| |
| |||||||
Log-Analyse und Auswertung: svchost.exe verursacht ständig NetzwerktrafficWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.11.2012, 19:22
| #1 |
| Account geschlossen |  svchost.exe verursacht ständig Netzwerktraffic Hallo, wie bereits oben erwähnt verursacht der Prozess svchost.exe ständig Netzwerktraffic, obwohl ich kein Programm geöffnet habe. Ich kann leider nicht herausfinden, wodurch bzw. welches Programm dies verursacht. Ein vollständiger Virenscan mit Avast Free ergab keinen Befund. Ebenso ein vollständiger Scan mit Malwarebytes. Anbei habe ich einmal die Logfiles vom OTL Scan eingefügt. Defrogger habe ich ebenfalls durchgeführt, allerdings gab es keine Fehlermeldung, sodass ich davon ausgehe, dass dieses Logfile nicht benötigt wird. Ich hoffe Ihr könnt mir Helfen. Gruß Matthias OTL Log: Code:
ATTFilter OTL logfile created on: 14.11.2012 18:58:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 59,20% Memory free 7,60 Gb Paging File | 5,90 Gb Available in Paging File | 77,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,12 Gb Total Space | 37,68 Gb Free Space | 48,23% Space Free | Partition Type: NTFS Drive D: | 219,87 Gb Total Space | 166,90 Gb Free Space | 75,91% Space Free | Partition Type: NTFS Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.14 18:57:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Downloads\OTL.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.06.28 17:31:14 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe PRC - [2012.05.16 05:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe PRC - [2012.02.08 15:38:28 | 000,083,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe PRC - [2012.01.27 14:06:12 | 000,485,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMResident.exe PRC - [2011.11.04 14:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.07.12 17:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2011.07.12 16:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2011.07.12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.10.27 21:11:00 | 000,079,136 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe PRC - [2010.05.03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.05.03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.01.16 18:49:00 | 000,712,760 | ---- | M] (Conexant Systems, Inc) -- C:\Programme\CONEXANT\SAII\SmartAudio.exe ========== Modules (No Company Name) ========== MOD - [2012.10.24 20:55:54 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll MOD - [2012.10.24 20:52:12 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll MOD - [2012.10.24 20:51:34 | 000,250,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\b3c9af1210c61a1e018ac91e6890f9ea\Interop.CxHDAudioAPILib.ni.dll MOD - [2012.10.24 20:51:31 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll MOD - [2012.10.24 20:51:30 | 001,303,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\9af44a71ac1d59deee94397ba47bc3d3\SmartAudio.ni.exe MOD - [2012.10.24 20:38:25 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.10.24 20:37:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.10.24 20:37:45 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.10.24 20:37:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.10.24 20:37:27 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.10.24 20:37:24 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.10.24 20:37:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.10.24 20:37:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.10.24 20:37:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.10.24 20:37:07 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.10.24 20:37:02 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010.11.05 02:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2009.07.14 18:58:15 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.08.12 17:59:52 | 000,046,984 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007.06.01 01:02:16 | 000,043,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.28 11:10:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.28 10:58:08 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.27 20:49:52 | 000,021,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2012.06.28 17:31:14 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate) SRV - [2012.06.25 15:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.06.25 15:05:54 | 000,628,016 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.06.25 15:05:28 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.05.16 05:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc) SRV - [2012.05.16 05:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2012.05.16 05:32:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc) SRV - [2012.04.10 15:37:24 | 000,449,912 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\ISD\ISD_TouchService.exe -- (TouchServiceISD) SRV - [2012.04.10 15:37:22 | 005,650,296 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\ISD\ISD_Tablet.exe -- (TabletServiceISD) SRV - [2012.02.08 15:38:28 | 000,083,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe -- (TabletSVC) SRV - [2011.07.12 15:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011.07.12 15:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.07.12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011.07.12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.10.27 21:11:00 | 000,079,136 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe -- (ASRSVC) SRV - [2010.05.03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.05.03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.02 13:02:43 | 000,040,760 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.12 17:59:52 | 000,025,448 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2012.07.23 22:48:02 | 000,148,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.07.05 20:43:24 | 000,443,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.07.05 20:43:24 | 000,027,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012.06.03 07:33:44 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.05.30 12:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.05.16 05:32:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64) DRV:64bit: - [2012.05.16 05:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2012.04.10 15:37:38 | 000,044,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wisdpen.sys -- (WISDPen) DRV:64bit: - [2012.04.10 15:37:38 | 000,016,368 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVTHid.sys -- (wacomvthid) DRV:64bit: - [2012.04.10 15:37:38 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2012.04.10 15:37:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.10 14:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.08.23 04:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.05.23 14:33:32 | 000,167,040 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.09.07 13:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2010.08.25 09:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010.06.28 01:39:46 | 000,017,064 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wstbtndb.sys -- (HBtnKey) DRV:64bit: - [2010.02.26 22:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.06.01 01:01:52 | 000,026,928 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 09:21:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 11:10:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 11:10:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 11:10:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 11:10:22 | 000,000,000 | ---D | M] [2012.10.23 16:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions [2012.11.14 16:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\8x438u4z.default\extensions [2012.11.01 17:10:07 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\8x438u4z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.14 16:59:00 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8x438u4z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.10.24 16:20:25 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8x438u4z.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.10.24 16:19:28 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8x438u4z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.28 11:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.02 09:21:42 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.10.28 11:10:28 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.10 08:11:40 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [TabletButton] C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TabletButton.EXE (Lenovo Group Limited ) O4 - HKLM..\Run: [TSMResident] C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMRESIDENT.EXE (Lenovo Group Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B5D2C83-E1C8-4AD5-B558-BB8DB43A08CA}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 18:15:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.14 17:59:21 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\assembly [2012.11.14 10:31:12 | 000,000,000 | --SD | C] -- C:\Users\Matthias\Documents\Meine Shapes [2012.11.14 10:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.11.08 18:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems [2012.11.02 13:06:27 | 000,000,000 | RHSD | C] -- C:\boot [2012.11.02 13:02:30 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012.11.02 09:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2012.11.01 19:57:21 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes [2012.11.01 19:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.01 19:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.01 19:57:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.01 19:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.28 11:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.28 10:59:12 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Macromedia [2012.10.28 10:59:12 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Macromedia [2012.10.28 10:59:12 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Adobe [2012.10.28 10:58:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.10.28 10:58:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.10.28 10:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.10.27 13:36:03 | 000,000,000 | R--D | C] -- C:\Users\Matthias\AppData\Roaming\Brother [2012.10.25 19:11:33 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\MiKTeX [2012.10.25 19:11:31 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\MiKTeX [2012.10.25 10:44:07 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\MATLAB [2012.10.25 10:42:54 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\MathWorks [2012.10.25 10:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB [2012.10.25 10:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB [2012.10.25 07:08:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2012.10.24 22:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant [2012.10.24 22:02:43 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Conexant [2012.10.24 21:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.10.24 21:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThinkPad [2012.10.24 21:55:12 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\WTablet [2012.10.24 21:55:11 | 000,738,168 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\ISD_Touch_Tablet.dll [2012.10.24 21:55:09 | 000,744,824 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\ISD_Tablet.dll [2012.10.24 21:55:09 | 000,600,440 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll [2012.10.24 21:55:09 | 000,507,256 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll [2012.10.24 21:54:58 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys [2012.10.24 21:54:52 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys [2012.10.24 21:54:27 | 000,044,656 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wisdpen.sys [2012.10.24 21:53:50 | 000,142,848 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\SysNative\5U877.ax [2012.10.24 21:53:50 | 000,126,976 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\SysWow64\5U877.ax [2012.10.24 19:02:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.10.24 19:02:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.10.24 18:55:02 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2012.10.24 18:54:32 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2012.10.24 18:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.10.24 18:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.10.24 17:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet button [2012.10.24 17:09:19 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.10.24 17:05:39 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\OneNote-Notizbücher [2012.10.24 17:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.10.24 17:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.10.24 17:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012.10.24 08:42:48 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\PwrMgr [2012.10.24 08:37:39 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Lenovo [2012.10.24 08:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo [2012.10.24 08:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lenovo [2012.10.24 08:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad [2012.10.23 18:59:48 | 000,148,264 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll [2012.10.23 18:59:46 | 000,273,704 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll [2012.10.23 18:59:46 | 000,218,408 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll [2012.10.23 18:59:45 | 001,008,440 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll [2012.10.23 18:59:28 | 000,000,000 | ---D | C] -- C:\SWTOOLS [2012.10.23 18:59:06 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\WLANProfiles [2012.10.23 18:58:48 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012.10.23 18:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2012.10.23 18:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins [2012.10.23 18:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins [2012.10.23 18:56:43 | 000,639,864 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\ISD_Tablet.dll [2012.10.23 18:56:39 | 000,016,368 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\WacomVTHid.sys [2012.10.23 18:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet [2012.10.23 18:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT [2012.10.23 18:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo [2012.10.23 18:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Integrated Camera Driver [2012.10.23 18:53:54 | 000,167,040 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\SysNative\drivers\5U877.sys [2012.10.23 18:53:54 | 000,123,904 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\SysNative\5U877.dll [2012.10.23 18:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2012.10.23 18:52:44 | 000,443,192 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys [2012.10.23 18:52:44 | 000,228,664 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll [2012.10.23 18:52:44 | 000,150,328 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo11.dll [2012.10.23 18:52:44 | 000,113,976 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll [2012.10.23 18:52:43 | 000,535,864 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll [2012.10.23 18:52:42 | 000,027,960 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys [2012.10.23 18:51:54 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\ElevatedDiagnostics [2012.10.23 18:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012.10.23 18:45:16 | 000,000,000 | ---D | C] -- C:\Intel [2012.10.23 18:32:40 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Intel [2012.10.23 18:32:30 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Roaming [2012.10.23 18:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming [2012.10.23 18:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2012.10.23 18:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.10.23 18:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2012.10.23 18:26:43 | 000,000,000 | ---D | C] -- C:\DRIVERS [2012.10.23 17:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 8.0 [2012.10.23 17:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 8.0 S-Edition [2012.10.23 17:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects [2012.10.23 17:08:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\StarFinanz [2012.10.23 17:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarMoney 8.0 S-Edition [2012.10.23 16:56:12 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Mozilla [2012.10.23 16:56:12 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Mozilla [2012.10.23 16:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2012.10.23 16:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.10.23 16:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2012.10.23 16:47:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.10.23 16:47:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.10.23 16:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.10.23 16:45:21 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Microsoft Help [2012.10.23 16:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.10.23 16:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.10.23 16:44:48 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.10.23 16:29:24 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\xm1 [2012.10.23 16:28:26 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.10.23 16:26:53 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.10.23 16:12:36 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Apple Computer [2012.10.23 16:12:35 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Apple Computer [2012.10.23 16:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.10.23 16:12:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012.10.23 16:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.10.23 16:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.10.23 16:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.10.23 16:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.10.23 16:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.10.23 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Apple [2012.10.23 16:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.10.23 16:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.10.23 16:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.10.23 16:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.10.23 16:09:48 | 000,000,000 | R--D | C] -- C:\Users\Matthias\SkyDrive [2012.10.23 16:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2012.10.23 16:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2012.10.23 16:09:16 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker [2012.10.23 16:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker [2012.10.23 16:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texmaker [2012.10.23 16:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother [2012.10.23 16:06:45 | 000,000,000 | ---D | C] -- C:\Brother [2012.10.23 16:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4 [2012.10.23 16:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browny02 [2012.10.23 16:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ControlCenter4 [2012.10.23 16:06:37 | 000,278,528 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrJDec.dll [2012.10.23 16:06:37 | 000,050,688 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrUsi09d.dll [2012.10.23 16:06:36 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\SysWow64\BRRBTOOL.EXE [2012.10.23 16:06:35 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BRLMW03A.DLL [2012.10.23 16:06:34 | 000,217,088 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll [2012.10.23 16:06:34 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll [2012.10.23 16:06:34 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll [2012.10.23 16:06:34 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll [2012.10.23 16:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother [2012.10.23 16:06:31 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll [2012.10.23 16:06:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.10.23 16:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2012.10.23 16:05:54 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\InstallShield [2012.10.23 16:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer [2012.10.23 16:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software [2012.10.23 16:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.10.23 16:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.23 16:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9 [2012.10.23 15:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX [2012.10.23 15:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\MiKTeX 2.9 [2012.10.23 15:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.23 15:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.10.23 15:45:06 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.10.23 15:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.10.23 15:45:05 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.10.23 15:45:04 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.10.23 15:45:03 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.10.23 15:45:02 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.10.23 15:45:00 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.10.23 15:45:00 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.10.23 15:44:25 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.10.23 15:44:24 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.10.23 15:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.10.23 15:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.10.23 15:42:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools [2012.10.23 15:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo [2012.10.23 15:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo [2012.10.23 15:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo [2012.10.23 15:42:26 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.10.23 15:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.10.23 15:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.10.23 15:37:49 | 000,000,000 | R--D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.10.23 15:37:49 | 000,000,000 | R--D | C] -- C:\Users\Matthias\Searches [2012.10.23 15:37:49 | 000,000,000 | R--D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.10.23 15:37:41 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Identities [2012.10.23 15:37:38 | 000,000,000 | R--D | C] -- C:\Users\Matthias\Contacts [2012.10.23 15:37:36 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\VirtualStore [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\Vorlagen [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\AppData\Local\Verlauf [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\AppData\Local\Temporary Internet Files [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\Startmenü [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\SendTo [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\Recent [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\Netzwerkumgebung [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\Lokale Einstellungen [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\Documents\Eigene Videos [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\Documents\Eigene Musik [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\Eigene Dateien [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\Documents\Eigene Bilder [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\Druckumgebung [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\Cookies [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\AppData\Local\Anwendungsdaten [2012.10.23 15:37:22 | 000,000,000 | -HSD | C] -- C:\Users\Matthias\Anwendungsdaten [2012.10.23 15:37:21 | 000,000,000 | --SD | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft [2012.10.23 15:37:21 | 000,000,000 | R--D | C] -- C:\Users\Matthias\Videos [2012.10.23 15:37:21 | 000,000,000 | R--D | C] -- C:\Users\Matthias\Saved Games [2012.10.23 15:37:21 | 000,000,000 | R--D | C] -- C:\Users\Matthias\Pictures [2012.10.23 15:37:21 | 000,000,000 | R--D | C] -- C:\Users\Matthias\Music [2012.10.23 15:37:21 | 000,000,000 | R--D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.10.23 15:37:21 | 000,000,000 | R--D | C] -- C:\Users\Matthias\Links [2012.10.23 15:37:21 | 000,000,000 | R--D | C] -- C:\Users\Matthias\Favorites [2012.10.23 15:37:21 | 000,000,000 | R--D | C] -- C:\Users\Matthias\Downloads [2012.10.23 15:37:21 | 000,000,000 | R--D | C] -- C:\Users\Matthias\Documents [2012.10.23 15:37:21 | 000,000,000 | R--D | C] -- C:\Users\Matthias\Desktop [2012.10.23 15:37:21 | 000,000,000 | R--D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.10.23 15:37:21 | 000,000,000 | -H-D | C] -- C:\Users\Matthias\AppData [2012.10.23 15:37:21 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Temp [2012.10.23 15:37:21 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\Microsoft [2012.10.23 15:37:21 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Media Center Programs [2012.10.23 15:37:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.10.23 15:37:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.10.23 15:37:11 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.10.23 15:37:11 | 000,000,000 | -HSD | C] -- C:\Programme [2012.10.23 15:37:11 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.10.23 15:37:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.10.23 15:37:11 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.10.23 15:37:11 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.10.23 15:37:11 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.10.23 15:37:11 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.10.23 15:37:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.10.23 15:37:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.10.23 15:37:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.10.23 15:30:25 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch ========== Files - Modified Within 30 Days ========== [2012.11.14 19:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.14 18:57:25 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable [2012.11.14 18:56:01 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.14 18:56:01 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.14 18:56:01 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.14 18:56:01 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.14 18:56:01 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.14 18:13:42 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 18:13:42 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 16:53:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.14 16:53:38 | 3060,535,296 | -HS- | M] () -- C:\hiberfil.sys [2012.11.13 17:50:51 | 000,007,641 | ---- | M] () -- C:\Users\Matthias\AppData\Local\Resmon.ResmonCfg [2012.11.11 11:07:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.11.10 08:38:25 | 000,001,593 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF [2012.11.08 18:27:26 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF [2012.11.02 09:21:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.11.02 09:17:06 | 000,015,402 | ---- | M] () -- C:\Windows\SysNative\results.xml [2012.11.01 10:52:03 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.10.24 20:30:29 | 000,309,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.24 08:08:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.10.24 08:08:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.10.23 18:53:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.10.23 18:53:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf [2012.10.23 18:26:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.10.23 15:33:45 | 000,057,035 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.10.23 15:33:45 | 000,057,035 | ---- | M] () -- C:\Windows\SysNative\license.rtf ========== Files Created - No Company Name ========== [2012.11.14 18:57:25 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable [2012.11.11 11:07:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.11.10 08:37:27 | 000,001,593 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF [2012.11.08 18:26:40 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF [2012.11.02 09:06:02 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2012.11.02 09:06:02 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.11.02 09:06:02 | 000,867,020 | ---- | C] () -- C:\Windows\SysNative\igkrng575.bin [2012.11.02 09:06:02 | 000,059,243 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp [2012.11.02 09:06:02 | 000,059,174 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp [2012.11.02 09:06:02 | 000,059,062 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp [2012.11.02 09:06:02 | 000,017,488 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp [2012.11.02 09:06:02 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp [2012.11.02 09:06:01 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll [2012.11.02 09:06:00 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.11.02 09:06:00 | 000,105,608 | ---- | C] () -- C:\Windows\SysNative\igfcg575m.bin [2012.11.02 09:05:55 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.11.02 09:05:54 | 000,211,303 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources [2012.11.02 09:05:54 | 000,198,139 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources [2012.11.02 09:05:54 | 000,182,706 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources [2012.11.02 09:05:54 | 000,156,233 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources [2012.11.02 09:05:54 | 000,153,167 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources [2012.11.02 09:05:54 | 000,149,009 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources [2012.11.02 09:05:54 | 000,140,216 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources [2012.11.02 09:05:54 | 000,138,727 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources [2012.11.02 09:05:54 | 000,137,846 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources [2012.11.02 09:05:54 | 000,137,668 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources [2012.11.02 09:05:54 | 000,136,603 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources [2012.11.02 09:05:54 | 000,135,628 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources [2012.11.02 09:05:54 | 000,135,370 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources [2012.11.02 09:05:54 | 000,134,836 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources [2012.11.02 09:05:54 | 000,134,412 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources [2012.11.02 09:05:54 | 000,134,384 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources [2012.11.02 09:05:54 | 000,133,846 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources [2012.11.02 09:05:54 | 000,133,709 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources [2012.11.02 09:05:54 | 000,133,404 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources [2012.11.02 09:05:54 | 000,133,178 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources [2012.11.02 09:05:54 | 000,132,889 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources [2012.11.02 09:05:54 | 000,132,788 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources [2012.11.02 09:05:54 | 000,131,839 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources [2012.11.02 09:05:54 | 000,128,996 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources [2012.11.02 09:05:54 | 000,128,831 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources [2012.11.02 09:05:54 | 000,128,535 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources [2012.11.02 09:05:54 | 000,124,056 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources [2012.11.02 09:05:54 | 000,117,636 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources [2012.11.02 09:05:54 | 000,116,348 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources [2012.10.28 10:58:09 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.25 10:42:32 | 000,001,295 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2012a.lnk [2012.10.25 10:42:19 | 000,000,552 | ---- | C] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job [2012.10.25 09:09:10 | 000,007,641 | ---- | C] () -- C:\Users\Matthias\AppData\Local\Resmon.ResmonCfg [2012.10.24 18:56:06 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2012.10.24 18:54:06 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2012.10.24 18:53:49 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2012.10.24 18:53:49 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2012.10.24 18:53:22 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2012.10.24 18:53:22 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2012.10.24 08:08:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.10.24 08:08:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.10.23 19:16:49 | 000,002,476 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools.lnk [2012.10.23 19:16:49 | 000,002,088 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Device Experience.lnk [2012.10.23 19:07:35 | 000,015,402 | ---- | C] () -- C:\Windows\SysNative\results.xml [2012.10.23 18:54:39 | 000,000,661 | ---- | C] () -- C:\Windows\SysNative\VoipUpdate.ini [2012.10.23 18:53:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.10.23 18:53:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf [2012.10.23 18:52:43 | 001,048,576 | ---- | C] () -- C:\Windows\SysNative\syndata.bin [2012.10.23 18:26:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.10.23 16:11:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.10.23 16:09:48 | 000,002,147 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2012.10.23 16:06:37 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.10.23 16:06:35 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.10.23 16:06:35 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\BRADM10A.DAT [2012.10.23 15:45:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.10.23 15:42:00 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.10.23 15:37:56 | 000,001,405 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.10.23 15:37:51 | 000,001,439 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.10.23 15:33:39 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.10.23 15:33:30 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.10.23 15:30:02 | 3060,535,296 | -HS- | C] () -- C:\hiberfil.sys [2010.11.29 04:21:32 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.24 08:42:48 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PwrMgr [2012.10.25 19:13:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\xm1 ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.11.2012 18:58:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 59,20% Memory free
7,60 Gb Paging File | 5,90 Gb Available in Paging File | 77,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 37,68 Gb Free Space | 48,23% Space Free | Partition Type: NTFS
Drive D: | 219,87 Gb Total Space | 166,90 Gb Free Space | 75,91% Space Free | Partition Type: NTFS
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0665C349-B7A9-4FA0-8DEB-3B61B0BDB8E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BC454D9-630C-45C8-AC2A-27FEBB1E8FD0}" = rport=137 | protocol=17 | dir=out | app=system |
"{1FC1E758-61BC-4099-9F25-78959B3FAB38}" = lport=138 | protocol=17 | dir=in | app=system |
"{220B8E76-24C2-4BF1-83A4-1239FF9DEFB5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22C570B2-79D7-4F69-8229-F5368B80CE33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{292A6758-C819-49FD-84F4-07F388665DEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E4F4980-864E-4359-AEAC-36A8B0212A68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3BCE1CE0-32A4-4EB2-B2B1-BCED7BF5E31F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3CC920AB-3597-450E-B6A1-2EDBAA5C1542}" = lport=10243 | protocol=6 | dir=in | app=system |
"{42D0227D-5108-4C22-9ECE-D0ABE8B0D585}" = rport=445 | protocol=6 | dir=out | app=system |
"{5D7AEE08-0BF1-4EA3-A515-7C136A05AC3A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E062CD4-219F-4D9B-A58F-50E06AF87D04}" = lport=139 | protocol=6 | dir=in | app=system |
"{6251D685-5D32-49DE-8352-D7E1FB4336F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63FCD4E4-2DC7-4C12-BD8E-C5ECFDC76238}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B66F923-951A-494E-AE78-335FC66878D4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7F93A383-B91F-4F15-A8DF-74A58D78490C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82AEDF4D-DE65-4E95-A8C0-471BBFEE3899}" = rport=139 | protocol=6 | dir=out | app=system |
"{840C10AA-B42A-4294-A8F6-137AE45F26F5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{945949CA-D0EB-4E12-84F5-EB16688EACE6}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B12597B-2949-4DC5-94B0-8017F8C5331D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AEA0C01B-85F3-4E6D-8080-D08F673DBDAB}" = rport=138 | protocol=17 | dir=out | app=system |
"{C7283C0E-959B-48E3-BE0D-E07322583435}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{DD2B6880-F547-4CDC-B1B2-321C72F5771E}" = lport=445 | protocol=6 | dir=in | app=system |
"{E27B15DB-1893-475A-95FA-3BE0FD456213}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03892981-C5D5-44F4-AC3F-33D6D3258A63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0FF20371-DE7C-4F5C-8161-73E68A599593}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{14AAC2B3-0126-47FB-B17F-B9539F6D5762}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{157A6FB3-8026-476C-9ED2-A57036796AAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{32FC5A87-B462-457C-8EFF-DB2ED24E5E80}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38F9C534-C89A-452E-9916-F894614BD973}" = protocol=6 | dir=out | app=system |
"{4DFB7098-0F24-4FDD-A6A8-E26C8875A210}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6119F3AB-3BFA-4F64-BA8D-22EF24D5DB52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63D86690-1FEF-47F0-8FCE-ADF5F6824A8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65C9FE2A-4244-4728-AD0C-1843529AAF83}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{670525D0-82E9-4EDE-BF12-9F58609C9CD0}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{69EBC23C-D65F-4974-9214-1277532E5698}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{76C122BB-8B51-4776-A4FD-8FFF2402F226}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E8BBDDB-016E-45AF-9280-C1BF5C2CF0A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9066631D-5495-4391-99A7-629B3C837DBD}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{A3D95094-473F-4774-8239-3B5FB636543A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A7E13FA8-C14B-4F8D-96BE-2F9E4D432265}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{B2B8580B-C925-43BD-8898-C0B72D0B3D51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C01897F7-2E3F-486C-99EA-26E7E4A0EEB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C27B9BC9-24EE-4147-A77B-7B0EA1786F19}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C83A356C-DD4E-4338-9A91-C2398773EBD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8580890-2CFC-494D-AEBE-A580827EBF73}" = dir=in | app=c:\users\matthias\appdata\local\microsoft\skydrive\skydrive.exe |
"{C96B2392-83F3-4279-A690-E5ECE8F91137}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{CE2FC17E-268A-4FBD-8033-5B115AC11D1E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DB1A7561-BA68-4AAC-8607-F8523FCF1D19}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E7A2DC55-ACD5-4814-9262-A48D9FC59971}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E9861D48-31AD-4DE6-804D-B68A99B23934}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{EF8976AA-2A19-4542-9B2B-16051851569F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FA1913DF-1B97-4284-92AC-6AAEBEA7575B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA3FCEBC-B610-4E9F-9160-C5A84C62D08F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi-Software
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"ISD Tablet Driver" = ISD Tablett
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Matlab R2012a" = MATLAB R2012a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26903C89-780A-463E-8CBD-E47A73927254}" = Treiber für ThinkPad-Tabletttasten
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7060D
"{5EC929E1-FE50-41DE-90CF-10041E558C79}" = StarMoney 8.0 S-Edition
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8AC04B19-F01D-49E2-B5E3-4025B7A4B07A}" = StarMoney
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.ONENOTER_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.ONENOTER_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.ONENOTER_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.ONENOTER_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.ONENOTER_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.ONENOTER_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.ONENOTER_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.ONENOTER_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.ONENOTER_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2010
"{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{993B26A3-3BA8-4EA5-9099-E96C1BF236AF}" = StarMoney
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9a2db59f-091a-40b4-958d-1c8264624126}" = ThinkPad - Menü für Tablettverknüpfungen
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.48
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.ONENOTER" = Microsoft OneNote 2010
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OUTLOOKR" = Microsoft Office Outlook 2007
"Texmaker" = Texmaker
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2012 05:54:03 | Computer Name = Matthias-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 14.11.2012 05:54:03 | Computer Name = Matthias-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 14.11.2012 05:54:03 | Computer Name = Matthias-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 14.11.2012 05:54:03 | Computer Name = Matthias-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 14.11.2012 11:54:00 | Computer Name = Matthias-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 14.11.2012 11:54:00 | Computer Name = Matthias-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 14.11.2012 11:54:00 | Computer Name = Matthias-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path name Fehler bei der Überprüfung.
Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 14.11.2012 11:54:03 | Computer Name = Matthias-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 14.11.2012 11:54:03 | Computer Name = Matthias-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 14.11.2012 11:54:03 | Computer Name = Matthias-PC | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
[ OSession Events ]
Error - 07.11.2012 13:07:43 | Computer Name = Matthias-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 2241 seconds with 720 seconds of active time. This session ended with a
crash.
[ System Events ]
Error - 14.11.2012 11:52:16 | Computer Name = Matthias-PC | Source = WISDPen | ID = 327936
Description =
Error - 14.11.2012 11:52:16 | Computer Name = Matthias-PC | Source = WISDPen | ID = 327936
Description =
Error - 14.11.2012 11:52:16 | Computer Name = Matthias-PC | Source = WISDPen | ID = 327936
Description =
Error - 14.11.2012 11:52:16 | Computer Name = Matthias-PC | Source = WISDPen | ID = 327936
Description =
Error - 14.11.2012 11:52:16 | Computer Name = Matthias-PC | Source = WISDPen | ID = 327936
Description =
Error - 14.11.2012 11:52:16 | Computer Name = Matthias-PC | Source = WISDPen | ID = 327936
Description =
Error - 14.11.2012 11:52:16 | Computer Name = Matthias-PC | Source = WISDPen | ID = 327936
Description =
Error - 14.11.2012 11:52:16 | Computer Name = Matthias-PC | Source = WISDPen | ID = 327936
Description =
Error - 14.11.2012 11:52:16 | Computer Name = Matthias-PC | Source = WISDPen | ID = 327936
Description =
Error - 14.11.2012 11:52:16 | Computer Name = Matthias-PC | Source = WISDPen | ID = 327936
Description =
< End of report >
|
|
14.11.2012, 20:39
| #2 | |
| /// TB-Ausbilder  | svchost.exe verursacht ständig Netzwerktraffic Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Schritt 1: Scan mit aswMBR Schritt 2: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
__________________ |
|
14.11.2012, 21:38
| #3 |
| Account geschlossen | svchost.exe verursacht ständig Netzwerktraffic Hallo ryder,
__________________vielen dank dafür, dass du mir helfen möchtest. Schritt 1: Ist leider fehlgeschlagen. Folgende Fehlermeldung ist aufgetreten: avast! Antirootkit funktioniert nicht mehr. Wird aufgrund eines Problems nicht richtig ausgeführt. Schritt 2: Code:
ATTFilter 21:34:57.0482 5564 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:34:57.0778 5564 ============================================================
21:34:57.0778 5564 Current date / time: 2012/11/14 21:34:57.0778
21:34:57.0778 5564 SystemInfo:
21:34:57.0778 5564
21:34:57.0778 5564 OS Version: 6.1.7601 ServicePack: 1.0
21:34:57.0778 5564 Product type: Workstation
21:34:57.0778 5564 ComputerName: MATTHIAS-PC
21:34:57.0778 5564 UserName: Matthias
21:34:57.0778 5564 Windows directory: C:\Windows
21:34:57.0778 5564 System windows directory: C:\Windows
21:34:57.0778 5564 Running under WOW64
21:34:57.0778 5564 Processor architecture: Intel x64
21:34:57.0778 5564 Number of processors: 4
21:34:57.0778 5564 Page size: 0x1000
21:34:57.0778 5564 Boot type: Normal boot
21:34:57.0778 5564 ============================================================
21:34:58.0464 5564 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
21:34:58.0464 5564 ============================================================
21:34:58.0464 5564 \Device\Harddisk0\DR0:
21:34:58.0480 5564 MBR partitions:
21:34:58.0480 5564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:34:58.0480 5564 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9C40000
21:34:58.0480 5564 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9C72800, BlocksNum 0x1B7BB800
21:34:58.0480 5564 ============================================================
21:34:58.0496 5564 C: <-> \Device\Harddisk0\DR0\Partition2
21:34:58.0527 5564 D: <-> \Device\Harddisk0\DR0\Partition3
21:34:58.0527 5564 ============================================================
21:34:58.0527 5564 Initialize success
21:34:58.0527 5564 ============================================================
21:35:13.0035 2456 ============================================================
21:35:13.0035 2456 Scan started
21:35:13.0035 2456 Mode: Manual; TDLFS;
21:35:13.0035 2456 ============================================================
21:35:13.0518 2456 ================ Scan system memory ========================
21:35:13.0518 2456 System memory - ok
21:35:13.0518 2456 ================ Scan services =============================
21:35:13.0674 2456 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:35:13.0690 2456 1394ohci - ok
21:35:13.0737 2456 [ 0839005949EA2DA7E9420A66614C6649 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
21:35:13.0737 2456 5U877 - ok
21:35:13.0752 2456 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:35:13.0768 2456 ACPI - ok
21:35:13.0784 2456 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:35:13.0784 2456 AcpiPmi - ok
21:35:13.0893 2456 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:35:13.0893 2456 AdobeFlashPlayerUpdateSvc - ok
21:35:13.0940 2456 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:35:13.0940 2456 adp94xx - ok
21:35:13.0955 2456 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:35:13.0955 2456 adpahci - ok
21:35:13.0971 2456 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:35:13.0971 2456 adpu320 - ok
21:35:14.0018 2456 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:35:14.0018 2456 AeLookupSvc - ok
21:35:14.0064 2456 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:35:14.0064 2456 AFD - ok
21:35:14.0096 2456 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:35:14.0096 2456 agp440 - ok
21:35:14.0111 2456 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:35:14.0111 2456 ALG - ok
21:35:14.0127 2456 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:35:14.0127 2456 aliide - ok
21:35:14.0142 2456 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:35:14.0142 2456 amdide - ok
21:35:14.0158 2456 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:35:14.0174 2456 AmdK8 - ok
21:35:14.0174 2456 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:35:14.0174 2456 AmdPPM - ok
21:35:14.0189 2456 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:35:14.0189 2456 amdsata - ok
21:35:14.0220 2456 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:35:14.0220 2456 amdsbs - ok
21:35:14.0236 2456 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:35:14.0236 2456 amdxata - ok
21:35:14.0267 2456 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:35:14.0283 2456 AppID - ok
21:35:14.0298 2456 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:35:14.0298 2456 AppIDSvc - ok
21:35:14.0345 2456 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:35:14.0345 2456 Appinfo - ok
21:35:14.0470 2456 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:35:14.0470 2456 Apple Mobile Device - ok
21:35:14.0532 2456 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:35:14.0532 2456 AppMgmt - ok
21:35:14.0564 2456 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:35:14.0564 2456 arc - ok
21:35:14.0564 2456 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:35:14.0564 2456 arcsas - ok
21:35:14.0626 2456 [ EAE432A64924CE4E5AFB128B92E4C78A ] ASRSVC C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe
21:35:14.0626 2456 ASRSVC - ok
21:35:14.0657 2456 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
21:35:14.0657 2456 aswFsBlk - ok
21:35:14.0720 2456 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
21:35:14.0720 2456 aswMonFlt - ok
21:35:14.0751 2456 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
21:35:14.0751 2456 aswRdr - ok
21:35:14.0798 2456 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
21:35:14.0829 2456 aswSnx - ok
21:35:14.0876 2456 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
21:35:14.0891 2456 aswSP - ok
21:35:14.0907 2456 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
21:35:14.0907 2456 aswTdi - ok
21:35:14.0922 2456 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:14.0922 2456 AsyncMac - ok
21:35:14.0969 2456 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:35:14.0985 2456 atapi - ok
21:35:15.0032 2456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:35:15.0047 2456 AudioEndpointBuilder - ok
21:35:15.0078 2456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:35:15.0094 2456 AudioSrv - ok
21:35:15.0156 2456 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:35:15.0156 2456 avast! Antivirus - ok
21:35:15.0219 2456 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:35:15.0234 2456 AxInstSV - ok
21:35:15.0266 2456 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:35:15.0266 2456 b06bdrv - ok
21:35:15.0281 2456 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:35:15.0281 2456 b57nd60a - ok
21:35:15.0328 2456 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:35:15.0328 2456 BDESVC - ok
21:35:15.0344 2456 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:35:15.0344 2456 Beep - ok
21:35:15.0406 2456 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:35:15.0422 2456 BFE - ok
21:35:15.0453 2456 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:35:15.0484 2456 BITS - ok
21:35:15.0500 2456 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:35:15.0500 2456 blbdrive - ok
21:35:15.0562 2456 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:35:15.0562 2456 bowser - ok
21:35:15.0578 2456 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:35:15.0578 2456 BrFiltLo - ok
21:35:15.0593 2456 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:35:15.0593 2456 BrFiltUp - ok
21:35:15.0624 2456 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:35:15.0624 2456 Browser - ok
21:35:15.0640 2456 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:35:15.0640 2456 Brserid - ok
21:35:15.0671 2456 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:35:15.0671 2456 BrSerWdm - ok
21:35:15.0687 2456 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:35:15.0687 2456 BrUsbMdm - ok
21:35:15.0687 2456 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:35:15.0687 2456 BrUsbSer - ok
21:35:15.0734 2456 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
21:35:15.0734 2456 BrYNSvc - ok
21:35:15.0749 2456 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:35:15.0765 2456 BTHMODEM - ok
21:35:15.0796 2456 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:35:15.0796 2456 bthserv - ok
21:35:15.0812 2456 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:35:15.0812 2456 cdfs - ok
21:35:15.0843 2456 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:35:15.0858 2456 cdrom - ok
21:35:15.0905 2456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:35:15.0905 2456 CertPropSvc - ok
21:35:15.0936 2456 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:35:15.0936 2456 circlass - ok
21:35:15.0983 2456 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:35:15.0999 2456 CLFS - ok
21:35:16.0124 2456 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:35:16.0124 2456 clr_optimization_v2.0.50727_32 - ok
21:35:16.0186 2456 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:35:16.0186 2456 clr_optimization_v2.0.50727_64 - ok
21:35:16.0248 2456 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:35:16.0248 2456 clr_optimization_v4.0.30319_32 - ok
21:35:16.0280 2456 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:35:16.0280 2456 clr_optimization_v4.0.30319_64 - ok
21:35:16.0295 2456 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:35:16.0295 2456 CmBatt - ok
21:35:16.0326 2456 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:35:16.0342 2456 cmdide - ok
21:35:16.0373 2456 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
21:35:16.0389 2456 CNG - ok
21:35:16.0436 2456 [ 22BC1C27274D1CB1C3A8C14CDBA0CDF2 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
21:35:16.0451 2456 CnxtHdAudService - ok
21:35:16.0451 2456 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:35:16.0467 2456 Compbatt - ok
21:35:16.0498 2456 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:35:16.0498 2456 CompositeBus - ok
21:35:16.0514 2456 COMSysApp - ok
21:35:16.0529 2456 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:35:16.0529 2456 crcdisk - ok
21:35:16.0560 2456 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:35:16.0576 2456 CryptSvc - ok
21:35:16.0623 2456 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:35:16.0623 2456 CSC - ok
21:35:16.0670 2456 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:35:16.0701 2456 CscService - ok
21:35:16.0748 2456 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
21:35:16.0748 2456 CVirtA - ok
21:35:16.0779 2456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:35:16.0810 2456 DcomLaunch - ok
21:35:16.0841 2456 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:35:16.0841 2456 defragsvc - ok
21:35:16.0872 2456 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:35:16.0872 2456 DfsC - ok
21:35:16.0904 2456 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:35:16.0919 2456 Dhcp - ok
21:35:16.0950 2456 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:35:16.0950 2456 discache - ok
21:35:16.0950 2456 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:35:16.0966 2456 Disk - ok
21:35:17.0013 2456 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
21:35:17.0013 2456 DNE - ok
21:35:17.0060 2456 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:35:17.0060 2456 Dnscache - ok
21:35:17.0091 2456 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:35:17.0106 2456 dot3svc - ok
21:35:17.0153 2456 [ 9597BCB69286FF017DB1A0FB8144408D ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
21:35:17.0153 2456 DozeSvc - ok
21:35:17.0216 2456 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:35:17.0216 2456 DPS - ok
21:35:17.0262 2456 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:35:17.0262 2456 drmkaud - ok
21:35:17.0309 2456 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:35:17.0340 2456 DXGKrnl - ok
21:35:17.0356 2456 [ 3CE83D7EE95D9C9F03323810A2E747DF ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
21:35:17.0356 2456 DzHDD64 - ok
21:35:17.0387 2456 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:35:17.0387 2456 EapHost - ok
21:35:17.0481 2456 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:35:17.0574 2456 ebdrv - ok
21:35:17.0606 2456 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:35:17.0606 2456 EFS - ok
21:35:17.0699 2456 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:35:17.0730 2456 ehRecvr - ok
21:35:17.0762 2456 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:35:17.0762 2456 ehSched - ok
21:35:17.0793 2456 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:35:17.0808 2456 elxstor - ok
21:35:17.0840 2456 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:35:17.0840 2456 ErrDev - ok
21:35:17.0871 2456 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:35:17.0886 2456 EventSystem - ok
21:35:17.0949 2456 [ 6EB16C7286FBCD3AB206743BA813EC48 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:35:17.0980 2456 EvtEng - ok
21:35:17.0996 2456 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:35:17.0996 2456 exfat - ok
21:35:18.0011 2456 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:35:18.0027 2456 fastfat - ok
21:35:18.0105 2456 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:35:18.0136 2456 Fax - ok
21:35:18.0152 2456 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:35:18.0152 2456 fdc - ok
21:35:18.0183 2456 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:35:18.0183 2456 fdPHost - ok
21:35:18.0198 2456 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:35:18.0198 2456 FDResPub - ok
21:35:18.0230 2456 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:35:18.0230 2456 FileInfo - ok
21:35:18.0230 2456 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:35:18.0245 2456 Filetrace - ok
21:35:18.0261 2456 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:35:18.0261 2456 flpydisk - ok
21:35:18.0276 2456 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:35:18.0276 2456 FltMgr - ok
21:35:18.0339 2456 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:35:18.0354 2456 FontCache - ok
21:35:18.0401 2456 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:35:18.0401 2456 FontCache3.0.0.0 - ok
21:35:18.0417 2456 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:35:18.0417 2456 FsDepends - ok
21:35:18.0448 2456 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:35:18.0448 2456 Fs_Rec - ok
21:35:18.0495 2456 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:35:18.0495 2456 fvevol - ok
21:35:18.0526 2456 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:35:18.0526 2456 gagp30kx - ok
21:35:18.0542 2456 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:35:18.0542 2456 GEARAspiWDM - ok
21:35:18.0588 2456 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:35:18.0620 2456 gpsvc - ok
21:35:18.0651 2456 [ 943350B87BB0339BF61343E8AC3EF25E ] HBtnKey C:\Windows\system32\DRIVERS\wstbtndb.sys
21:35:18.0666 2456 HBtnKey - ok
21:35:18.0682 2456 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:35:18.0682 2456 hcw85cir - ok
21:35:18.0713 2456 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:35:18.0729 2456 HdAudAddService - ok
21:35:18.0744 2456 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:35:18.0760 2456 HDAudBus - ok
21:35:18.0776 2456 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:35:18.0791 2456 HECIx64 - ok
21:35:18.0807 2456 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:35:18.0807 2456 HidBatt - ok
21:35:18.0822 2456 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:35:18.0822 2456 HidBth - ok
21:35:18.0838 2456 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:35:18.0838 2456 HidIr - ok
21:35:18.0854 2456 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:35:18.0869 2456 hidserv - ok
21:35:18.0885 2456 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:35:18.0885 2456 HidUsb - ok
21:35:18.0916 2456 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:35:18.0932 2456 hkmsvc - ok
21:35:18.0963 2456 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:35:18.0963 2456 HomeGroupListener - ok
21:35:19.0025 2456 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:35:19.0041 2456 HomeGroupProvider - ok
21:35:19.0056 2456 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:35:19.0072 2456 HpSAMD - ok
21:35:19.0119 2456 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:35:19.0134 2456 HTTP - ok
21:35:19.0166 2456 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:35:19.0181 2456 hwpolicy - ok
21:35:19.0212 2456 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:35:19.0212 2456 i8042prt - ok
21:35:19.0244 2456 [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:35:19.0259 2456 iaStor - ok
21:35:19.0290 2456 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:35:19.0306 2456 iaStorV - ok
21:35:19.0337 2456 [ 16A43ABB5A334C7842F4A60CF9FF8041 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:35:19.0337 2456 IBMPMDRV - ok
21:35:19.0353 2456 [ 32B778CCF1F3B1458EDDA98FB8431EAC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
21:35:19.0368 2456 IBMPMSVC - ok
21:35:19.0400 2456 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:35:19.0431 2456 idsvc - ok
21:35:19.0712 2456 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:35:19.0977 2456 igfx - ok
21:35:20.0008 2456 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:35:20.0008 2456 iirsp - ok
21:35:20.0055 2456 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:35:20.0086 2456 IKEEXT - ok
21:35:20.0102 2456 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
21:35:20.0102 2456 Impcd - ok
21:35:20.0133 2456 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:35:20.0133 2456 IntcDAud - ok
21:35:20.0180 2456 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:35:20.0180 2456 intelide - ok
21:35:20.0195 2456 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:35:20.0195 2456 intelppm - ok
21:35:20.0226 2456 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:35:20.0226 2456 IPBusEnum - ok
21:35:20.0258 2456 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:20.0258 2456 IpFilterDriver - ok
21:35:20.0289 2456 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:35:20.0304 2456 iphlpsvc - ok
21:35:20.0351 2456 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:35:20.0351 2456 IPMIDRV - ok
21:35:20.0382 2456 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:35:20.0382 2456 IPNAT - ok
21:35:20.0460 2456 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:35:20.0476 2456 iPod Service - ok
21:35:20.0492 2456 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:35:20.0492 2456 IRENUM - ok
21:35:20.0507 2456 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:35:20.0507 2456 isapnp - ok
21:35:20.0538 2456 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:35:20.0538 2456 iScsiPrt - ok
21:35:20.0570 2456 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:35:20.0570 2456 kbdclass - ok
21:35:20.0585 2456 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:35:20.0585 2456 kbdhid - ok
21:35:20.0601 2456 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:35:20.0601 2456 KeyIso - ok
21:35:20.0632 2456 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:35:20.0632 2456 KSecDD - ok
21:35:20.0679 2456 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:35:20.0679 2456 KSecPkg - ok
21:35:20.0694 2456 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:35:20.0694 2456 ksthunk - ok
21:35:20.0710 2456 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:35:20.0726 2456 KtmRm - ok
21:35:20.0757 2456 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:35:20.0772 2456 LanmanServer - ok
21:35:20.0804 2456 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:35:20.0804 2456 LanmanWorkstation - ok
21:35:20.0866 2456 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
21:35:20.0866 2456 LENOVO.MICMUTE - ok
21:35:20.0882 2456 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
21:35:20.0882 2456 lenovo.smi - ok
21:35:20.0897 2456 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
21:35:20.0897 2456 Lenovo.VIRTSCRLSVC - ok
21:35:20.0913 2456 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:35:20.0913 2456 lltdio - ok
21:35:20.0944 2456 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:35:20.0960 2456 lltdsvc - ok
21:35:20.0975 2456 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:35:20.0975 2456 lmhosts - ok
21:35:21.0084 2456 [ 25884CA77F8D926B69167BC231D3726E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:35:21.0100 2456 LMS - ok
21:35:21.0116 2456 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:35:21.0116 2456 LSI_FC - ok
21:35:21.0116 2456 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:35:21.0116 2456 LSI_SAS - ok
21:35:21.0131 2456 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:35:21.0131 2456 LSI_SAS2 - ok
21:35:21.0147 2456 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:35:21.0147 2456 LSI_SCSI - ok
21:35:21.0147 2456 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:35:21.0162 2456 luafv - ok
21:35:21.0178 2456 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:35:21.0194 2456 Mcx2Svc - ok
21:35:21.0194 2456 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:35:21.0194 2456 megasas - ok
21:35:21.0225 2456 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:35:21.0240 2456 MegaSR - ok
21:35:21.0240 2456 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:35:21.0256 2456 MMCSS - ok
21:35:21.0272 2456 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:35:21.0272 2456 Modem - ok
21:35:21.0303 2456 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:35:21.0303 2456 monitor - ok
21:35:21.0334 2456 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:35:21.0334 2456 mouclass - ok
21:35:21.0350 2456 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:35:21.0350 2456 mouhid - ok
21:35:21.0381 2456 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:35:21.0381 2456 mountmgr - ok
21:35:21.0428 2456 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:35:21.0428 2456 MozillaMaintenance - ok
21:35:21.0459 2456 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:35:21.0474 2456 mpio - ok
21:35:21.0474 2456 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:35:21.0474 2456 mpsdrv - ok
21:35:21.0568 2456 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:35:21.0584 2456 MpsSvc - ok
21:35:21.0615 2456 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:35:21.0630 2456 MRxDAV - ok
21:35:21.0662 2456 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:21.0662 2456 mrxsmb - ok
21:35:21.0677 2456 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:21.0677 2456 mrxsmb10 - ok
21:35:21.0693 2456 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:21.0693 2456 mrxsmb20 - ok
21:35:21.0724 2456 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:35:21.0740 2456 msahci - ok
21:35:21.0740 2456 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:35:21.0755 2456 msdsm - ok
21:35:21.0755 2456 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:35:21.0771 2456 MSDTC - ok
21:35:21.0786 2456 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:35:21.0786 2456 Msfs - ok
21:35:21.0802 2456 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:35:21.0802 2456 mshidkmdf - ok
21:35:21.0818 2456 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:35:21.0833 2456 msisadrv - ok
21:35:21.0864 2456 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:35:21.0864 2456 MSiSCSI - ok
21:35:21.0864 2456 msiserver - ok
21:35:21.0896 2456 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:35:21.0896 2456 MSKSSRV - ok
21:35:21.0911 2456 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:21.0911 2456 MSPCLOCK - ok
21:35:21.0927 2456 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:35:21.0927 2456 MSPQM - ok
21:35:21.0989 2456 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:35:22.0036 2456 MsRPC - ok
21:35:22.0067 2456 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:35:22.0067 2456 mssmbios - ok
21:35:22.0083 2456 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:35:22.0083 2456 MSTEE - ok
21:35:22.0098 2456 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:35:22.0098 2456 MTConfig - ok
21:35:22.0098 2456 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:35:22.0098 2456 Mup - ok
21:35:22.0130 2456 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:35:22.0145 2456 napagent - ok
21:35:22.0161 2456 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:35:22.0176 2456 NativeWifiP - ok
21:35:22.0223 2456 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:35:22.0239 2456 NDIS - ok
21:35:22.0254 2456 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:35:22.0270 2456 NdisCap - ok
21:35:22.0270 2456 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:22.0286 2456 NdisTapi - ok
21:35:22.0301 2456 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:22.0301 2456 Ndisuio - ok
21:35:22.0332 2456 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:22.0332 2456 NdisWan - ok
21:35:22.0364 2456 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:35:22.0379 2456 NDProxy - ok
21:35:22.0379 2456 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:35:22.0379 2456 NetBIOS - ok
21:35:22.0410 2456 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:35:22.0410 2456 NetBT - ok
21:35:22.0426 2456 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:35:22.0426 2456 Netlogon - ok
21:35:22.0457 2456 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:35:22.0473 2456 Netman - ok
21:35:22.0504 2456 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:35:22.0520 2456 netprofm - ok
21:35:22.0551 2456 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:35:22.0551 2456 NetTcpPortSharing - ok
21:35:22.0910 2456 [ 219A40EEEA50D638BA9D08680C354A0C ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
21:35:23.0175 2456 NETwNs64 - ok
21:35:23.0222 2456 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:35:23.0222 2456 nfrd960 - ok
21:35:23.0253 2456 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:35:23.0268 2456 NlaSvc - ok
21:35:23.0268 2456 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:35:23.0268 2456 Npfs - ok
21:35:23.0300 2456 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:35:23.0315 2456 nsi - ok
21:35:23.0315 2456 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:35:23.0315 2456 nsiproxy - ok
21:35:23.0378 2456 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:35:23.0440 2456 Ntfs - ok
21:35:23.0456 2456 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:35:23.0456 2456 Null - ok
21:35:23.0487 2456 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:35:23.0487 2456 nvraid - ok
21:35:23.0534 2456 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:35:23.0534 2456 nvstor - ok
21:35:23.0565 2456 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:35:23.0580 2456 nv_agp - ok
21:35:23.0690 2456 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:35:23.0705 2456 odserv - ok
21:35:23.0736 2456 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:35:23.0736 2456 ohci1394 - ok
21:35:23.0783 2456 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:35:23.0783 2456 ose - ok
21:35:23.0986 2456 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:35:24.0126 2456 osppsvc - ok
21:35:24.0158 2456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:35:24.0173 2456 p2pimsvc - ok
21:35:24.0204 2456 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:35:24.0204 2456 p2psvc - ok
21:35:24.0236 2456 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:35:24.0236 2456 Parport - ok
21:35:24.0267 2456 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:35:24.0267 2456 partmgr - ok
21:35:24.0282 2456 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:35:24.0298 2456 PcaSvc - ok
21:35:24.0329 2456 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:35:24.0329 2456 pci - ok
21:35:24.0360 2456 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:35:24.0360 2456 pciide - ok
21:35:24.0376 2456 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:35:24.0376 2456 pcmcia - ok
21:35:24.0392 2456 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:35:24.0392 2456 pcw - ok
21:35:24.0423 2456 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:35:24.0438 2456 PEAUTH - ok
21:35:24.0501 2456 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:35:24.0533 2456 PeerDistSvc - ok
21:35:24.0595 2456 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:35:24.0611 2456 PerfHost - ok
21:35:24.0767 2456 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:35:24.0798 2456 pla - ok
21:35:24.0845 2456 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:35:24.0861 2456 PlugPlay - ok
21:35:24.0892 2456 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:35:24.0892 2456 PNRPAutoReg - ok
21:35:24.0923 2456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:35:24.0939 2456 PNRPsvc - ok
21:35:24.0970 2456 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:35:24.0985 2456 PolicyAgent - ok
21:35:25.0048 2456 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
21:35:25.0048 2456 Power - ok
21:35:25.0141 2456 [ DEED60F99C5B8E386D507860F600D509 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
21:35:25.0188 2456 Power Manager DBC Service - ok
21:35:25.0219 2456 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:35:25.0219 2456 PptpMiniport - ok
21:35:25.0251 2456 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:35:25.0251 2456 Processor - ok
21:35:25.0297 2456 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:35:25.0297 2456 ProfSvc - ok
21:35:25.0313 2456 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:35:25.0329 2456 ProtectedStorage - ok
21:35:25.0360 2456 [ 0D8A7E27BB8697EE4191BD1094C30F01 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
21:35:25.0375 2456 psadd - ok
21:35:25.0407 2456 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:35:25.0407 2456 Psched - ok
21:35:25.0453 2456 [ 68DCE950DCD2ABBB82362D383EC5836E ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
21:35:25.0516 2456 PwmEWSvc - ok
21:35:25.0578 2456 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:35:25.0609 2456 ql2300 - ok
21:35:25.0625 2456 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:35:25.0641 2456 ql40xx - ok
21:35:25.0687 2456 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:35:25.0687 2456 QWAVE - ok
21:35:25.0703 2456 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:35:25.0703 2456 QWAVEdrv - ok
21:35:25.0750 2456 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:35:25.0750 2456 RasAcd - ok
21:35:25.0781 2456 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:35:25.0781 2456 RasAgileVpn - ok
21:35:25.0828 2456 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:35:25.0828 2456 RasAuto - ok
21:35:25.0875 2456 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:35:25.0875 2456 Rasl2tp - ok
21:35:25.0906 2456 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:35:25.0921 2456 RasMan - ok
21:35:25.0937 2456 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:35:25.0937 2456 RasPppoe - ok
21:35:25.0937 2456 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:35:25.0953 2456 RasSstp - ok
21:35:25.0968 2456 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:35:25.0968 2456 rdbss - ok
21:35:25.0984 2456 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:35:25.0984 2456 rdpbus - ok
21:35:25.0999 2456 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:35:25.0999 2456 RDPCDD - ok
21:35:26.0046 2456 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:35:26.0046 2456 RDPDR - ok
21:35:26.0062 2456 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:35:26.0062 2456 RDPENCDD - ok
21:35:26.0077 2456 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:35:26.0077 2456 RDPREFMP - ok
21:35:26.0140 2456 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:35:26.0140 2456 RdpVideoMiniport - ok
21:35:26.0171 2456 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:35:26.0171 2456 RDPWD - ok
21:35:26.0202 2456 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:35:26.0218 2456 rdyboost - ok
21:35:26.0249 2456 [ F09087C51C6AE42AE7DABE1EB3E44C17 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:35:26.0265 2456 RegSrvc - ok
21:35:26.0280 2456 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:35:26.0280 2456 RemoteAccess - ok
21:35:26.0311 2456 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:35:26.0327 2456 RemoteRegistry - ok
21:35:26.0327 2456 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:35:26.0343 2456 RpcEptMapper - ok
21:35:26.0358 2456 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:35:26.0358 2456 RpcLocator - ok
21:35:26.0405 2456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:35:26.0421 2456 RpcSs - ok
21:35:26.0452 2456 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:35:26.0452 2456 rspndr - ok
21:35:26.0483 2456 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:35:26.0483 2456 s3cap - ok
21:35:26.0499 2456 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:35:26.0499 2456 SamSs - ok
21:35:26.0514 2456 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:35:26.0514 2456 sbp2port - ok
21:35:26.0530 2456 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:35:26.0545 2456 SCardSvr - ok
21:35:26.0577 2456 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:35:26.0577 2456 scfilter - ok
21:35:26.0623 2456 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:35:26.0655 2456 Schedule - ok
21:35:26.0701 2456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:35:26.0717 2456 SCPolicySvc - ok
21:35:26.0733 2456 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:35:26.0733 2456 SDRSVC - ok
21:35:26.0748 2456 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:35:26.0748 2456 secdrv - ok
21:35:26.0764 2456 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:35:26.0764 2456 seclogon - ok
21:35:26.0811 2456 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:35:26.0811 2456 SENS - ok
21:35:26.0842 2456 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:35:26.0842 2456 SensrSvc - ok
21:35:26.0842 2456 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:35:26.0842 2456 Serenum - ok
21:35:26.0889 2456 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:35:26.0889 2456 Serial - ok
21:35:26.0904 2456 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:35:26.0904 2456 sermouse - ok
21:35:26.0967 2456 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:35:26.0982 2456 SessionEnv - ok
21:35:27.0013 2456 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:35:27.0013 2456 sffdisk - ok
21:35:27.0029 2456 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:35:27.0029 2456 sffp_mmc - ok
21:35:27.0045 2456 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:35:27.0045 2456 sffp_sd - ok
21:35:27.0076 2456 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:35:27.0076 2456 sfloppy - ok
21:35:27.0107 2456 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:35:27.0138 2456 SharedAccess - ok
21:35:27.0185 2456 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:35:27.0201 2456 ShellHWDetection - ok
21:35:27.0263 2456 [ 3FA2CBF653544AB4EC2249B6719A3C8E ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
21:35:27.0279 2456 Shockprf - ok
21:35:27.0294 2456 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:35:27.0294 2456 SiSRaid2 - ok
21:35:27.0310 2456 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:35:27.0310 2456 SiSRaid4 - ok
21:35:27.0325 2456 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:35:27.0325 2456 Smb - ok
21:35:27.0372 2456 [ 8B4B5E4C0382D7ECBB48DC989AE20FA6 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
21:35:27.0388 2456 SmbDrvI - ok
21:35:27.0419 2456 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:35:27.0419 2456 SNMPTRAP - ok
21:35:27.0435 2456 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:35:27.0435 2456 spldr - ok
21:35:27.0481 2456 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:35:27.0513 2456 Spooler - ok
21:35:27.0622 2456 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:35:27.0715 2456 sppsvc - ok
21:35:27.0731 2456 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:35:27.0747 2456 sppuinotify - ok
21:35:27.0778 2456 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:35:27.0793 2456 srv - ok
21:35:27.0825 2456 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:35:27.0825 2456 srv2 - ok
21:35:27.0856 2456 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:35:27.0856 2456 srvnet - ok
21:35:27.0871 2456 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:35:27.0871 2456 SSDPSRV - ok
21:35:27.0903 2456 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:35:27.0903 2456 SstpSvc - ok
21:35:28.0012 2456 [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
21:35:28.0012 2456 StarMoney 8.0 OnlineUpdate - ok
21:35:28.0074 2456 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:35:28.0074 2456 stexstor - ok
21:35:28.0137 2456 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:35:28.0152 2456 stisvc - ok
21:35:28.0183 2456 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:35:28.0199 2456 storflt - ok
21:35:28.0215 2456 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
21:35:28.0230 2456 StorSvc - ok
21:35:28.0261 2456 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:35:28.0261 2456 storvsc - ok
21:35:28.0324 2456 [ 289F4813EC8E844A18B5AAF64CDA428D ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
21:35:28.0324 2456 SUService - ok
21:35:28.0339 2456 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:35:28.0339 2456 swenum - ok
21:35:28.0371 2456 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:35:28.0402 2456 swprv - ok
21:35:28.0449 2456 [ 9A17BF37F3B2FB9B686214780E4F8223 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:35:28.0449 2456 SynTP - ok
21:35:28.0511 2456 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:35:28.0573 2456 SysMain - ok
21:35:28.0589 2456 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:35:28.0605 2456 TabletInputService - ok
21:35:28.0807 2456 [ F17FF4B4C50E44AF092737A53554EF06 ] TabletServiceISD C:\Program Files\Tablet\ISD\ISD_Tablet.exe
21:35:28.0870 2456 TabletServiceISD - ok
21:35:28.0948 2456 [ 11D71488730B872F41F2D31522EE52B8 ] TabletSVC C:\Program Files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe
21:35:28.0948 2456 TabletSVC - ok
21:35:29.0010 2456 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:35:29.0026 2456 TapiSrv - ok
21:35:29.0073 2456 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:35:29.0073 2456 TBS - ok
21:35:29.0151 2456 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:35:29.0182 2456 Tcpip - ok
21:35:29.0260 2456 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:35:29.0275 2456 TCPIP6 - ok
21:35:29.0307 2456 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:35:29.0307 2456 tcpipreg - ok
21:35:29.0338 2456 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:35:29.0338 2456 TDPIPE - ok
21:35:29.0353 2456 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:35:29.0369 2456 TDTCP - ok
21:35:29.0400 2456 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:35:29.0400 2456 tdx - ok
21:35:29.0416 2456 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:35:29.0431 2456 TermDD - ok
21:35:29.0463 2456 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:35:29.0478 2456 TermService - ok
21:35:29.0494 2456 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:35:29.0509 2456 Themes - ok
21:35:29.0525 2456 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:35:29.0541 2456 THREADORDER - ok
21:35:29.0587 2456 [ 6D8E981B1E7026AD906345DAD003435F ] TouchServiceISD C:\Program Files\Tablet\ISD\ISD_TouchService.exe
21:35:29.0587 2456 TouchServiceISD - ok
21:35:29.0619 2456 [ C6A7B3A4AA4D77520BBC3A7DB0019365 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
21:35:29.0619 2456 TPDIGIMN - ok
21:35:29.0665 2456 [ 82EF6083538F19DF83A51A433498322F ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
21:35:29.0665 2456 TPHDEXLGSVC - ok
21:35:29.0697 2456 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
21:35:29.0697 2456 TPHKLOAD - ok
21:35:29.0712 2456 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
21:35:29.0712 2456 TPHKSVC - ok
21:35:29.0743 2456 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
21:35:29.0743 2456 TPM - ok
21:35:29.0759 2456 [ 1DF6E6C026AD1D428687FE3B427A87BC ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
21:35:29.0759 2456 TPPWRIF - ok
21:35:29.0806 2456 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:35:29.0806 2456 TrkWks - ok
21:35:29.0884 2456 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:35:29.0899 2456 TrustedInstaller - ok
21:35:29.0931 2456 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:29.0931 2456 tssecsrv - ok
21:35:29.0962 2456 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:35:29.0962 2456 TsUsbFlt - ok
21:35:30.0024 2456 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:35:30.0024 2456 tunnel - ok
21:35:30.0055 2456 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:35:30.0055 2456 uagp35 - ok
21:35:30.0102 2456 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:35:30.0102 2456 udfs - ok
21:35:30.0133 2456 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:35:30.0133 2456 UI0Detect - ok
21:35:30.0149 2456 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:35:30.0165 2456 uliagpkx - ok
21:35:30.0211 2456 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:35:30.0211 2456 umbus - ok
21:35:30.0227 2456 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:35:30.0227 2456 UmPass - ok
21:35:30.0274 2456 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:35:30.0289 2456 UmRdpService - ok
21:35:30.0430 2456 [ 2B971A72C0D6BD8A710E2748353773DD ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:35:30.0508 2456 UNS - ok
21:35:30.0539 2456 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:35:30.0555 2456 upnphost - ok
21:35:30.0586 2456 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:35:30.0586 2456 USBAAPL64 - ok
21:35:30.0617 2456 [ EBF228A52517042DE4F38A40285BC8D9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:30.0617 2456 usbccgp - ok
21:35:30.0664 2456 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:35:30.0664 2456 usbcir - ok
21:35:30.0679 2456 [ 6B3D5E6A9DA786EC755B00BC180C700B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:35:30.0679 2456 usbehci - ok
21:35:30.0726 2456 [ 94ABE9DA48E466BBE84C73E0C6652ED1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:35:30.0742 2456 usbhub - ok
21:35:30.0757 2456 [ 660B2C08CE7103E71EAA26F85B0B0A56 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:35:30.0757 2456 usbohci - ok
21:35:30.0804 2456 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:35:30.0804 2456 usbprint - ok
21:35:30.0820 2456 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:35:30.0835 2456 usbscan - ok
21:35:30.0851 2456 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:30.0851 2456 USBSTOR - ok
21:35:30.0882 2456 [ 1529632FC96032D337B298F8A285D640 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:35:30.0882 2456 usbuhci - ok
21:35:30.0913 2456 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:35:30.0913 2456 usbvideo - ok
21:35:30.0945 2456 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:35:30.0960 2456 UxSms - ok
21:35:30.0976 2456 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:35:30.0976 2456 VaultSvc - ok
21:35:30.0991 2456 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:35:30.0991 2456 vdrvroot - ok
21:35:31.0038 2456 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:35:31.0069 2456 vds - ok
21:35:31.0101 2456 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:35:31.0101 2456 vga - ok
21:35:31.0116 2456 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:35:31.0116 2456 VgaSave - ok
21:35:31.0147 2456 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:35:31.0147 2456 vhdmp - ok
21:35:31.0163 2456 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:35:31.0163 2456 viaide - ok
21:35:31.0179 2456 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:35:31.0194 2456 vmbus - ok
21:35:31.0194 2456 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:35:31.0194 2456 VMBusHID - ok
21:35:31.0225 2456 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:35:31.0225 2456 volmgr - ok
21:35:31.0288 2456 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:35:31.0303 2456 volmgrx - ok
21:35:31.0319 2456 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:35:31.0335 2456 volsnap - ok
21:35:31.0350 2456 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:35:31.0350 2456 vsmraid - ok
21:35:31.0413 2456 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:35:31.0491 2456 VSS - ok
21:35:31.0491 2456 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:35:31.0491 2456 vwifibus - ok
21:35:31.0506 2456 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:35:31.0506 2456 vwififlt - ok
21:35:31.0553 2456 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:35:31.0584 2456 W32Time - ok
21:35:31.0631 2456 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
21:35:31.0631 2456 wacommousefilter - ok
21:35:31.0647 2456 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:35:31.0647 2456 WacomPen - ok
21:35:31.0678 2456 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
21:35:31.0678 2456 wacomvhid - ok
21:35:31.0709 2456 [ EF4D5242C0E2F74BA8E74C31F57A11CB ] wacomvthid C:\Windows\system32\DRIVERS\WacomVTHid.sys
21:35:31.0709 2456 wacomvthid - ok
21:35:31.0740 2456 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:35:31.0740 2456 WANARP - ok
21:35:31.0756 2456 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:35:31.0756 2456 Wanarpv6 - ok
21:35:31.0818 2456 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:35:31.0865 2456 wbengine - ok
21:35:31.0881 2456 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:35:31.0896 2456 WbioSrvc - ok
21:35:31.0927 2456 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:35:31.0959 2456 wcncsvc - ok
21:35:31.0974 2456 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:35:31.0974 2456 WcsPlugInService - ok
21:35:31.0990 2456 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:35:31.0990 2456 Wd - ok
21:35:32.0005 2456 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:35:32.0037 2456 Wdf01000 - ok
21:35:32.0037 2456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:35:32.0052 2456 WdiServiceHost - ok
21:35:32.0052 2456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:35:32.0068 2456 WdiSystemHost - ok
21:35:32.0115 2456 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:35:32.0130 2456 WebClient - ok
21:35:32.0146 2456 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:35:32.0161 2456 Wecsvc - ok
21:35:32.0177 2456 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:35:32.0177 2456 wercplsupport - ok
21:35:32.0208 2456 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:35:32.0208 2456 WerSvc - ok
21:35:32.0224 2456 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:35:32.0224 2456 WfpLwf - ok
21:35:32.0239 2456 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:35:32.0239 2456 WIMMount - ok
21:35:32.0255 2456 WinDefend - ok
21:35:32.0271 2456 WinHttpAutoProxySvc - ok
21:35:32.0302 2456 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:35:32.0302 2456 Winmgmt - ok
21:35:32.0395 2456 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:35:32.0458 2456 WinRM - ok
21:35:32.0489 2456 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:35:32.0489 2456 WinUsb - ok
21:35:32.0536 2456 [ B7CD841F39B9E3F1522E176BB8080FFA ] WISDPen C:\Windows\system32\DRIVERS\wisdpen.sys
21:35:32.0536 2456 WISDPen - ok
21:35:32.0598 2456 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:35:32.0645 2456 Wlansvc - ok
21:35:32.0676 2456 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:35:32.0676 2456 WmiAcpi - ok
21:35:32.0754 2456 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:35:32.0754 2456 wmiApSrv - ok
21:35:32.0770 2456 WMPNetworkSvc - ok
21:35:32.0801 2456 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:35:32.0801 2456 WPCSvc - ok
21:35:32.0848 2456 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:35:32.0848 2456 WPDBusEnum - ok
21:35:32.0879 2456 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:35:32.0879 2456 ws2ifsl - ok
21:35:32.0895 2456 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:35:32.0910 2456 wscsvc - ok
21:35:32.0910 2456 WSearch - ok
21:35:33.0019 2456 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:35:33.0082 2456 wuauserv - ok
21:35:33.0129 2456 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:35:33.0129 2456 WudfPf - ok
21:35:33.0160 2456 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:35:33.0160 2456 WUDFRd - ok
21:35:33.0191 2456 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:35:33.0191 2456 wudfsvc - ok
21:35:33.0207 2456 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:35:33.0222 2456 WwanSvc - ok
21:35:33.0316 2456 [ 5BCB1F6CB749B6826BE1C0F16FF2F600 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
21:35:33.0347 2456 ZeroConfigService - ok
21:35:33.0363 2456 ================ Scan global ===============================
21:35:33.0378 2456 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:35:33.0425 2456 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:35:33.0441 2456 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:35:33.0472 2456 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:35:33.0503 2456 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:35:33.0503 2456 [Global] - ok
21:35:33.0503 2456 ================ Scan MBR ==================================
21:35:33.0519 2456 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:35:34.0003 2456 \Device\Harddisk0\DR0 - ok
21:35:34.0003 2456 ================ Scan VBR ==================================
21:35:34.0019 2456 [ 6A71EFE78A30EDD513D9C579C63C8C24 ] \Device\Harddisk0\DR0\Partition1
21:35:34.0019 2456 \Device\Harddisk0\DR0\Partition1 - ok
21:35:34.0050 2456 [ 8E14956F0A931D38027E0CB00DCA8A04 ] \Device\Harddisk0\DR0\Partition2
21:35:34.0050 2456 \Device\Harddisk0\DR0\Partition2 - ok
21:35:34.0066 2456 [ 1038E19639C89FA9DAD168B237F1317E ] \Device\Harddisk0\DR0\Partition3
21:35:34.0081 2456 \Device\Harddisk0\DR0\Partition3 - ok
21:35:34.0081 2456 ============================================================
21:35:34.0081 2456 Scan finished
21:35:34.0081 2456 ============================================================
21:35:34.0175 5276 Detected object count: 0
21:35:34.0175 5276 Actual detected object count: 0
21:35:58.0512 5268 Deinitialize success
|
|
14.11.2012, 21:41
| #4 | ||
| /// TB-Ausbilder | svchost.exe verursacht ständig Netzwerktraffic Hm  Egal ... wir schauen trotzdem weiter: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
15.11.2012, 07:00
| #5 |
| Account geschlossen | svchost.exe verursacht ständig Netzwerktraffic Guten Morgen, anbei das CombiFix Log. Gruß Code:
ATTFilter ComboFix 12-11-14.01 - Matthias 15.11.2012 6:18.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3892.1971 [GMT 1:00]
ausgeführt von:: c:\users\Matthias\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Matthias\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-15 bis 2012-11-15 ))))))))))))))))))))))))))))))
.
.
2012-11-15 05:27 . 2012-11-15 05:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-15 05:23 . 2012-11-15 05:23 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BFC3E94-3D1C-4357-9D56-59E62899ABB1}\offreg.dll
2012-11-14 09:28 . 2012-11-14 09:28 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-11-13 08:26 . 2012-10-17 00:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BFC3E94-3D1C-4357-9D56-59E62899ABB1}\mpengine.dll
2012-11-08 17:26 . 2012-11-08 17:26 -------- d-----w- c:\program files (x86)\Cisco Systems
2012-11-02 12:06 . 2012-11-02 12:06 -------- d-sh--r- C:\boot
2012-11-02 12:05 . 2012-11-02 12:02 129784 ------w- c:\windows\SysWow64\pxafs.dll
2012-11-02 12:05 . 2012-11-02 12:02 118520 ------w- c:\windows\SysWow64\pxinsi64.exe
2012-11-02 12:05 . 2012-11-02 12:02 116472 ------w- c:\windows\SysWow64\pxcpyi64.exe
2012-11-02 12:02 . 2012-11-02 12:02 40760 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-11-02 12:02 . 2012-11-02 12:02 -------- d-----w- c:\windows\Downloaded Installations
2012-11-02 08:07 . 2012-11-02 08:07 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-11-02 08:05 . 2012-01-10 13:28 8313856 ----a-w- c:\windows\system32\igdumd64.dll
2012-11-02 08:05 . 2012-01-10 13:28 12311904 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-11-02 08:05 . 2012-01-10 12:55 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-11-02 08:05 . 2012-01-10 12:42 18653696 ----a-w- c:\windows\system32\ig4icd64.dll
2012-11-02 08:05 . 2012-01-31 02:32 392984 ----a-w- c:\windows\system32\hkcmd.exe
2012-11-02 08:05 . 2012-01-10 12:29 13904384 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-11-02 08:05 . 2012-01-31 02:32 4379416 ----a-w- c:\windows\system32\GfxUI.exe
2012-11-02 08:05 . 2012-01-10 12:19 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-11-02 08:05 . 2012-01-31 02:32 184600 ----a-w- c:\windows\system32\difx64.exe
2012-11-01 18:57 . 2012-11-01 18:57 -------- d-----w- c:\programdata\Malwarebytes
2012-11-01 18:57 . 2012-11-01 18:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-01 18:57 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-28 09:58 . 2012-10-28 09:58 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-28 09:58 . 2012-10-28 09:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-28 09:58 . 2012-10-28 09:58 -------- d-----w- c:\windows\SysWow64\Macromed
2012-10-28 09:58 . 2012-10-28 09:58 -------- d-----w- c:\windows\system32\Macromed
2012-10-25 09:41 . 2004-07-29 20:35 1077344 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-10-25 09:41 . 2004-03-01 21:05 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2012-10-25 09:41 . 2004-02-11 13:37 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2012-10-25 09:28 . 2012-10-25 09:28 -------- d-----w- c:\program files\MATLAB
2012-10-24 21:02 . 2012-10-24 21:02 -------- d-----w- c:\programdata\Conexant
2012-10-24 20:58 . 2012-05-16 04:32 2693728 ------w- c:\windows\PWMBTHLV.EXE
2012-10-24 20:58 . 2012-05-16 04:32 29512 ----a-w- c:\windows\system32\drivers\DZHDD64.SYS
2012-10-24 20:58 . 2012-05-16 04:32 2806880 ----a-w- c:\windows\system32\PWMCP64V.cpl
2012-10-24 20:58 . 2012-05-16 04:32 19784 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS
2012-10-24 20:57 . 2012-10-24 20:57 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-10-24 20:57 . 2012-10-24 20:58 -------- d-----w- c:\program files (x86)\ThinkPad
2012-10-24 20:55 . 2012-04-10 14:37 738168 ----a-w- c:\windows\system32\ISD_Touch_Tablet.dll
2012-10-24 20:55 . 2012-04-10 14:37 600440 ----a-w- c:\windows\system32\Wintab32.dll
2012-10-24 20:55 . 2012-04-10 14:37 744824 ----a-w- c:\windows\system32\ISD_Tablet.dll
2012-10-24 20:55 . 2012-04-10 14:37 507256 ----a-w- c:\windows\SysWow64\Wintab32.dll
2012-10-24 20:54 . 2012-04-10 14:37 12848 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2012-10-24 20:54 . 2012-04-10 14:37 16168 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2012-10-24 20:54 . 2012-04-10 14:37 44656 ----a-w- c:\windows\system32\drivers\wisdpen.sys
2012-10-24 20:53 . 2011-05-23 13:33 126976 ----a-w- c:\windows\SysWow64\5U877.ax
2012-10-24 20:53 . 2011-05-23 13:33 142848 ----a-w- c:\windows\system32\5U877.ax
2012-10-24 20:44 . 2012-01-14 04:41 68864 ----a-w- c:\windows\system32\drivers\stream.sys
2012-10-24 20:20 . 2011-10-05 03:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-10-24 20:20 . 2011-10-05 03:41 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-10-24 20:20 . 2011-10-05 03:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-10-24 20:20 . 2011-10-05 03:41 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-10-24 20:20 . 2011-10-05 03:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-10-24 20:20 . 2011-10-05 03:41 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-10-24 20:20 . 2011-10-05 03:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-10-24 18:41 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-24 18:41 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-10-24 18:41 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-10-24 18:41 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-24 18:41 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-24 18:41 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-24 18:41 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-24 18:41 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-24 18:41 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-24 18:41 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-24 18:41 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-10-24 18:41 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-24 18:40 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-24 18:40 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-24 18:40 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-10-24 18:40 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-10-24 18:40 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-24 18:02 . 2012-10-24 18:02 -------- d-----w- c:\windows\system32\SPReview
2012-10-24 18:02 . 2012-10-24 18:02 -------- d-----w- c:\windows\system32\EventProviders
2012-10-24 17:55 . 2010-11-20 13:25 1525248 ----a-w- c:\program files\Windows Media Player\wmpnetwk.exe
2012-10-24 17:54 . 2010-11-20 13:27 223232 ----a-w- c:\windows\system32\wmpsrcwp.dll
2012-10-24 17:53 . 2010-11-20 13:27 28160 ----a-w- c:\windows\system32\shgina.dll
2012-10-24 17:52 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-10-24 17:49 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-10-24 17:49 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-10-24 17:49 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-10-24 17:49 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-10-24 17:49 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-10-24 17:49 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-10-24 17:49 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-10-24 17:49 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-10-24 17:49 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-10-24 17:49 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2012-10-24 17:49 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-10-24 17:07 . 2012-10-24 17:07 -------- d-----w- c:\program files (x86)\Microsoft
2012-10-24 17:05 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-24 17:05 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-24 17:05 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-24 16:58 . 2012-09-27 22:18 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-24 16:26 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-10-24 16:12 . 2012-10-24 16:12 -------- d-----w- c:\program files\Tablet button
2012-10-24 16:03 . 2012-10-24 16:03 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-10-24 16:02 . 2012-10-24 16:02 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-10-24 15:22 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-24 15:22 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-24 15:22 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-24 15:22 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-24 15:22 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-24 15:12 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-10-24 15:12 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-10-24 15:12 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-24 15:12 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-24 15:12 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-10-24 15:12 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-10-24 15:10 . 2011-05-04 05:25 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-10-24 15:09 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-24 15:08 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-10-24 15:07 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-10-24 14:58 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-10-24 14:58 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-10-24 14:50 . 2011-01-14 06:23 163840 ----a-w- c:\windows\system32\umpo.dll
2012-10-24 07:22 . 2012-10-24 07:22 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-10-24 07:22 . 2012-10-24 07:22 -------- d-----w- c:\windows\system32\wbem\en-US
2012-10-24 07:19 . 2012-10-24 07:19 -------- d-----w- c:\program files\Common Files\Lenovo
2012-10-24 07:19 . 2012-11-02 12:14 -------- d-----w- c:\program files (x86)\Common Files\Lenovo
2012-10-24 07:07 . 2012-11-13 09:14 -------- d-----w- c:\program files\ThinkPad
2012-10-24 07:04 . 2012-10-24 07:04 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-10-23 17:59 . 2010-10-14 17:24 148264 ----a-w- c:\windows\system32\SynTPCo4.dll
2012-10-23 17:59 . 2010-10-14 17:24 273704 ----a-w- c:\windows\system32\SynCtrl.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 18:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-10-24 18:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-14 08:32 . 2012-09-14 08:32 1439744 ----a-w- c:\windows\system32\BrWi209d.dll
2012-09-14 07:32 . 2012-09-14 07:32 25299 ----a-w- c:\windows\SysWow64\BRLM03A.DLL
2012-08-24 13:24 . 2012-08-24 13:24 122368 ----a-w- c:\windows\system32\TpShEvUI.exe
2012-08-24 13:24 . 2012-08-24 13:24 260608 ----a-w- c:\windows\system32\TpShCPL.cpl
2012-08-24 13:24 . 2012-08-24 13:24 478208 ----a-w- c:\windows\system32\TpShCPL.dll
2012-08-24 13:24 . 2012-08-24 13:24 222720 ----a-w- c:\windows\system32\TpShocks.exe
2012-08-21 11:01 . 2012-08-21 11:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-08-21 11:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-24 15:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-23 15:09 220632 ----a-w- c:\users\Matthias\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-23 15:09 220632 ----a-w- c:\users\Matthias\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-23 15:09 220632 ----a-w- c:\users\Matthias\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"TSMResident"="c:\program files (x86)\ThinkPad\Tablettverknüpfungen\TSMRESIDENT.EXE" [2012-01-27 485336]
"TabletButton"="c:\program files (x86)\ThinkPad\Tablettverknüpfungen\TabletButton.EXE" [2010-10-27 468328]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 5941344]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-05-16 29512]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2012-08-12 25448]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S2 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe [2010-10-27 79136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [2012-06-28 692432]
S2 TabletServiceISD;TabletServiceISD;c:\program files\Tablet\ISD\ISD_Tablet.exe [2012-04-10 5650296]
S2 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablettverknüpfungen\TSMService.exe [2012-02-08 83920]
S2 TouchServiceISD;Wacom ISD Touch Service;c:\program files\Tablet\ISD\ISD_TouchService.exe [2012-04-10 449912]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-06-25 3325232]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-05-23 167040]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-05-16 320576]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-07-05 27960]
S3 wacomvthid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2012-04-10 16368]
S3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2012-04-10 44656]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 09:58]
.
2012-11-01 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job
- c:\program files\MATLAB\R2012a\bin\win64\MATLABStartupAccelerator.exe [2012-10-25 01:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-23 15:09 244696 ----a-w- c:\users\Matthias\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-23 15:09 244696 ----a-w- c:\users\Matthias\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-23 15:09 244696 ----a-w- c:\users\Matthias\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-31 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-31 417560]
"TpShocks"="TpShocks.exe" [2012-08-24 222720]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8x438u4z.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2012-10-23 16:44; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2012-10-24 17:19; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8x438u4z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-10-24 17:20; {a7c6cf7f-112c-4500-a7ea-39801a327e5f}; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8x438u4z.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
FF - ExtSQL: 2012-10-24 17:20; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8x438u4z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2012-11-01 17:10; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8x438u4z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-15 06:31:30
ComboFix-quarantined-files.txt 2012-11-15 05:31
.
Vor Suchlauf: 11 Verzeichnis(se), 40.251.777.024 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 39.587.983.360 Bytes frei
.
- - End Of File - - B258A5A133E823745271B555773C0762
|
|
15.11.2012, 10:50
| #6 |
| /// TB-Ausbilder | svchost.exe verursacht ständig Netzwerktraffic Nix verdächtiges ... Eine Sache können wir noch testen, dann überweise ich dich zu den Windows-Kollegen. Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> svchost.exe verursacht ständig Netzwerktraffic |
|
15.11.2012, 16:12
| #7 |
| Account geschlossen | svchost.exe verursacht ständig Netzwerktraffic Naja, wenn nichts verdächtiges auftaucht, hat das ja auch etwas gutes. Zumindest was Schädlinge angeht. :-) Anbei aber noch einmal das Rootkit-Log Gruß Code:
ATTFilter Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.11.15.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Matthias :: MATTHIAS-PC [administrator]
15.11.2012 16:09:23
mbar-log-2012-11-15 (16-09-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 26981
Time elapsed: 9 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
15.11.2012, 16:24
| #8 | |
| /// TB-Ausbilder | svchost.exe verursacht ständig Netzwerktraffic Exakt! Gut!  Wir müssen jetzt noch ein paar Kontrollen machen. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.Schritt 4: AdwCleaner: Werbeprogramme suchen und löschen Schritt 5: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
16.11.2012, 08:49
| #9 |
| Account geschlossen | svchost.exe verursacht ständig Netzwerktraffic Moin, anbei die geforderten Log-dateien. Schritt 1: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.15.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Matthias :: MATTHIAS-PC [Administrator] 15.11.2012 17:32:04 mbam-log-2012-11-15 (17-32-04).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205017 Laufzeit: 2 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Wenn der Scan beendet wurde Klicke und dann Speichere das Logfile als ESET.txt auf dem Desktop. Klicke Back und Finish Konnte ich nicht durchführen. Ich konnte nur Finish anwählen. Es wurde allerdings auch nichts gefunden. Schritt 3: Hmm...Ich habe kein Java installiert. Vielleicht meintest du den Flashplayer, der war veraltet und den habe ich jetzt aktualisiert. Schritt 4: Code:
ATTFilter # AdwCleaner v2.007 - Datei am 16/11/2012 um 08:28:24 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Matthias - MATTHIAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Matthias\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8x438u4z.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [760 octets] - [16/11/2012 08:28:24]
########## EOF - C:\AdwCleaner[S1].txt - [819 octets] ##########
Code:
ATTFilter Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Adobe Flash Player 11.5.502.110 Mozilla Firefox (16.0.2) ````````Process Check: objlist.exe by Laurent```````` StarMoney 8.0 S-Edition ouservice StarMoneyOnlineUpdate.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
Matthias |
|
16.11.2012, 15:45
| #10 | ||||
| /// TB-Ausbilder | svchost.exe verursacht ständig Netzwerktraffic Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Hinweis: Solltest du Defogger benutzt haben, kannst du jetzt re-enable drücken. Schritt 1: Combofix deinstallieren Schritt 2: Toolbereinigung mit OTL Schritt 3: AdwCleaner entfernen Schritt 4: ESET deinstallieren (Optional) Abschließend noch Tipps zu folgenden Themen:
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
16.11.2012, 16:24
| #11 |
| Account geschlossen | svchost.exe verursacht ständig Netzwerktraffic Super, vielen Dank für deine Zeit und deine Hilfe! Ich habe nur noch eine Frage. Jetzt haben wir festgestellt, dass anscheinend kein Schädling für meinen Netzwerktraffic verantwortlich ist. Wie verfahre ich jetzt am besten weiter um das Problem zu beheben? Gruß |
|
16.11.2012, 16:27
| #12 |
| /// TB-Ausbilder | svchost.exe verursacht ständig Netzwerktraffic Jepp vermutlich es ist kein Schädling (CF hatte ja ein wenig gefunden). Mache bitte ein neues Thema im Windowsforum auf, die Kollegen da helfen dir da weiter.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
16.11.2012, 17:06
| #13 |
| Account geschlossen | svchost.exe verursacht ständig Netzwerktraffic Mit CF meinst du wahrscheinlich ComboFix, richtig!? Was wurde dort denn gefunden, wenn ich mal ganz blöd fragen darf? |
|
16.11.2012, 17:30
| #14 | |
| /// TB-Ausbilder | svchost.exe verursacht ständig Netzwerktraffic Es hat diese zwei Verzeichnisse gelöscht, was aber erstmal nichts heissen muss. Zitat:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
16.11.2012, 17:37
| #15 |
| Account geschlossen | svchost.exe verursacht ständig Netzwerktraffic Aha, OK! Gut dann bedanke ich mich nochmal bei dir. Dann werde ich mein Problem noch einmal im Windows Unterforum posten. Ich habe die Software soweit deinstalliert und werde deine Raschläge befolgen. Gruß und besten Dank Matthias |
|
| Themen zu svchost.exe verursacht ständig Netzwerktraffic |
| adobe, antivirus, application/pdf:, autorun, avast, bho, error, explorer, fehlermeldung, festplatte, firefox, flash player, format, install.exe, lenovo, mozilla, netzwerk, office 2007, programm, prozess, pwmtr64v.dll, registry, rundll, scan, security, senden, software, starmoney, svchost.exe, tablet, tracker, windows, windows xp |
Button.
und dann 
+ R Taste und kopiere den folgenden Text Ausführen-Fenster und klicke OK.
Linear-Darstellung
