdate - ok
18:32:50.0050 0x16c8  BTMTrayAgent - ok
18:32:50.0081 0x16c8  [ 7C3CD9D9B2C1336D5FEABD6EC06316F5, F68714C3697E1882D6FA5D822D99559FF07B2E2E6979E44EA104F56B93F7853F ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
18:32:50.0097 0x16c8  cAudioFilterAgent - ok
18:32:50.0112 0x16c8  [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe
18:32:50.0112 0x16c8  ForteConfig - ok
18:32:50.0206 0x16c8  [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SAII\SACpl.exe
18:32:50.0284 0x16c8  SmartAudio - ok
18:32:50.0300 0x16c8  [ 08593F82008D1524079C7CEA3D7F28F4, D6FF1875593D2BFFC137F9AD91C7A77916B83631B1D0BB97FF826F77D139B892 ] C:\WINDOWS\system32\TpShocks.exe
18:32:50.0315 0x16c8  TpShocks - ok
18:32:50.0362 0x16c8  [ 380620D8B873D1DDDF02602C31632597, 0E3C96550BB2F8501718CFDB8EEC228804283C3403E816173CA4D245521338DB ] C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
18:32:50.0409 0x16c8  LnvMobHotspotClient - ok
18:32:50.0425 0x16c8  [ C484B02BF40E68EA2F58A5148B5A79A4, E3F2495711D8DE16BE031BD6BD36AC37602E00C6AB75615DF377C91C1CF2235C ] C:\WINDOWS\SysWOW64\lmcfrundll.exe
18:32:50.0425 0x16c8  LMCSSTART1 - ok
18:32:50.0440 0x16c8  [ C484B02BF40E68EA2F58A5148B5A79A4, E3F2495711D8DE16BE031BD6BD36AC37602E00C6AB75615DF377C91C1CF2235C ] C:\WINDOWS\SysWOW64\lmcfrundll.exe
18:32:50.0440 0x16c8  LMCSSTART2 - ok
18:32:50.0440 0x16c8  [ C484B02BF40E68EA2F58A5148B5A79A4, E3F2495711D8DE16BE031BD6BD36AC37602E00C6AB75615DF377C91C1CF2235C ] C:\WINDOWS\SysWOW64\lmcfrundll.exe
18:32:50.0440 0x16c8  LMCSSTART3 - ok
18:32:50.0456 0x16c8  [ 889E56C58F5AC4242E395E3AD5F7780C, 35AA891112BE86C28C6AF8DF44BFEE342BAB7BDA877917C9B6466204091B9ADE ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
18:32:50.0456 0x16c8  Classic Start Menu - ok
18:32:50.0456 0x16c8  [ 3AC269FDBF84B8BE16D5EBAD1F373550, 9EEEFB96D7940816C681968ABA15F7E05DFF4D5D29B93BF5E9D5D3F8475C0DF2 ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
18:32:50.0472 0x16c8  IMSS - ok
18:32:50.0487 0x16c8  [ FA6220C7FDF2D94CFF82D45B72E5C929, C3E414388F8818EC4B3BEABC8ED16DE6CBF965A6603328A45AD6D9A1808F3E55 ] C:\Program Files (x86)\USB Camera\VM331STI.EXE
18:32:50.0503 0x16c8  331BigDog - ok
18:32:50.0503 0x16c8  Waiting for KSN requests completion. In queue: 363
18:32:51.0518 0x16c8  Waiting for KSN requests completion. In queue: 363
18:32:52.0534 0x16c8  Waiting for KSN requests completion. In queue: 55
18:32:53.0531 0x1724  Object required for P2P: [ 889E56C58F5AC4242E395E3AD5F7780C ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
18:32:53.0547 0x16c8  Waiting for KSN requests completion. In queue: 3
18:32:54.0562 0x16c8  Waiting for KSN requests completion. In queue: 3
18:32:55.0578 0x16c8  Waiting for KSN requests completion. In queue: 3
18:32:56.0281 0x1724  Object send P2P result: true
18:32:56.0672 0x16c8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x61100 ( enabled : updated )
18:32:56.0703 0x16c8  Win FW state via NFP2: enabled ( trusted )
18:32:59.0577 0x16c8  ============================================================
18:32:59.0577 0x16c8  Scan finished
18:32:59.0577 0x16c8  ============================================================
18:32:59.0592 0x1738  Detected object count: 0
18:32:59.0592 0x1738  Actual detected object count: 0

M-K-D-B · 19.03.2016, 23:17

Servus,

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
Hosts: 0.0.0.1	mssplus.mcafee.com
Tcpip\..\Interfaces\{013EA3FE-019E-4995-B068-4399A10F735A}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{475A88DF-E6F3-43DC-A187-E822B6F2884F}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{822EC8C9-51FF-4F99-9A55-6DB6B298CE91}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{DA56E7A7-3C80-4F6B-841E-41C7392344DB}: [DhcpNameServer] 82.163.143.171
SearchScopes: HKU\S-1-5-21-331516496-3851143654-2456111117-1001 -> DefaultScope {E62BFBAE-43EE-4CF5-BD6E-423F055F1485} URL = 
SearchScopes: HKU\S-1-5-21-331516496-3851143654-2456111117-1001 -> {E62BFBAE-43EE-4CF5-BD6E-423F055F1485} URL =
C:\Users\Hein\Downloads\ReimageRepair.exe
Task: {49101344-6C76-46D5-A5F2-776A4831F494} - System32\Tasks\Diner Browser => Rundll32.exe "C:\Users\Hein\AppData\Local\Diner Browser\{7420D55C-28E9-72F7-ABB0-767FACF2478B}\DinerBrowser.dll",#1 <==== ATTENTION
C:\Users\Hein\AppData\Local\Diner Browser
Task: {513819BA-6109-4CF9-B53B-81A9330851A2} - System32\Tasks\Diner Browser2 => Rundll32.exe "C:\Users\Hein\AppData\Local\Diner Browser\{7420D55C-28E9-72F7-ABB0-767FACF2478B}\vqelekf.dll",#1 <==== ATTENTION
AlternateDataStreams: C:\Users\Hein\Downloads\Classic Shell - CHIP-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\FreeCAD - CHIP-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\Microsoft Rechner Plus - CHIP-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\OpenOffice - CHIP-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\Setup.X86.nb-NO_HomeStudentRetail_18f91a2b-0c0f-4b6e-b2b2-db75bb097d82_TX_DB_.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\Support-LogMeInRescue (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\Support-LogMeInRescue.exe:BDU [0]
Hosts: 
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind
Diner Browser
Reimage
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von SystemLook,
die beiden neuen Logdateien von FRST.

syldron · 19.03.2016, 23:54

ok, als ich eben den laptop wieder gestartet habe ging erst mal wieder gar nix mehr. Heute nachmittag ging es, auch wenn halt die ganze Zeit zugrifsversuche angezeigt wurden. Eben dann war wieder alles voll mit reimage popups und vielen tabs die sich geøffnet haben. Aber ich hab mich durchgewurstelt und Punkt 1 der anleitung durchgeführt. Schon jetzt sehe ich eine deutliche verbesserung! Danke!

Hier kommt fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Hein (2016-03-19 23:41:03) Run:1
Running from C:\Users\Hein\Desktop
Loaded Profiles: Hein (Available Profiles: Hein & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
Hosts: 0.0.0.1	mssplus MCAFEE.com
Tcpip\..\Interfaces\{013EA3FE-019E-4995-B068-4399A10F735A}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{475A88DF-E6F3-43DC-A187-E822B6F2884F}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{822EC8C9-51FF-4F99-9A55-6DB6B298CE91}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{DA56E7A7-3C80-4F6B-841E-41C7392344DB}: [DhcpNameServer] 82.163.143.171
SearchScopes: HKU\S-1-5-21-331516496-3851143654-2456111117-1001 -> DefaultScope {E62BFBAE-43EE-4CF5-BD6E-423F055F1485} URL = 
SearchScopes: HKU\S-1-5-21-331516496-3851143654-2456111117-1001 -> {E62BFBAE-43EE-4CF5-BD6E-423F055F1485} URL =
C:\Users\Hein DOWNLOADS\ReimageRepair.exe
Task: {49101344-6C76-46D5-A5F2-776A4831F494} - System32\Tasks\Diner Browser => Rundll32.exe "C:\Users\Hein\AppData\Local\Diner Browser\{7420D55C-28E9-72F7-ABB0-767FACF2478B}\DinerBrowser.dll",#1 <==== ATTENTION
C:\Users\Hein\AppData\Local\Diner Browser
Task: {513819BA-6109-4CF9-B53B-81A9330851A2} - System32\Tasks\Diner Browser2 => Rundll32.exe "C:\Users\Hein\AppData\Local\Diner Browser\{7420D55C-28E9-72F7-ABB0-767FACF2478B}\vqelekf.dll",#1 <==== ATTENTION
AlternateDataStreams: C:\Users\Hein DOWNLOADS\Classic Shell - CHIP-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\FreeCAD - CHIP-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\Microsoft Rechner Plus - CHIP-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\OpenOffice - CHIP-Installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\Setup.X86.nb-NO_HomeStudentRetail_18f91a2b-0c0f-4b6e-b2b2-db75bb097d82_TX_DB_.exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\Support-LogMeInRescue (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Hein\Downloads\Support-LogMeInRescue.exe:BDU [0]
Hosts: 
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************

Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{013EA3FE-019E-4995-B068-4399A10F735A}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{475A88DF-E6F3-43DC-A187-E822B6F2884F}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{822EC8C9-51FF-4F99-9A55-6DB6B298CE91}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DA56E7A7-3C80-4F6B-841E-41C7392344DB}\\DhcpNameServer => value removed successfully
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-331516496-3851143654-2456111117-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E62BFBAE-43EE-4CF5-BD6E-423F055F1485}" => key removed successfully
HKCR\CLSID\{E62BFBAE-43EE-4CF5-BD6E-423F055F1485} => key not found. 
"C:\Users\Hein DOWNLOADS\ReimageRepair.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49101344-6C76-46D5-A5F2-776A4831F494}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49101344-6C76-46D5-A5F2-776A4831F494}" => key removed successfully
C:\WINDOWS\System32\Tasks\Diner Browser => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Diner Browser" => key removed successfully
"C:\Users\Hein\AppData\Local\Diner Browser" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{513819BA-6109-4CF9-B53B-81A9330851A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{513819BA-6109-4CF9-B53B-81A9330851A2}" => key removed successfully
C:\WINDOWS\System32\Tasks\Diner Browser2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Diner Browser2" => key removed successfully
"C:\Users\Hein DOWNLOADS\Classic Shell - CHIP-Installer.exe" => ":BDU" ADS not found.
C:\Users\Hein\Downloads\FreeCAD - CHIP-Installer.exe => ":BDU" ADS removed successfully.
C:\Users\Hein\Downloads\Microsoft Rechner Plus - CHIP-Installer.exe => ":BDU" ADS removed successfully.
C:\Users\Hein\Downloads\OpenOffice - CHIP-Installer.exe => ":BDU" ADS removed successfully.
C:\Users\Hein\Downloads\Setup.X86.nb-NO_HomeStudentRetail_18f91a2b-0c0f-4b6e-b2b2-db75bb097d82_TX_DB_.exe => ":BDU" ADS removed successfully.
C:\Users\Hein\Downloads\Support-LogMeInRescue (1).exe => ":BDU" ADS removed successfully.
C:\Users\Hein\Downloads\Support-LogMeInRescue.exe => ":BDU" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

EmptyTemp: => 728.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 23:41:09 ====

jetzt mache ich weiter mit punkt 2

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 23:48 on 19/03/2016 by Hein
Administrator - Elevation successful

========== regfind ==========

Searching for "Diner Browser"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{06B1F0DF-FD0A-18D1-20FD-BAEB7FF07781}]
@="267EBE0618BA8C9AE05B3A44D5082D10 8249760172d19e3bb000c6debaf1326f 44B07F16E8A9304F9A19B7FCCA536E65 "Diner Browser" "Rush Download corp" "vqelekf" 0 "DinerBrowser" 003347"
[HKEY_USERS\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Classes\Wow6432Node\CLSID\{06B1F0DF-FD0A-18D1-20FD-BAEB7FF07781}]
@="267EBE0618BA8C9AE05B3A44D5082D10 8249760172d19e3bb000c6debaf1326f 44B07F16E8A9304F9A19B7FCCA536E65 "Diner Browser" "Rush Download corp" "vqelekf" 0 "DinerBrowser" 003347"
[HKEY_USERS\S-1-5-21-331516496-3851143654-2456111117-1001_Classes\Wow6432Node\CLSID\{06B1F0DF-FD0A-18D1-20FD-BAEB7FF07781}]
@="267EBE0618BA8C9AE05B3A44D5082D10 8249760172d19e3bb000c6debaf1326f 44B07F16E8A9304F9A19B7FCCA536E65 "Diner Browser" "Rush Download corp" "vqelekf" 0 "DinerBrowser" 003347"

Searching for "Reimage"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\CLSID\{8fd0f62a-6e71-4bb9-859b-eefbd704609b}]
"ActivatableClassId"="D3DCaptureTrackerComponent.D3DCaptureImageSource"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\Microsoft.MoCamera_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy\ActivatableClassId\D3DCaptureTrackerComponent.D3DCaptureImageSource]

Searching for "         "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="4.0"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>                     </Reso
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell.workflow" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" UseSharedProcess="true" ProcessIdleTimeoutSec="1209600" RunAsUser="" RunAsPassword="" AutoRestart="false"     Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="4.0"/>                     <Param Name="AssemblyName" Value="Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/>                     <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration"/>                     <Param Name="SessionConfigurationData"                          Value="                       
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Architecture="32" Enabled="true" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="4.0"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                 

-= EOF =-

und hier kommt punkt 3

FRST.txt

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Hein (administrator) on RECHENSCHLAMPE (19-03-2016 23:51:09)
Running from C:\Users\Hein\Desktop
Loaded Profiles: Hein (Available Profiles: Hein & Administrator)
Platform: Windows 8.1 (X64) Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics Incorporated\SynFP\Shared\SensorDBSynch.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
() C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [384344 2014-02-18] (Lenovo.)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [938032 2014-03-06] (Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcesses
HKLM\...\Run: [LMCSSTART2] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStart
HKLM\...\Run: [LMCSSTART3] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDrop
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-03-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ThinkPad OneLink Dock Management.lnk [2014-12-20]
ShortcutTarget: ThinkPad OneLink Dock Management.lnk -> C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{013EA3FE-019E-4995-B068-4399A10F735A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2F0BE758-366B-4C4D-83DD-22E4910B970E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2F0BE758-366B-4C4D-83DD-22E4910B970E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Präsentationen) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-30]
CHR Extension: (Google Docs) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-30]
CHR Extension: (Google Drive) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-30]
CHR Extension: (YouTube) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-30]
CHR Extension: (Adblock Plus) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-18]
CHR Extension: (Google-Suche) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-30]
CHR Extension: (Google Tabellen) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-30]
CHR Extension: (Google Mail) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-21] (Lenovo Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2013-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016472 2015-01-23] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-21] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-09] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-22] (Lenovo)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [474160 2014-03-06] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-09] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61936 2014-06-12] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [327152 2014-06-12] (Lenovo Group Limited)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 valWBFPolicyService; C:\Windows\System32\valWBFPolicyService.exe [47504 2014-06-13] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\windows\system32\valWbioSyncSvc.exe [32256 2014-06-25] (Synaptics Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [192456 2014-05-30] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77456 2013-08-19] (Intel Corporation)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-08] (Lenovo)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3440096 2014-04-16] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
R1 SMIDriver; C:\Windows\System32\drivers\smi.sys [19760 2014-06-13] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-19 23:48 - 2016-03-19 23:49 - 00009166 _____ C:\Users\Hein\Desktop\SystemLook.txt
2016-03-19 23:47 - 2016-03-19 23:47 - 00165376 _____ C:\Users\Hein\Desktop\SystemLook_x64.exe
2016-03-19 23:38 - 2016-03-19 23:41 - 00006426 _____ C:\Users\Hein\Desktop\Fixlog.txt
2016-03-19 18:32 - 2016-03-19 18:36 - 00235584 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_18.32.26_log.txt
2016-03-19 18:31 - 2016-03-19 18:31 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Hein\Desktop\tdsskiller.exe
2016-03-19 18:27 - 2016-03-19 18:27 - 00029833 _____ C:\Users\Hein\Desktop\Addition.txt
2016-03-19 18:26 - 2016-03-19 23:51 - 00019526 _____ C:\Users\Hein\Desktop\FRST.txt
2016-03-19 18:26 - 2016-03-19 23:51 - 00000000 ____D C:\FRST
2016-03-19 18:25 - 2016-03-19 18:25 - 02374144 _____ (Farbar) C:\Users\Hein\Desktop\FRST64.exe
2016-03-19 12:28 - 2016-03-19 12:28 - 00000000 ____D C:\Users\Hein\AppData\Local\CEF
2016-03-18 18:00 - 2016-03-18 18:00 - 00001291 _____ C:\Users\Hein\Desktop\Revo Uninstaller.lnk
2016-03-18 18:00 - 2016-03-18 18:00 - 00000000 ____D C:\Users\Hein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-03-18 18:00 - 2016-03-18 18:00 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-03-18 17:54 - 2016-03-19 18:08 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-18 17:14 - 2016-03-18 17:15 - 00772016 _____ (Reimage®) C:\Users\Hein\Downloads\ReimageRepair.exe
2016-03-18 17:04 - 2016-03-18 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-03-18 17:04 - 2016-03-18 17:04 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-03-18 16:34 - 2016-03-18 17:04 - 00001991 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-03-18 16:34 - 2016-03-18 16:42 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-18 16:34 - 2016-03-18 16:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-18 16:34 - 2016-03-18 16:34 - 00002078 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-03-18 16:34 - 2016-03-18 16:34 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-03-18 16:34 - 2016-03-18 16:34 - 00000000 ____D C:\ProgramData\McAfee
2016-03-15 18:24 - 2016-03-19 23:41 - 00000000 ____D C:\Users\Hein\AppData\LocalLow\Temp
2016-03-11 09:35 - 2016-03-11 09:35 - 00000000 _____ C:\Users\Hein\Downloads\Download (1)
2016-03-11 09:35 - 2016-03-11 09:35 - 00000000 _____ C:\Users\Hein\Downloads\Download
2016-03-07 22:35 - 2016-03-18 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2016-03-07 22:35 - 2016-03-07 22:35 - 00000000 ____D C:\Users\Hein\Documents\My PDFill
2016-03-07 22:35 - 2016-03-07 22:35 - 00000000 ____D C:\ProgramData\PlotSoft
2016-03-07 22:35 - 2016-03-07 22:35 - 00000000 ____D C:\Program Files (x86)\PlotSoft
2016-03-07 22:05 - 2016-03-07 22:05 - 00970154 _____ C:\Users\Hein\Downloads\membercard_48970.pdf
2016-03-07 22:04 - 2016-03-07 22:04 - 00016985 _____ C:\Users\Hein\Downloads\faktura41614.pdf
2016-03-03 18:34 - 2016-03-03 18:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-02-29 21:12 - 2016-03-17 21:04 - 00000000 ____D C:\Users\Hein\AppData\Local\CrashDumps
2016-02-25 21:55 - 2016-02-25 21:55 - 00115402 _____ C:\Users\Hein\Downloads\tickets_19535452.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-19 23:50 - 2014-12-20 00:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-03-19 23:47 - 2015-11-26 19:19 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-331516496-3851143654-2456111117-1001
2016-03-19 23:47 - 2014-12-20 00:28 - 00449910 _____ C:\WINDOWS\system32\perfh014.dat
2016-03-19 23:47 - 2014-12-20 00:28 - 00077052 _____ C:\WINDOWS\system32\perfc014.dat
2016-03-19 23:47 - 2014-03-18 10:53 - 01377824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-19 23:47 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-19 23:42 - 2015-12-30 09:32 - 00000322 _____ C:\WINDOWS\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein at logon.job
2016-03-19 23:42 - 2015-12-30 09:32 - 00000296 _____ C:\WINDOWS\Tasks\Start WinZip Driver Updater for RECHENSCHLAMPE@Hein(logon).job
2016-03-19 23:42 - 2015-12-26 00:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-19 23:42 - 2015-12-25 16:49 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-19 23:42 - 2015-04-29 15:09 - 00000000 ___DO C:\Users\Hein\OneDrive
2016-03-19 23:41 - 2014-12-20 00:27 - 00000000 ____D C:\ProgramData\Validity
2016-03-19 23:41 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-19 23:41 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-19 20:05 - 2015-12-25 16:49 - 00001030 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-19 18:23 - 2015-12-25 16:56 - 00000000 ____D C:\Users\Hein\AppData\Local\ClassicShell
2016-03-19 01:43 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-19 01:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-19 01:05 - 2015-12-25 16:50 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-19 01:05 - 2015-12-25 16:50 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-18 18:16 - 2014-12-20 00:22 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-03-18 18:06 - 2015-11-26 19:25 - 00000000 ____D C:\Users\Hein\AppData\Local\Adobe
2016-03-18 16:39 - 2014-12-20 00:24 - 00000000 ____D C:\ProgramData\Adobe
2016-03-18 16:38 - 2015-11-26 19:13 - 00000000 ____D C:\Users\Hein\AppData\Roaming\Adobe
2016-03-18 16:34 - 2014-12-20 00:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-18 13:38 - 2015-11-26 19:06 - 00000000 ____D C:\Users\Hein
2016-03-18 13:37 - 2015-12-25 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-18 13:37 - 2015-12-25 16:56 - 00000000 ____D C:\ProgramData\ClassicShell
2016-03-18 13:37 - 2014-12-20 00:14 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-03-18 13:37 - 2014-12-19 08:08 - 00000000 ____D C:\ProgramData\Lenovo
2016-03-18 13:37 - 2014-04-03 19:18 - 00000000 ____D C:\Users\Administrator
2016-03-18 13:35 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\registration
2016-02-25 20:52 - 2016-01-08 07:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-02-25 19:53 - 2014-12-20 00:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-02-25 19:50 - 2014-12-20 00:04 - 00000000 ____D C:\Program Files\Lenovo
2016-02-25 19:48 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-02-25 19:47 - 2014-12-20 00:03 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-02-25 19:26 - 2015-11-26 19:13 - 00000000 ____D C:\Users\Hein\AppData\Local\Lenovo

==================== Files in the root of some directories =======

2014-12-20 00:07 - 2014-12-20 00:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-20 00:29 - 2014-12-20 00:29 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-12-20 00:27 - 2014-12-20 00:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-12-20 00:28 - 2014-12-20 00:28 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-12-20 00:28 - 2014-12-20 00:29 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-17 06:10

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

--- --- ---

addition.txt

[CODE]Additional
FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Hein (2016-03-19 23:51:38)
Running from C:\Users\Hein\Desktop
Windows 8.1 (X64) (2015-11-26 18:07:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-331516496-3851143654-2456111117-500 - Administrator - Disabled) => C:\Users\Administrator
Gjest (S-1-5-21-331516496-3851143654-2456111117-501 - Limited - Disabled)
Hein (S-1-5-21-331516496-3851143654-2456111117-1001 - Administrator - Enabled) => C:\Users\Hein
HomeGroupUser$ (S-1-5-21-331516496-3851143654-2456111117-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.17.50 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3604 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.3604 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Dependency Package Update (Version: 1.6.26.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1014 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo HID HW Radio Driver 1.0.0.58 (HKLM\...\{E5325F32-D15A-4131-B029-4A5B7609E532}_is1) (Version: 1.0.0.58 - Lenovo)
Lenovo Multimedia and Communications Core Runtime (HKLM\...\{033DC0E0-DA89-4C33-B66C-89B64D312CD1}_is1) (Version: 5.0.13.94 - Lenovo Corporation)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo QuickControl (HKLM-x32\...\{4855C42F-5197-4AAD-A50D-5066D2CC4647}) (Version: 2.20 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.19.209 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.4.0.5 - Lenovo Group Limited)
Lenovo Settings - Power (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 7.49.4 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.33 - Lenovo Group Limited)
Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 2.3.0.84 - Lenovo)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.3.7 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.42.8185 - Intel(R) Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{AFD7B869-3B70-40C7-8983-769256BA3BD2}) (Version: 2.2.0003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware versjon 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.5.0 - Mozilla)
Mozilla Thunderbird 38.6.0 (x86 nb-NO) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 nb-NO)) (Version: 38.6.0 - Mozilla)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.33.00 - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (x32 Version: 10.0.1.2704 - CyberLink Corp.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Synaptics WBF DDK 5011 (HKLM\...\{491728AE-BFF0-44F2-A9F1-9AE218E36E2D}) (Version: 4.5.263.0 - Synaptics)
Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.263.0 - )
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.25 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.40 - Synaptics Incorporated)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.8.911.2013 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden
Windows Driver Package - Intel Corporation (iaStorA) HDC  (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows Driver Package - Lenovo 1.67.04.05 (12/17/2013 1.67.04.05) (HKLM\...\68ECF461D6E85BB67AFC110D2FEBF1955C9F26B5) (Version: 12/17/2013 1.67.04.05 - Lenovo)
WinZip Driver Updater (HKLM\...\WinZip Driver Updater) (Version: 5.3.2.54 - VAPC (Lux) S.a.r.L)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E27045A-699B-48F5-A9AE-FE2565F1FFCB} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {1A007918-0FAD-420F-9A27-6809D63F5A1E} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {258786F3-6780-4510-84F4-F4DC0C1225CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {31841FC0-9CDB-44F0-9F5F-448017D45E05} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
Task: {42C14980-900E-4EFA-BAAE-A86F8409251D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {501FE315-3E58-4A4A-988F-85F98192C12A} - System32\Tasks\Start WinZip Driver Updater Update => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {52340366-8AB4-4507-98B5-C83E40EB0036} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {56AF9621-5123-45F2-852D-62BF905F958A} - System32\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {60BEB501-9AD5-45CF-A44B-DFFD735C1704} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo)
Task: {62B8B0BC-78EF-4257-84F6-24819EE57AE0} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-07] (CyberLink)
Task: {6F01A077-D156-493B-92CA-82C3EE8D6A55} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-07] (Synaptics Incorporated)
Task: {7A2EAC43-1D01-458A-B3AE-9DF7389FEB31} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {85944945-8F16-4432-9CD4-77F84C066944} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {922C9785-042D-4A1C-B98E-A4FFDFA0B32E} - System32\Tasks\Start WinZip Driver Updater Schedule => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {A42755FE-7E6E-44B0-9546-B19C5B0F91AB} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {AE685F9E-9C02-4D89-97B8-A376389BFF53} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2013-06-29] (CyberLink Corp.)
Task: {B36A6187-A80F-4959-A41B-FD222C61CB8A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {C0F659EF-7BCF-4649-975C-432E4FA4CF4D} - System32\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein at logon => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {D722B938-2AA9-403D-B597-F224DC56F6DA} - System32\Tasks\Start WinZip Driver Updater for RECHENSCHLAMPE@Hein(logon) => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {ED246180-ED51-4764-80A2-FD6F062EF138} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {F9514689-9757-4AA4-90F4-CB90AB92EEB4} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater for RECHENSCHLAMPE@Hein(logon).job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein at logon.job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe-runExecutable SRTray.exe
Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein.job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe-runExecutable SRTray.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-12-20 00:33 - 2015-01-16 07:49 - 00105472 ____N () C:\Program Files (x86)\ThinkPad\Utilities\NO\PWMRT64V.dll
2014-12-20 00:26 - 2012-04-24 11:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-12-20 00:07 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-02-18 03:38 - 2014-02-18 03:38 - 00246104 _____ () C:\Program Files\ThinkPad\TpShocks\MUI\0414\TpShocks.dll
2014-12-20 00:03 - 2013-10-29 01:48 - 00915968 _____ () C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
2014-12-20 00:33 - 2015-01-16 07:49 - 00105472 ____N () C:\Program Files (x86)\ThinkPad\Utilities\NO\PWMRT64V.DLL
2014-12-20 00:33 - 2015-01-09 15:40 - 00469720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2014-12-20 00:33 - 2015-01-09 15:40 - 00013528 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2016-01-29 19:42 - 2016-01-29 19:42 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2015-12-25 15:07 - 2015-12-25 15:07 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
2016-01-31 05:34 - 2016-01-31 05:34 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2013-03-07 06:49 - 2013-03-07 06:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2013-03-07 06:52 - 2013-03-07 06:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-03-19 01:05 - 2016-03-08 03:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-19 01:05 - 2016-03-08 03:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2014-12-20 00:01 - 2013-09-16 04:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Hein\Downloads\Classic Shell - CHIP-Installer.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-03-19 23:41 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hein\Desktop\Pictures\Pictures\bilder für email\10350632_10152164393638002_5661559173947843649_n.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{53150976-E673-43CD-96E1-8EAED71603DB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1A71CB6B-B0CD-4EB6-A482-CDE9BEFF72FB}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{F5817868-B22F-45D0-BA41-2753D601F50E}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{42175962-ED99-4625-93A7-9E0ABA3F0612}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{06D2607C-A9FA-401E-8EFE-D689547E5C2C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{1316B1EA-4B06-41E5-8D3E-39C8F18EB6D3}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{D9C34587-731C-4E37-9789-C4DAD83C8557}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{3609141A-55E3-4FEB-9ABA-3664D5910F6D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{C0CBF5E6-D70F-4351-86B5-9F3CFF0262B0}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{7BFEA752-06F5-4F90-9FDD-5C5DDE9CFE4A}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{30320B62-554D-4CAE-BB91-B64B9C096E7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{6F90D5DD-098E-4A47-9A7E-7A1134B76698}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9FA48342-C48C-4042-BC2D-8006A6F8E7D5}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{BF11FF53-1ABF-4EB1-BC0F-F5D7527BEBF9}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{08B22EA0-8B70-40B2-8D8D-60CFDA0EB406}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-03-2016 08:26:40 Planlagt kontrollpunkt
18-03-2016 13:34:43 Gjenopprettingsoperasjon

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2016 04:41:43 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (03/18/2016 04:30:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHENSCHLAMPE)
Description: Aktiveringen av appen Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader mislyktes med feilen: -2147009284 Se loggen for Microsoft-Windows-TWinUI/Operational hvis du vil ha mer informasjon.

Error: (03/18/2016 04:29:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHENSCHLAMPE)
Description: Aktiveringen av appen Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader mislyktes med feilen: -2147009284 Se loggen for Microsoft-Windows-TWinUI/Operational hvis du vil ha mer informasjon.

Error: (03/18/2016 04:28:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1652) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU000B0.log.

Error: (03/17/2016 08:44:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Programnavn med feil: chrome.exe, versjon: 48.0.2564.116, tidsangivelse: 0x56c52f1d
Modulnavn med feil: chrome.dll, versjon: 48.0.2564.116, tidsangivelse: 0x56c52969
Unntakskode: 0x80000003
Feilforskyvning: 0x00548ec4
Feil prosess-ID: 0x4d0
Feil starttid for program: 0xchrome.exe0
Feil programbane: chrome.exe1
Feil modulbane: chrome.exe2
Rapport-ID: chrome.exe3
Fullstendig navn på feilpakke: chrome.exe4
Relativ program-ID for feilpakke: chrome.exe5

Error: (03/17/2016 08:04:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe versjon 17.5.9600.20911 sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet, åpner du problemloggen i kontrollpanelet for Handlingssenter.

Prosess-ID: 1950

Starttidspunkt: 01d1807fb592649f

Avslutningstidspunkt: 4294967295

Programbane: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 03af8b7b-ec73-11e5-8272-801934d39d0b

Fullstendig navn på feilpakke: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Relativ program-ID for feilpakke: ppleae38af2e007f4358a809ac99a64a67c1

Error: (03/15/2016 08:11:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volumet WINRE_DRV ble ikke optimalisert fordi det oppstod en feil: Feil parameter. (0x80070057)

Error: (03/09/2016 08:00:42 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volumet WINRE_DRV ble ikke optimalisert fordi det oppstod en feil: Feil parameter. (0x80070057)

Error: (03/07/2016 08:17:04 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volumet WINRE_DRV ble ikke optimalisert fordi det oppstod en feil: Feil parameter. (0x80070057)

Error: (03/07/2016 06:37:26 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volumet WINRE_DRV ble ikke optimalisert fordi det oppstod en feil: Feil parameter. (0x80070057)


System errors:
=============
Error: (03/19/2016 11:41:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen for WLAN-utvidelse er stoppet uventet.

Modulbane: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/19/2016 11:41:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen for WLAN-utvidelse er stoppet uventet.

Modulbane: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/19/2016 11:41:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Lenovo PM Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/19/2016 11:41:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen for WLAN-utvidelse er stoppet uventet.

Modulbane: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/19/2016 11:41:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Bluetooth Device Monitor avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/19/2016 11:41:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Bluetooth OBEX Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/19/2016 11:41:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Intel(R) Dynamic Application Loader Host Interface Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/19/2016 11:41:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Intel(R) Management and Security Application Local Management Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/19/2016 11:41:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten lnvDiscoveryWinSvc avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/19/2016 11:41:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten LocationTaskManager avsluttet uventet. Det har den gjort 1 gang(er).


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4100M CPU @ 2.50GHz
Percentage of memory in use: 40%
Total physical RAM: 3986.58 MB
Available physical RAM: 2374.86 MB
Total Virtual: 6162.58 MB
Available Virtual: 4369.71 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:97.94 GB) (Free:42 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 7BA096CD)

Partition: GPT.

==================== End of Addition.txt ============================

--- --- ---

--- --- ---

--- --- ---

spontan tendiere ich dazu schon mal vielen Dank zu sagen. Soweit ich das beurteilen kann, so scheint der Laptop nun normal zu laufen. Ich bekomme keine Warnfenster mehr angezeigt und alles läuft anscheinend normal und størungsfrei.

Was genau hab ich mir da eigentlich eingefangen? Und wo? Und was kann ich tun, damit der Mist nicht wieder kommt?

Ich hatte so was ähnliches schon mal vor einiger Zeit und da hab ich es irgendwie weg bekommen, vermutlich aber nicht vollständig auch wenn längere Zeit alles ok gewirkt hat. Um so mehr bin ich daran interessiert, dass ich den Schmutz nicht wieder bekomme.

M-K-D-B · 20.03.2016, 10:39

Servus,

du warst mit verschiedener, relativ neuer Adware infiziert, daher haben MBAM und AdwCleaner das noch nicht erkannt.

Meist wird einem so etwas bei der Installation von anderer Software "untergejubelt".

wir entfernen die letzten Reste und kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\Users\Hein\Downloads\ReimageRepair.exe
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{06B1F0DF-FD0A-18D1-20FD-BAEB7FF07781}
C:\Users\Hein\Downloads\*CHIP-Installer.exe
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von SecurityCheck,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

syldron · 20.03.2016, 16:52

ok, das der laptop noch nicht ganz sauber ist hab ich heute dann auch gemerkt. Seufz! Ist ja ein fieses Teil was ich mir da eingesackt habe

Schritt 1

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Hein (2016-03-20 15:39:17) Run:2
Running from C:\Users\Hein\Desktop
Loaded Profiles: Hein (Available Profiles: Hein & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
C:\Users\Hein\Downloads\ReimageRepair.exe
DeleteKey: HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{06B1F0DF-FD0A-18D1-20FD-BAEB7FF07781}
C:\Users\Hein\Downloads\*CHIP-Installer.exe
EmptyTemp:
end
*****************

Processes closed successfully.
C:\Users\Hein\Downloads\ReimageRepair.exe => moved successfully
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{06B1F0DF-FD0A-18D1-20FD-BAEB7FF07781} => key removed successfully

=========== "C:\Users\Hein\Downloads\*CHIP-Installer.exe" ==========

C:\Users\Hein\Downloads\Classic Shell - CHIP-Installer.exe => moved successfully
C:\Users\Hein\Downloads\FreeCAD - CHIP-Installer.exe => moved successfully
C:\Users\Hein\Downloads\Microsoft Rechner Plus - CHIP-Installer.exe => moved successfully
C:\Users\Hein\Downloads\OpenOffice - CHIP-Installer.exe => moved successfully

========= End -> "C:\Users\Hein\Downloads\*CHIP-Installer.exe" ========

EmptyTemp: => 328.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:39:23 ====

schritt 2

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=239caa23dc19e1469e130e2f908c564e
# end=init
# utc_time=2016-03-20 02:47:47
# local_time=2016-03-20 03:47:47 (+0100, Vest-Europa (normaltid))
# country="Norway"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 28668
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=239caa23dc19e1469e130e2f908c564e
# end=updated
# utc_time=2016-03-20 02:51:39
# local_time=2016-03-20 03:51:39 (+0100, Vest-Europa (normaltid))
# country="Norway"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=239caa23dc19e1469e130e2f908c564e
# engine=28668
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-03-20 03:28:26
# local_time=2016-03-20 04:28:26 (+0100, Vest-Europa (normaltid))
# country="Norway"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 169926 22277276 0 0
# scanned=265659
# found=11
# cleaned=0
# scan_time=2206
sh=A41DD49AA751BC58468B7B49FB50354E7B07AF40 ft=1 fh=2a59b17f05e882c8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Hein\Downloads\Classic Shell - CHIP-Installer.exe.xBAD"
sh=D8546A4445479D8439237DB486D78CA4965D3685 ft=1 fh=3a63f233a794db6a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Hein\Downloads\FreeCAD - CHIP-Installer.exe.xBAD"
sh=62A8583EE7C0D12B7911E37061A2FCDD03775BC2 ft=1 fh=60f6a5c1a834cb7a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Hein\Downloads\Microsoft Rechner Plus - CHIP-Installer.exe.xBAD"
sh=80B567E5067C193625F1BC887BDB9835544BA432 ft=1 fh=8090198ed328be4b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Hein\Downloads\OpenOffice - CHIP-Installer.exe.xBAD"
sh=523DED566E785E6CE03F9A0F1E9387CE22220A7C ft=1 fh=c71c0011c52e71be vn="Variante von Win32/Adware.CloudGuard.B Anwendung" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\DNS Unlocker\ConsoleApplication1.dll.vir"
sh=799C9675A290002E7B5D5E0B6BB26CAFD51B658B ft=1 fh=04a534daf1e767bd vn="Variante von MSIL/Adware.CloudGuard.C Anwendung" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Program Files (x86)\DNS Unlocker\dnswalters.exe.vir"
sh=07440C42F5DE8B73C91CFAEF6F0786D09F07DD31 ft=1 fh=c71c001190e324bb vn="Variante von Win32/Adware.Adposhel.B Anwendung" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\ProgramData\fad50942\968ea5af.dll.vir"
sh=C973107603C4E5464A1215C7FB74A5632BE4F0CD ft=1 fh=bb300105f4c3932a vn="Variante von Win32/UniBlue.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hein\AppData\Local\Setup Wizard\a492c43e-0102-4b3c-8e5f-3e9a4d8298c3\driverscanner.exe"
sh=63C772C5914C0B4CB14F2B35004BEA144F2FEBAE ft=1 fh=fbc0bd1be74172aa vn="Win32/MyPCBackup.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Hein\AppData\Local\Setup Wizard\d9916362-0dd2-4a61-a199-f1e28941e2af\aff_setup.exe"
sh=64F96851E3C4EAA074CFDD574D9FBFDC2E7BD958 ft=1 fh=6c97cca5f1209993 vn="Variante von Win32/UniBlue.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Hein\AppData\Local\Temp\d58cb0f1-b223-49ad-8682-319423493434\driverscanner.exe"
sh=1F93F5FE420B28E0C9E9161E81DDEB4F9C9DE449 ft=1 fh=c138ae358509f971 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Hein\AppData\Local\Temp\DMR\dmr_72.exe"

schritt 3

Code:

ATTFilter

 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Mozilla Thunderbird (38.6.0) 
 Google Chrome (48.0.2564.116) 
 Google Chrome (49.0.2623.87) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

schritt 4

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Hein (administrator) on RECHENSCHLAMPE (20-03-2016 16:40:54)
Running from C:\Users\Hein\Desktop
Loaded Profiles: Hein (Available Profiles: Hein & Administrator)
Platform: Windows 8.1 (X64) Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics Incorporated\SynFP\Shared\SensorDBSynch.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
() C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [384344 2014-02-18] (Lenovo.)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [938032 2014-03-06] (Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcesses
HKLM\...\Run: [LMCSSTART2] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStart
HKLM\...\Run: [LMCSSTART3] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDrop
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-03-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ThinkPad OneLink Dock Management.lnk [2014-12-20]
ShortcutTarget: ThinkPad OneLink Dock Management.lnk -> C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{013EA3FE-019E-4995-B068-4399A10F735A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2F0BE758-366B-4C4D-83DD-22E4910B970E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2F0BE758-366B-4C4D-83DD-22E4910B970E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Präsentationen) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-30]
CHR Extension: (Google Docs) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-30]
CHR Extension: (Google Drive) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-30]
CHR Extension: (YouTube) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-30]
CHR Extension: (Adblock Plus) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-18]
CHR Extension: (Google-Suche) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-30]
CHR Extension: (Google Tabellen) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-30]
CHR Extension: (Google Mail) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-21] (Lenovo Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2013-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016472 2015-01-23] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-21] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-09] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-22] (Lenovo)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [474160 2014-03-06] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-09] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61936 2014-06-12] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [327152 2014-06-12] (Lenovo Group Limited)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 valWBFPolicyService; C:\Windows\System32\valWBFPolicyService.exe [47504 2014-06-13] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\windows\system32\valWbioSyncSvc.exe [32256 2014-06-25] (Synaptics Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [192456 2014-05-30] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77456 2013-08-19] (Intel Corporation)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-08] (Lenovo)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3440096 2014-04-16] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
R1 SMIDriver; C:\Windows\System32\drivers\smi.sys [19760 2014-06-13] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-20 16:37 - 2016-03-20 16:37 - 00852720 _____ C:\Users\Hein\Desktop\SecurityCheck.exe
2016-03-20 15:45 - 2016-03-20 15:45 - 02870984 _____ (ESET) C:\Users\Hein\Desktop\esetsmartinstaller_deu.exe
2016-03-19 23:48 - 2016-03-19 23:49 - 00009166 _____ C:\Users\Hein\Desktop\SystemLook.txt
2016-03-19 23:47 - 2016-03-19 23:47 - 00165376 _____ C:\Users\Hein\Desktop\SystemLook_x64.exe
2016-03-19 23:38 - 2016-03-20 15:39 - 00001387 _____ C:\Users\Hein\Desktop\Fixlog.txt
2016-03-19 18:32 - 2016-03-19 18:36 - 00235584 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_18.32.26_log.txt
2016-03-19 18:31 - 2016-03-19 18:31 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Hein\Desktop\tdsskiller.exe
2016-03-19 18:27 - 2016-03-19 23:52 - 00028447 _____ C:\Users\Hein\Desktop\Addition.txt
2016-03-19 18:26 - 2016-03-20 16:41 - 00019526 _____ C:\Users\Hein\Desktop\FRST.txt
2016-03-19 18:26 - 2016-03-20 16:40 - 00000000 ____D C:\FRST
2016-03-19 18:25 - 2016-03-19 18:25 - 02374144 _____ (Farbar) C:\Users\Hein\Desktop\FRST64.exe
2016-03-19 12:28 - 2016-03-19 12:28 - 00000000 ____D C:\Users\Hein\AppData\Local\CEF
2016-03-18 18:00 - 2016-03-18 18:00 - 00001291 _____ C:\Users\Hein\Desktop\Revo Uninstaller.lnk
2016-03-18 18:00 - 2016-03-18 18:00 - 00000000 ____D C:\Users\Hein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-03-18 18:00 - 2016-03-18 18:00 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-03-18 17:54 - 2016-03-19 18:08 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-18 17:04 - 2016-03-18 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-03-18 17:04 - 2016-03-18 17:04 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-03-18 16:34 - 2016-03-18 17:04 - 00001991 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-03-18 16:34 - 2016-03-18 16:42 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-18 16:34 - 2016-03-18 16:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-18 16:34 - 2016-03-18 16:34 - 00002078 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-03-18 16:34 - 2016-03-18 16:34 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-03-18 16:34 - 2016-03-18 16:34 - 00000000 ____D C:\ProgramData\McAfee
2016-03-15 18:24 - 2016-03-19 23:41 - 00000000 ____D C:\Users\Hein\AppData\LocalLow\Temp
2016-03-11 09:35 - 2016-03-11 09:35 - 00000000 _____ C:\Users\Hein\Downloads\Download (1)
2016-03-11 09:35 - 2016-03-11 09:35 - 00000000 _____ C:\Users\Hein\Downloads\Download
2016-03-07 22:35 - 2016-03-18 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2016-03-07 22:35 - 2016-03-07 22:35 - 00000000 ____D C:\Users\Hein\Documents\My PDFill
2016-03-07 22:35 - 2016-03-07 22:35 - 00000000 ____D C:\ProgramData\PlotSoft
2016-03-07 22:35 - 2016-03-07 22:35 - 00000000 ____D C:\Program Files (x86)\PlotSoft
2016-03-07 22:05 - 2016-03-07 22:05 - 00970154 _____ C:\Users\Hein\Downloads\membercard_48970.pdf
2016-03-07 22:04 - 2016-03-07 22:04 - 00016985 _____ C:\Users\Hein\Downloads\faktura41614.pdf
2016-03-03 18:34 - 2016-03-03 18:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-02-29 21:12 - 2016-03-17 21:04 - 00000000 ____D C:\Users\Hein\AppData\Local\CrashDumps
2016-02-25 21:55 - 2016-02-25 21:55 - 00115402 _____ C:\Users\Hein\Downloads\tickets_19535452.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-20 16:33 - 2015-12-25 16:56 - 00000000 ____D C:\Users\Hein\AppData\Local\ClassicShell
2016-03-20 16:04 - 2015-12-25 16:49 - 00001030 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-20 15:49 - 2014-12-20 00:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-03-20 15:45 - 2014-12-20 00:28 - 00449910 _____ C:\WINDOWS\system32\perfh014.dat
2016-03-20 15:45 - 2014-12-20 00:28 - 00077052 _____ C:\WINDOWS\system32\perfc014.dat
2016-03-20 15:45 - 2014-03-18 10:53 - 01377824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-20 15:45 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-20 15:40 - 2015-12-30 09:32 - 00000322 _____ C:\WINDOWS\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein at logon.job
2016-03-20 15:40 - 2015-12-30 09:32 - 00000296 _____ C:\WINDOWS\Tasks\Start WinZip Driver Updater for RECHENSCHLAMPE@Hein(logon).job
2016-03-20 15:40 - 2015-12-26 00:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-20 15:40 - 2015-12-25 16:49 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-20 15:40 - 2015-04-29 15:09 - 00000000 ___DO C:\Users\Hein\OneDrive
2016-03-20 15:40 - 2014-12-20 00:27 - 00000000 ____D C:\ProgramData\Validity
2016-03-20 15:40 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-20 15:39 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-20 00:41 - 2015-11-26 19:19 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-331516496-3851143654-2456111117-1001
2016-03-19 01:43 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-19 01:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-19 01:05 - 2015-12-25 16:50 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-19 01:05 - 2015-12-25 16:50 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-18 18:16 - 2014-12-20 00:22 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-03-18 18:06 - 2015-11-26 19:25 - 00000000 ____D C:\Users\Hein\AppData\Local\Adobe
2016-03-18 16:39 - 2014-12-20 00:24 - 00000000 ____D C:\ProgramData\Adobe
2016-03-18 16:38 - 2015-11-26 19:13 - 00000000 ____D C:\Users\Hein\AppData\Roaming\Adobe
2016-03-18 16:34 - 2014-12-20 00:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-18 13:38 - 2015-11-26 19:06 - 00000000 ____D C:\Users\Hein
2016-03-18 13:37 - 2015-12-25 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-18 13:37 - 2015-12-25 16:56 - 00000000 ____D C:\ProgramData\ClassicShell
2016-03-18 13:37 - 2014-12-20 00:14 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-03-18 13:37 - 2014-12-19 08:08 - 00000000 ____D C:\ProgramData\Lenovo
2016-03-18 13:37 - 2014-04-03 19:18 - 00000000 ____D C:\Users\Administrator
2016-03-18 13:35 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\registration
2016-02-25 20:52 - 2016-01-08 07:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-02-25 19:53 - 2014-12-20 00:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-02-25 19:50 - 2014-12-20 00:04 - 00000000 ____D C:\Program Files\Lenovo
2016-02-25 19:48 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-02-25 19:47 - 2014-12-20 00:03 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-02-25 19:26 - 2015-11-26 19:13 - 00000000 ____D C:\Users\Hein\AppData\Local\Lenovo

==================== Files in the root of some directories =======

2014-12-20 00:07 - 2014-12-20 00:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-20 00:29 - 2014-12-20 00:29 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-12-20 00:27 - 2014-12-20 00:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-12-20 00:28 - 2014-12-20 00:28 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-12-20 00:28 - 2014-12-20 00:29 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-17 06:10

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

[CODE]Additional
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Hein (2016-03-20 16:41:20)
Running from C:\Users\Hein\Desktop
Windows 8.1 (X64) (2015-11-26 18:07:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-331516496-3851143654-2456111117-500 - Administrator - Disabled) => C:\Users\Administrator
Gjest (S-1-5-21-331516496-3851143654-2456111117-501 - Limited - Disabled)
Hein (S-1-5-21-331516496-3851143654-2456111117-1001 - Administrator - Enabled) => C:\Users\Hein
HomeGroupUser$ (S-1-5-21-331516496-3851143654-2456111117-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.17.50 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3604 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.3604 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Dependency Package Update (Version: 1.6.26.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1014 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo HID HW Radio Driver 1.0.0.58 (HKLM\...\{E5325F32-D15A-4131-B029-4A5B7609E532}_is1) (Version: 1.0.0.58 - Lenovo)
Lenovo Multimedia and Communications Core Runtime (HKLM\...\{033DC0E0-DA89-4C33-B66C-89B64D312CD1}_is1) (Version: 5.0.13.94 - Lenovo Corporation)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo QuickControl (HKLM-x32\...\{4855C42F-5197-4AAD-A50D-5066D2CC4647}) (Version: 2.20 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.19.209 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.4.0.5 - Lenovo Group Limited)
Lenovo Settings - Power (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 7.49.4 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.33 - Lenovo Group Limited)
Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 2.3.0.84 - Lenovo)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.3.7 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.42.8185 - Intel(R) Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{AFD7B869-3B70-40C7-8983-769256BA3BD2}) (Version: 2.2.0003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware versjon 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.5.0 - Mozilla)
Mozilla Thunderbird 38.6.0 (x86 nb-NO) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 nb-NO)) (Version: 38.6.0 - Mozilla)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.33.00 - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (x32 Version: 10.0.1.2704 - CyberLink Corp.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Synaptics WBF DDK 5011 (HKLM\...\{491728AE-BFF0-44F2-A9F1-9AE218E36E2D}) (Version: 4.5.263.0 - Synaptics)
Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.263.0 - )
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.25 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.40 - Synaptics Incorporated)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.8.911.2013 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden
Windows Driver Package - Intel Corporation (iaStorA) HDC  (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows Driver Package - Lenovo 1.67.04.05 (12/17/2013 1.67.04.05) (HKLM\...\68ECF461D6E85BB67AFC110D2FEBF1955C9F26B5) (Version: 12/17/2013 1.67.04.05 - Lenovo)
WinZip Driver Updater (HKLM\...\WinZip Driver Updater) (Version: 5.3.2.54 - VAPC (Lux) S.a.r.L)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E27045A-699B-48F5-A9AE-FE2565F1FFCB} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {1A007918-0FAD-420F-9A27-6809D63F5A1E} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {258786F3-6780-4510-84F4-F4DC0C1225CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {31841FC0-9CDB-44F0-9F5F-448017D45E05} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
Task: {42C14980-900E-4EFA-BAAE-A86F8409251D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {501FE315-3E58-4A4A-988F-85F98192C12A} - System32\Tasks\Start WinZip Driver Updater Update => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {52340366-8AB4-4507-98B5-C83E40EB0036} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {56AF9621-5123-45F2-852D-62BF905F958A} - System32\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {60BEB501-9AD5-45CF-A44B-DFFD735C1704} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo)
Task: {62B8B0BC-78EF-4257-84F6-24819EE57AE0} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-07] (CyberLink)
Task: {6F01A077-D156-493B-92CA-82C3EE8D6A55} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-07] (Synaptics Incorporated)
Task: {7A2EAC43-1D01-458A-B3AE-9DF7389FEB31} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {85944945-8F16-4432-9CD4-77F84C066944} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {922C9785-042D-4A1C-B98E-A4FFDFA0B32E} - System32\Tasks\Start WinZip Driver Updater Schedule => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {A42755FE-7E6E-44B0-9546-B19C5B0F91AB} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {AE685F9E-9C02-4D89-97B8-A376389BFF53} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2013-06-29] (CyberLink Corp.)
Task: {B36A6187-A80F-4959-A41B-FD222C61CB8A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {C0F659EF-7BCF-4649-975C-432E4FA4CF4D} - System32\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein at logon => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {D722B938-2AA9-403D-B597-F224DC56F6DA} - System32\Tasks\Start WinZip Driver Updater for RECHENSCHLAMPE@Hein(logon) => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {ED246180-ED51-4764-80A2-FD6F062EF138} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {F9514689-9757-4AA4-90F4-CB90AB92EEB4} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater for RECHENSCHLAMPE@Hein(logon).job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein at logon.job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe-runExecutable SRTray.exe
Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein.job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe-runExecutable SRTray.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-12-20 00:33 - 2015-01-16 07:49 - 00105472 ____N () C:\Program Files (x86)\ThinkPad\Utilities\NO\PWMRT64V.dll
2014-12-20 00:26 - 2012-04-24 11:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-12-20 00:07 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-02-18 03:38 - 2014-02-18 03:38 - 00246104 _____ () C:\Program Files\ThinkPad\TpShocks\MUI\0414\TpShocks.dll
2014-12-20 00:03 - 2013-10-29 01:48 - 00915968 _____ () C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
2014-12-20 00:33 - 2015-01-16 07:49 - 00105472 ____N () C:\Program Files (x86)\ThinkPad\Utilities\NO\PWMRT64V.DLL
2014-12-20 00:33 - 2015-01-09 15:40 - 00469720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2014-12-20 00:33 - 2015-01-09 15:40 - 00013528 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2016-01-29 19:42 - 2016-01-29 19:42 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2015-12-25 15:07 - 2015-12-25 15:07 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
2016-01-31 05:34 - 2016-01-31 05:34 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2013-03-07 06:49 - 2013-03-07 06:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2013-03-07 06:52 - 2013-03-07 06:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-03-19 01:05 - 2016-03-08 03:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-19 01:05 - 2016-03-08 03:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2014-12-20 00:01 - 2013-09-16 04:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-03-19 23:41 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hein\Desktop\Pictures\Pictures\bilder für email\10350632_10152164393638002_5661559173947843649_n.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{53150976-E673-43CD-96E1-8EAED71603DB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1A71CB6B-B0CD-4EB6-A482-CDE9BEFF72FB}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{F5817868-B22F-45D0-BA41-2753D601F50E}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{42175962-ED99-4625-93A7-9E0ABA3F0612}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{06D2607C-A9FA-401E-8EFE-D689547E5C2C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{1316B1EA-4B06-41E5-8D3E-39C8F18EB6D3}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{D9C34587-731C-4E37-9789-C4DAD83C8557}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{3609141A-55E3-4FEB-9ABA-3664D5910F6D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{C0CBF5E6-D70F-4351-86B5-9F3CFF0262B0}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{7BFEA752-06F5-4F90-9FDD-5C5DDE9CFE4A}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{30320B62-554D-4CAE-BB91-B64B9C096E7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{6F90D5DD-098E-4A47-9A7E-7A1134B76698}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9FA48342-C48C-4042-BC2D-8006A6F8E7D5}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{BF11FF53-1ABF-4EB1-BC0F-F5D7527BEBF9}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{08B22EA0-8B70-40B2-8D8D-60CFDA0EB406}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-03-2016 08:26:40 Planlagt kontrollpunkt
18-03-2016 13:34:43 Gjenopprettingsoperasjon

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2016 04:31:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/20/2016 03:47:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/20/2016 03:47:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/20/2016 03:47:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/20/2016 03:47:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/20/2016 03:46:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/20/2016 03:46:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/18/2016 04:41:43 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (03/18/2016 04:30:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHENSCHLAMPE)
Description: Aktiveringen av appen Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader mislyktes med feilen: -2147009284 Se loggen for Microsoft-Windows-TWinUI/Operational hvis du vil ha mer informasjon.

Error: (03/18/2016 04:29:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHENSCHLAMPE)
Description: Aktiveringen av appen Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader mislyktes med feilen: -2147009284 Se loggen for Microsoft-Windows-TWinUI/Operational hvis du vil ha mer informasjon.


System errors:
=============
Error: (03/20/2016 03:48:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten eapihdrv kan ikke starte på grunn av følgende feil: 
%%1275

Error: (03/20/2016 03:48:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Hein\AppData\Local\Temp\ehdrv.sys

Error: (03/20/2016 03:48:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten eapihdrv kan ikke starte på grunn av følgende feil: 
%%1275

Error: (03/20/2016 03:48:40 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Hein\AppData\Local\Temp\ehdrv.sys

Error: (03/20/2016 03:48:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten eapihdrv kan ikke starte på grunn av følgende feil: 
%%1275

Error: (03/20/2016 03:48:40 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Hein\AppData\Local\Temp\ehdrv.sys

Error: (03/20/2016 03:39:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen for WLAN-utvidelse er stoppet uventet.

Modulbane: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/20/2016 03:39:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen for WLAN-utvidelse er stoppet uventet.

Modulbane: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/20/2016 03:39:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Lenovo PM Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/20/2016 03:39:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen for WLAN-utvidelse er stoppet uventet.

Modulbane: C:\WINDOWS\System32\IWMSSvc.dll


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4100M CPU @ 2.50GHz
Percentage of memory in use: 51%
Total physical RAM: 3986.58 MB
Available physical RAM: 1943.21 MB
Total Virtual: 6162.58 MB
Available Virtual: 4098.99 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:97.94 GB) (Free:41.8 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 7BA096CD)

Partition: GPT.

==================== End of Addition.txt ============================

--- --- ---

--- --- ---

leider scheint der Laptop noch nicht sauber zu sein. jedesmal wenn ich ein neues Tab øffne kommt sofort ein Warnfenster von MBAW

hier mal das logg von MBAW

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 20.03.2016 01:06, SYSTEM, RECHENSCHLAMPE, Scheduler, Failed, Unable to access update server, 
Update, 20.03.2016 02:35, SYSTEM, RECHENSCHLAMPE, Scheduler, Malware Database, 2016.3.19.6, 2016.3.20.1, 
Protection, 20.03.2016 02:35, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Starting, 
Protection, 20.03.2016 02:35, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopping, 
Protection, 20.03.2016 02:35, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopped, 
Protection, 20.03.2016 02:35, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Success, 
Protection, 20.03.2016 02:35, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Starting, 
Protection, 20.03.2016 02:35, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Started, 
Update, 20.03.2016 08:59, SYSTEM, RECHENSCHLAMPE, Scheduler, Failed, Unable to access update server, 
Update, 20.03.2016 08:59, SYSTEM, RECHENSCHLAMPE, Scheduler, Malware Database, 2016.3.20.1, 2016.3.20.2, 
Protection, 20.03.2016 08:59, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Starting, 
Protection, 20.03.2016 08:59, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopping, 
Protection, 20.03.2016 08:59, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopped, 
Protection, 20.03.2016 08:59, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Success, 
Protection, 20.03.2016 08:59, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Starting, 
Protection, 20.03.2016 08:59, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Started, 
Scan, 20.03.2016 09:04, SYSTEM, RECHENSCHLAMPE, Context, Start: 20.03.2016 08:59, Varighet: 5 min 12 sek, Trusselskann, Fullført, 0 Malwareidentifiseringer, 0 PUP/PUM-identifiseringer, 
Detection, 20.03.2016 09:41, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49958, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 09:41, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49959, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 09:41, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49958, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 09:41, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49960, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 09:41, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49961, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 09:42, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49962, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 09:43, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49984, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 09:43, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49985, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 09:43, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49986, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 09:43, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49990, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 09:43, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49991, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 09:43, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49992, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 20.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Scheduler, Domain Database, 2016.3.19.1, 2016.3.20.1, 
Protection, 20.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Starting, 
Protection, 20.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopping, 
Protection, 20.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopped, 
Protection, 20.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Success, 
Protection, 20.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Starting, 
Protection, 20.03.2016 09:54, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Started, 
Detection, 20.03.2016 10:05, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50164, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 10:05, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50164, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 10:05, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50165, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 10:05, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50166, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 10:05, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50167, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 10:05, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50169, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 10:05, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50170, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 20.03.2016 11:00, SYSTEM, RECHENSCHLAMPE, Scheduler, Malware Database, 2016.3.20.2, 2016.3.20.3, 
Protection, 20.03.2016 11:00, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Starting, 
Protection, 20.03.2016 11:00, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopping, 
Protection, 20.03.2016 11:00, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopped, 
Protection, 20.03.2016 11:00, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Success, 
Protection, 20.03.2016 11:00, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Starting, 
Protection, 20.03.2016 11:00, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Started, 
Detection, 20.03.2016 11:04, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50492, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:04, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50492, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:04, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50493, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:04, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50494, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:04, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50495, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:04, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50499, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:11, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50580, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:11, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50581, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:11, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50582, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:11, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50588, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:11, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50589, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:11, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50590, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:31, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50804, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:31, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50805, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:31, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50806, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:34, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50847, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 11:34, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 50848, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 20.03.2016 15:20, SYSTEM, RECHENSCHLAMPE, Scheduler, Malware Database, 2016.3.20.3, 2016.3.20.4, 
Protection, 20.03.2016 15:20, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Starting, 
Protection, 20.03.2016 15:20, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopping, 
Protection, 20.03.2016 15:20, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Stopped, 
Protection, 20.03.2016 15:20, SYSTEM, RECHENSCHLAMPE, Protection, Refresh, Success, 
Protection, 20.03.2016 15:20, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Starting, 
Protection, 20.03.2016 15:20, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Started, 
Protection, 20.03.2016 15:40, SYSTEM, RECHENSCHLAMPE, Protection, Malware Protection, Starting, 
Protection, 20.03.2016 15:40, SYSTEM, RECHENSCHLAMPE, Protection, Malware Protection, Started, 
Protection, 20.03.2016 15:40, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Starting, 
Protection, 20.03.2016 15:40, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Started, 
Detection, 20.03.2016 15:41, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49213, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 15:41, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49213, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 15:41, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49214, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 15:41, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49215, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 15:41, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49216, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49570, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49571, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49572, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49574, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49575, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49576, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49611, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49612, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49613, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49616, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49617, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:44, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49618, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:45, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49658, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:45, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49659, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:45, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49660, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:45, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49687, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:45, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49688, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:45, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49691, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:45, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49692, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 20.03.2016 16:45, SYSTEM, RECHENSCHLAMPE, Protection, Malicious Website Protection, Domain, 82.163.143.92, m55.dnsqa.me, 49693, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

(end)

M-K-D-B · 21.03.2016, 11:17

Servus,

Schritt 1
Bitte setze deine Brower wie folgt zurück:
IE :::
Setze folgendermassen den Internet Explorer zurück:

Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.

(Hier findest du die bebilderte Anleitung.)

FF :::
setze bitte Firefox wie folgt zurück:
Firefox zurücksetzen

CHR:::
Setze Google Chrome nach dieser Anleitung zurück.

Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

syldron · 21.03.2016, 13:16

ok, Browser ist zurück gesetzt. Hatte ich vor ein paar Tagen schon unter anderem gemacht bevor ich hier um Hilfe gefragt habe und alleine rumgewurstelt habe um den Mist weg zu bekommen.

Und hier das logfile

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.13.258
www.hitmanpro.com

   Computer name . . . . : RECHENSCHLAMPE
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : RECHENSCHLAMPE\Hein
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-03-21 13:11:00
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 16s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 8

   Objects scanned . . . : 1*691*147
   Files scanned . . . . : 49*338
   Remnants scanned  . . : 595*886 files / 1*045*923 keys

Suspicious files ____________________________________________________________

   C:\Users\Hein\Desktop\FRST64.exe
      Size . . . . . . . : 2*374*144 bytes
      Age  . . . . . . . : 1.8 days (2016-03-19 18:25:16)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 1CB35A93213562911D4E4218EFFCB9FC5A946B6E1A99509BCD2B5C936898D159
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564\ (SearchWindow)
   HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro)
   HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro)
   HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro)
   HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro)
   HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}\ (ConsumerInput)
   HKU\S-1-5-21-331516496-3851143654-2456111117-1001_Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}\ (ConsumerInput)

M-K-D-B · 21.03.2016, 23:09

Servus,

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
DeleteKey: HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
DeleteKey: HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
DeleteKey: HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
DeleteKey: HKU\S-1-5-21-331516496-3851143654-2456111117-1001_Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Hosts: 
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die beiden neuen Logdateien von FRST.

syldron · 22.03.2016, 14:20

ok, weiter gehts!

Schritt 1

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Hein (2016-03-22 14:15:57) Run:3
Running from C:\Users\Hein\Desktop
Loaded Profiles: Hein & Administrator (Available Profiles: Hein & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ATTFilter
start
CloseProcesses:
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
DeleteKey: HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
DeleteKey: HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
DeleteKey: HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
DeleteKey: HKU\S-1-5-21-331516496-3851143654-2456111117-1001_Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Hosts: 
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
       
*****************

ATTFilter => Error: No automatic fix found for this entry.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 => key removed successfully
HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} => key removed successfully
HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} => key not found. 
HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} => key not found. 
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} => key removed successfully
HKU\S-1-5-21-331516496-3851143654-2456111117-1001_Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4} => key not found. 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-331516496-3851143654-2456111117-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-331516496-3851143654-2456111117-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

EmptyTemp: => 417 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:16:03 ====

Schritt 2

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Hein (administrator) on RECHENSCHLAMPE (22-03-2016 14:21:49)
Running from C:\Users\Hein\Desktop
Loaded Profiles: Hein (Available Profiles: Hein & Administrator)
Platform: Windows 8.1 (X64) Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics Incorporated\SynFP\Shared\SensorDBSynch.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
() C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [384344 2014-02-18] (Lenovo.)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [938032 2014-03-06] (Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcesses
HKLM\...\Run: [LMCSSTART2] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStart
HKLM\...\Run: [LMCSSTART3] => C:\WINDOWS\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDrop
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-03-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ThinkPad OneLink Dock Management.lnk [2014-12-20]
ShortcutTarget: ThinkPad OneLink Dock Management.lnk -> C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{013EA3FE-019E-4995-B068-4399A10F735A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2F0BE758-366B-4C4D-83DD-22E4910B970E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2F0BE758-366B-4C4D-83DD-22E4910B970E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-331516496-3851143654-2456111117-1001 -> DefaultScope {E62BFBAE-43EE-4CF5-BD6E-423F055F1485} URL = 
SearchScopes: HKU\S-1-5-21-331516496-3851143654-2456111117-1001 -> {E62BFBAE-43EE-4CF5-BD6E-423F055F1485} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Präsentationen) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-30]
CHR Extension: (Google Docs) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-30]
CHR Extension: (Google Drive) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-30]
CHR Extension: (YouTube) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-30]
CHR Extension: (Adblock Plus) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-18]
CHR Extension: (Google-Suche) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-30]
CHR Extension: (Google Tabellen) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-30]
CHR Extension: (Google Mail) - C:\Users\Hein\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-21] (Lenovo Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2013-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2016472 2015-01-23] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-21] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-09] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-22] (Lenovo)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [474160 2014-03-06] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-09] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61936 2014-06-12] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [327152 2014-06-12] (Lenovo Group Limited)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 valWBFPolicyService; C:\Windows\System32\valWBFPolicyService.exe [47504 2014-06-13] (Synaptics Incorporated)
R2 valWbioSyncSvc; C:\windows\system32\valWbioSyncSvc.exe [32256 2014-06-25] (Synaptics Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [192456 2014-05-30] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77456 2013-08-19] (Intel Corporation)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-08] (Lenovo)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3440096 2014-04-16] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-07] (Synaptics Incorporated)
R1 SMIDriver; C:\Windows\System32\drivers\smi.sys [19760 2014-06-13] (Windows (R) Win 7 DDK provider)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-21 13:09 - 2016-03-21 13:13 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-21 13:07 - 2016-03-21 13:07 - 11441744 _____ (SurfRight B.V.) C:\Users\Hein\Desktop\HitmanPro_x64 (1).exe
2016-03-21 13:05 - 2016-03-21 13:06 - 11441744 _____ (SurfRight B.V.) C:\Users\Hein\Downloads\HitmanPro_x64.exe
2016-03-20 16:37 - 2016-03-20 16:37 - 00852720 _____ C:\Users\Hein\Desktop\SecurityCheck.exe
2016-03-20 15:45 - 2016-03-20 15:45 - 02870984 _____ (ESET) C:\Users\Hein\Desktop\esetsmartinstaller_deu.exe
2016-03-19 23:48 - 2016-03-19 23:49 - 00009166 _____ C:\Users\Hein\Desktop\SystemLook.txt
2016-03-19 23:47 - 2016-03-19 23:47 - 00165376 _____ C:\Users\Hein\Desktop\SystemLook_x64.exe
2016-03-19 23:38 - 2016-03-22 14:16 - 00004036 _____ C:\Users\Hein\Desktop\Fixlog.txt
2016-03-19 18:32 - 2016-03-19 18:36 - 00235584 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_18.32.26_log.txt
2016-03-19 18:31 - 2016-03-19 18:31 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Hein\Desktop\tdsskiller.exe
2016-03-19 18:27 - 2016-03-20 16:41 - 00032870 _____ C:\Users\Hein\Desktop\Addition.txt
2016-03-19 18:26 - 2016-03-22 14:21 - 00019833 _____ C:\Users\Hein\Desktop\FRST.txt
2016-03-19 18:26 - 2016-03-22 14:21 - 00000000 ____D C:\FRST
2016-03-19 18:25 - 2016-03-19 18:25 - 02374144 _____ (Farbar) C:\Users\Hein\Desktop\FRST64.exe
2016-03-19 12:28 - 2016-03-19 12:28 - 00000000 ____D C:\Users\Hein\AppData\Local\CEF
2016-03-18 18:00 - 2016-03-18 18:00 - 00001291 _____ C:\Users\Hein\Desktop\Revo Uninstaller.lnk
2016-03-18 18:00 - 2016-03-18 18:00 - 00000000 ____D C:\Users\Hein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-03-18 18:00 - 2016-03-18 18:00 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-03-18 17:54 - 2016-03-19 18:08 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-18 17:04 - 2016-03-18 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-03-18 17:04 - 2016-03-18 17:04 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-03-18 16:34 - 2016-03-18 17:04 - 00001991 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-03-18 16:34 - 2016-03-18 16:42 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-18 16:34 - 2016-03-18 16:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-18 16:34 - 2016-03-18 16:34 - 00002078 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-03-18 16:34 - 2016-03-18 16:34 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-03-18 16:34 - 2016-03-18 16:34 - 00000000 ____D C:\ProgramData\McAfee
2016-03-15 18:24 - 2016-03-19 23:41 - 00000000 ____D C:\Users\Hein\AppData\LocalLow\Temp
2016-03-11 09:35 - 2016-03-11 09:35 - 00000000 _____ C:\Users\Hein\Downloads\Download (1)
2016-03-11 09:35 - 2016-03-11 09:35 - 00000000 _____ C:\Users\Hein\Downloads\Download
2016-03-07 22:35 - 2016-03-18 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2016-03-07 22:35 - 2016-03-07 22:35 - 00000000 ____D C:\Users\Hein\Documents\My PDFill
2016-03-07 22:35 - 2016-03-07 22:35 - 00000000 ____D C:\ProgramData\PlotSoft
2016-03-07 22:35 - 2016-03-07 22:35 - 00000000 ____D C:\Program Files (x86)\PlotSoft
2016-03-07 22:05 - 2016-03-07 22:05 - 00970154 _____ C:\Users\Hein\Downloads\membercard_48970.pdf
2016-03-07 22:04 - 2016-03-07 22:04 - 00016985 _____ C:\Users\Hein\Downloads\faktura41614.pdf
2016-03-03 18:34 - 2016-03-03 18:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-02-29 21:12 - 2016-03-17 21:04 - 00000000 ____D C:\Users\Hein\AppData\Local\CrashDumps
2016-02-25 21:55 - 2016-02-25 21:55 - 00115402 _____ C:\Users\Hein\Downloads\tickets_19535452.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-22 14:21 - 2014-12-20 00:28 - 00449910 _____ C:\WINDOWS\system32\perfh014.dat
2016-03-22 14:21 - 2014-12-20 00:28 - 00077052 _____ C:\WINDOWS\system32\perfc014.dat
2016-03-22 14:21 - 2014-12-20 00:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-03-22 14:21 - 2014-03-18 10:53 - 01377824 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-22 14:21 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-03-22 14:17 - 2015-12-30 09:32 - 00000322 _____ C:\WINDOWS\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein at logon.job
2016-03-22 14:17 - 2015-12-30 09:32 - 00000296 _____ C:\WINDOWS\Tasks\Start WinZip Driver Updater for RECHENSCHLAMPE@Hein(logon).job
2016-03-22 14:17 - 2015-12-26 00:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 14:17 - 2015-12-25 16:49 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-22 14:17 - 2015-04-29 15:09 - 00000000 ___DO C:\Users\Hein\OneDrive
2016-03-22 14:16 - 2014-12-20 00:27 - 00000000 ____D C:\ProgramData\Validity
2016-03-22 14:16 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-22 14:16 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-22 12:04 - 2015-12-25 16:49 - 00001030 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-21 22:15 - 2015-12-25 16:56 - 00000000 ____D C:\Users\Hein\AppData\Local\ClassicShell
2016-03-20 00:41 - 2015-11-26 19:19 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-331516496-3851143654-2456111117-1001
2016-03-19 01:43 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-19 01:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-19 01:05 - 2015-12-25 16:50 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-19 01:05 - 2015-12-25 16:50 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-18 18:16 - 2014-12-20 00:22 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-03-18 18:06 - 2015-11-26 19:25 - 00000000 ____D C:\Users\Hein\AppData\Local\Adobe
2016-03-18 16:39 - 2014-12-20 00:24 - 00000000 ____D C:\ProgramData\Adobe
2016-03-18 16:38 - 2015-11-26 19:13 - 00000000 ____D C:\Users\Hein\AppData\Roaming\Adobe
2016-03-18 16:34 - 2014-12-20 00:24 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-18 13:38 - 2015-11-26 19:06 - 00000000 ____D C:\Users\Hein
2016-03-18 13:37 - 2015-12-25 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-18 13:37 - 2015-12-25 16:56 - 00000000 ____D C:\ProgramData\ClassicShell
2016-03-18 13:37 - 2014-12-20 00:14 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-03-18 13:37 - 2014-12-19 08:08 - 00000000 ____D C:\ProgramData\Lenovo
2016-03-18 13:37 - 2014-04-03 19:18 - 00000000 ____D C:\Users\Administrator
2016-03-18 13:35 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\registration
2016-02-25 20:52 - 2016-01-08 07:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-02-25 19:53 - 2014-12-20 00:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-02-25 19:50 - 2014-12-20 00:04 - 00000000 ____D C:\Program Files\Lenovo
2016-02-25 19:48 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-02-25 19:47 - 2014-12-20 00:03 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-02-25 19:26 - 2015-11-26 19:13 - 00000000 ____D C:\Users\Hein\AppData\Local\Lenovo

==================== Files in the root of some directories =======

2014-12-20 00:07 - 2014-12-20 00:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-12-20 00:29 - 2014-12-20 00:29 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-12-20 00:27 - 2014-12-20 00:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-12-20 00:28 - 2014-12-20 00:28 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-12-20 00:28 - 2014-12-20 00:29 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-17 06:10

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

Addition.txt

[CODE]Additional
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Hein (2016-03-22 14:22:18)
Running from C:\Users\Hein\Desktop
Windows 8.1 (X64) (2015-11-26 18:07:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-331516496-3851143654-2456111117-500 - Administrator - Disabled) => C:\Users\Administrator
Gjest (S-1-5-21-331516496-3851143654-2456111117-501 - Limited - Disabled)
Hein (S-1-5-21-331516496-3851143654-2456111117-1001 - Administrator - Enabled) => C:\Users\Hein
HomeGroupUser$ (S-1-5-21-331516496-3851143654-2456111117-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.17.50 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3604 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.3604 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Dependency Package Update (Version: 1.6.26.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.13.911.3 - Vimicro)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1014 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{75895d95-3e4b-42b6-8440-97a0e234aeb3}) (Version: 17.0.2 - Intel Corporation)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.12 - )
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo HID HW Radio Driver 1.0.0.58 (HKLM\...\{E5325F32-D15A-4131-B029-4A5B7609E532}_is1) (Version: 1.0.0.58 - Lenovo)
Lenovo Multimedia and Communications Core Runtime (HKLM\...\{033DC0E0-DA89-4C33-B66C-89B64D312CD1}_is1) (Version: 5.0.13.94 - Lenovo Corporation)
Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo QuickControl (HKLM-x32\...\{4855C42F-5197-4AAD-A50D-5066D2CC4647}) (Version: 2.20 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.19.209 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.4.0.5 - Lenovo Group Limited)
Lenovo Settings - Power (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 7.49.4 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.33 - Lenovo Group Limited)
Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 2.3.0.84 - Lenovo)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.3.7 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited)
Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.2.42.8185 - Intel(R) Corporation)
Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{AFD7B869-3B70-40C7-8983-769256BA3BD2}) (Version: 2.2.0003.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes Anti-Malware versjon 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.5.0 - Mozilla)
Mozilla Thunderbird 38.6.0 (x86 nb-NO) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 nb-NO)) (Version: 38.6.0 - Mozilla)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.33.00 - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (x32 Version: 10.0.1.2704 - CyberLink Corp.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21234 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Synaptics WBF DDK 5011 (HKLM\...\{491728AE-BFF0-44F2-A9F1-9AE218E36E2D}) (Version: 4.5.263.0 - Synaptics)
Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.263.0 - )
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.25 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.40 - Synaptics Incorporated)
Thinkpad USB 3.0 Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.8.911.2013 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden
Windows Driver Package - Intel Corporation (iaStorA) HDC  (08/01/2013 12.8.0.1016) (HKLM\...\C8A921233C0C441A4E4EAABC2AB08C872FD77A6E) (Version: 08/01/2013 12.8.0.1016 - Intel Corporation)
Windows Driver Package - Lenovo 1.67.04.05 (12/17/2013 1.67.04.05) (HKLM\...\68ECF461D6E85BB67AFC110D2FEBF1955C9F26B5) (Version: 12/17/2013 1.67.04.05 - Lenovo)
WinZip Driver Updater (HKLM\...\WinZip Driver Updater) (Version: 5.3.2.54 - VAPC (Lux) S.a.r.L)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E27045A-699B-48F5-A9AE-FE2565F1FFCB} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {1A007918-0FAD-420F-9A27-6809D63F5A1E} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {258786F3-6780-4510-84F4-F4DC0C1225CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {31841FC0-9CDB-44F0-9F5F-448017D45E05} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
Task: {42C14980-900E-4EFA-BAAE-A86F8409251D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {501FE315-3E58-4A4A-988F-85F98192C12A} - System32\Tasks\Start WinZip Driver Updater Update => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {52340366-8AB4-4507-98B5-C83E40EB0036} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {56AF9621-5123-45F2-852D-62BF905F958A} - System32\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {60BEB501-9AD5-45CF-A44B-DFFD735C1704} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo)
Task: {62B8B0BC-78EF-4257-84F6-24819EE57AE0} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-07] (CyberLink)
Task: {6F01A077-D156-493B-92CA-82C3EE8D6A55} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-07] (Synaptics Incorporated)
Task: {7A2EAC43-1D01-458A-B3AE-9DF7389FEB31} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {85944945-8F16-4432-9CD4-77F84C066944} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {922C9785-042D-4A1C-B98E-A4FFDFA0B32E} - System32\Tasks\Start WinZip Driver Updater Schedule => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {A42755FE-7E6E-44B0-9546-B19C5B0F91AB} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {AE685F9E-9C02-4D89-97B8-A376389BFF53} - System32\Tasks\StartPowerDVDService => C:\PROGRAM FILES (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [2013-06-29] (CyberLink Corp.)
Task: {B36A6187-A80F-4959-A41B-FD222C61CB8A} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {B5B7D277-497C-496E-B8E7-4D66C8C978B3} - System32\Tasks\Lenovo\StartLenovoMessenger => C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe [2014-11-21] ()
Task: {C0F659EF-7BCF-4649-975C-432E4FA4CF4D} - System32\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein at logon => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {D722B938-2AA9-403D-B597-F224DC56F6DA} - System32\Tasks\Start WinZip Driver Updater for RECHENSCHLAMPE@Hein(logon) => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: {ED246180-ED51-4764-80A2-FD6F062EF138} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {F9514689-9757-4AA4-90F4-CB90AB92EEB4} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater for RECHENSCHLAMPE@Hein(logon).job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe
Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein at logon.job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe-runExecutable SRTray.exe
Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater( SR ) for RECHENSCHLAMPE@Hein.job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe-runExecutable SRTray.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-12-20 00:33 - 2015-01-16 07:49 - 00105472 ____N () C:\Program Files (x86)\ThinkPad\Utilities\NO\PWMRT64V.dll
2014-12-20 00:26 - 2012-04-24 11:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-12-20 00:07 - 2010-10-26 05:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-02-18 03:38 - 2014-02-18 03:38 - 00246104 _____ () C:\Program Files\ThinkPad\TpShocks\MUI\0414\TpShocks.dll
2014-12-20 00:03 - 2013-10-29 01:48 - 00915968 _____ () C:\Program Files (x86)\Lenovo\OneLink Dock\onelinkpromgn.exe
2014-12-20 00:33 - 2015-01-16 07:49 - 00105472 ____N () C:\Program Files (x86)\ThinkPad\Utilities\NO\PWMRT64V.DLL
2014-12-20 00:33 - 2015-01-09 15:40 - 00469720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2014-12-20 00:33 - 2015-01-09 15:40 - 00013528 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2016-01-29 19:42 - 2016-01-29 19:42 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2015-12-25 15:07 - 2015-12-25 15:07 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
2016-01-31 05:34 - 2016-01-31 05:34 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2016-03-19 01:05 - 2016-03-08 03:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-19 01:05 - 2016-03-08 03:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2013-03-07 06:49 - 2013-03-07 06:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2013-03-07 06:52 - 2013-03-07 06:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-12-20 00:01 - 2013-09-16 04:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-03-22 14:15 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-331516496-3851143654-2456111117-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hein\Desktop\Pictures\Pictures\bilder für email\10350632_10152164393638002_5661559173947843649_n.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{53150976-E673-43CD-96E1-8EAED71603DB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1A71CB6B-B0CD-4EB6-A482-CDE9BEFF72FB}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{F5817868-B22F-45D0-BA41-2753D601F50E}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{42175962-ED99-4625-93A7-9E0ABA3F0612}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{06D2607C-A9FA-401E-8EFE-D689547E5C2C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{1316B1EA-4B06-41E5-8D3E-39C8F18EB6D3}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{D9C34587-731C-4E37-9789-C4DAD83C8557}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{3609141A-55E3-4FEB-9ABA-3664D5910F6D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{C0CBF5E6-D70F-4351-86B5-9F3CFF0262B0}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{7BFEA752-06F5-4F90-9FDD-5C5DDE9CFE4A}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{30320B62-554D-4CAE-BB91-B64B9C096E7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{6F90D5DD-098E-4A47-9A7E-7A1134B76698}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9FA48342-C48C-4042-BC2D-8006A6F8E7D5}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{BF11FF53-1ABF-4EB1-BC0F-F5D7527BEBF9}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{08B22EA0-8B70-40B2-8D8D-60CFDA0EB406}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-03-2016 08:26:40 Planlagt kontrollpunkt
18-03-2016 13:34:43 Gjenopprettingsoperasjon

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/21/2016 01:26:35 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volumet WINRE_DRV ble ikke optimalisert fordi det oppstod en feil: Feil parameter. (0x80070057)

Error: (03/20/2016 04:31:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/20/2016 03:47:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/20/2016 03:47:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/20/2016 03:47:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/20/2016 03:47:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/20/2016 03:46:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/20/2016 03:46:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1. Feil i manifest- eller policyfilen C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2 i linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.
Komponentene i konflikt er:.
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (03/18/2016 04:41:43 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description: 

Error: (03/18/2016 04:30:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RECHENSCHLAMPE)
Description: Aktiveringen av appen Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader mislyktes med feilen: -2147009284 Se loggen for Microsoft-Windows-TWinUI/Operational hvis du vil ha mer informasjon.


System errors:
=============
Error: (03/22/2016 02:16:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen for WLAN-utvidelse er stoppet uventet.

Modulbane: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/22/2016 02:16:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen for WLAN-utvidelse er stoppet uventet.

Modulbane: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/22/2016 02:16:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Lenovo PM Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/22/2016 02:16:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-MYNDIGHET)
Description: Modulen for WLAN-utvidelse er stoppet uventet.

Modulbane: C:\WINDOWS\System32\IWMSSvc.dll

Error: (03/22/2016 02:16:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Intel(R) PROSet/Wireless Registry Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/22/2016 02:16:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Cyberlink RichVideo64 Service(CRVS) avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/22/2016 02:16:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Synaptics FP WBF Policy Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/22/2016 02:16:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Lenovo Settings Power Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/22/2016 02:16:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten MBAMService avsluttet uventet. Det har den gjort 1 gang(er).

Error: (03/22/2016 02:16:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Lenovo Settings Service avsluttet uventet. Det har den gjort 1 gang(er).


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4100M CPU @ 2.50GHz
Percentage of memory in use: 40%
Total physical RAM: 3986.58 MB
Available physical RAM: 2368.91 MB
Total Virtual: 5842.58 MB
Available Virtual: 4062.95 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:97.94 GB) (Free:41.88 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 7BA096CD)

Partition: GPT.

==================== End of Addition.txt ============================

--- --- ---

--- --- ---

soweit ich das sehen kann, läuft der Laptop jetzt reibungslos. was meinst du?

M-K-D-B · 22.03.2016, 15:11

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	Microsoft Security Essentials	ESET

Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

syldron · 23.03.2016, 18:04

Super!

Vielen Dank für deine Hilfe! Als ich mich hier angemeldet habe, hätte ich nicht geglaubt das ich meinen Rechner wieder sauber bekomme. Aber deine Anleitungen waren so super, dass es echt nicht schwer war da alle Arbeitsschritte hinzubekommen!

Zu Firefox
Ich hab Jahrelang Firefox verwendet und war damit auch lange sehr zufrieden. Aber dann gabs da immer wieder Probleme mit dem Browser und gerade im Zusammenhang mit der Hochschule so wurden mir viele Seiten im Firefox fehlerhaft oder gar nicht angezeigt und viele files konnte ich nicht øffnen, so das ich auf Chome umgestiegen bin, der eigentlich auch zu meiner zufriedenheit läuft.

Auf einem zweiten Laptop hab ich noch bis vor wenigen Wochen ausschliesslich mit Firefox gesurft, aber auch da gab es Probleme das Seiten sich nur fehlerhaft oder langsam aufgebaut haben, weswegen ich auch da auf Chome umgestiegen bin. Wobei ich mir auch nicht 100% sicher bin ob mein anderer Laptop wirklich sauber ist.

Vielen Dank jedenfalls für deine Hilfe!

M-K-D-B · 24.03.2016, 13:41

Wenn wir einen anderen Rechner auf Malware überprüfen sollen, dann kannst du jederzeit ein neues Thema aufmachen.

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Problem mit selbstständigen øffnen neuer Tabs und Popups (Reimage) im google chrome

Plagegeister aller Art und deren Bekämpfung: Problem mit selbstständigen øffnen neuer Tabs und Popups (Reimage) im google chrome