| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im WartungscenterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.11.2012, 10:59
| #1 |
| |  svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter Hallo zusammen, wie der Titel schon andeutet, habe ich zwei Probleme, die möglicherweise zusammengehören. 1. svchost.exe verursacht zeitweise eine 100%ige CPU-Auslastung 2. Das Wartungscenter meldete mir den Fund von "Win32/Adload.DA-Virus" zu1.: ich habe keine Ahnung, was da machen soll. Ich kann den Moment zu 2.: Das zweite Problem habe ich mit Hilfe der Microsoft-Anleitung zu beheben versucht. Allerdings wurde nichts gefunden. Vorgehen: Download der msert.exe Boot in den Abgesicherten Modus Start mit Administratorrechten keine Funde Im Abgesicherten Modus und mit Administratorrechten ausgestattet, habe ich auch avast-Antivirusprogramm Malwarebytes Anti-Malware 1.65.1 Spybot - Search & Destroy suchen lassen. Ebenfalls ohne Erfolg. Ein weiterer, gesonderter "vollständiger Test" auf Rootkits mit avast! brachte auch keine Besserung. Ich war verzweifelt und habe den Test laufen lassen. Anschließend habe ich eure Anleitung befolgt und hänge die Logfiles von defogger OTL(OTL.txt und Extras) Malwarebytes an. Ich bedanke mich schon im Voraus für euer Mitwirken. Euer Forum macht einen sehr kompetenten und übersichtlichen Eindruck. Und anscheinend kann sogar Leuten mit wenigen Vorkenntnissen geholfen werden. Weiter so! icke Hier nun die Logfiles: defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:31 on 24/10/2012 (Icke)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 25.10.2012 21:18:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Icke\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,75% Memory free 7,93 Gb Paging File | 6,59 Gb Available in Paging File | 83,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 107,42 Gb Total Space | 54,56 Gb Free Space | 50,79% Space Free | Partition Type: NTFS Drive E: | 179,73 Gb Total Space | 36,92 Gb Free Space | 20,54% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 9,68 Gb Free Space | 99,09% Space Free | Partition Type: NTFS Computer Name: ICKE-THINK | User Name: Icke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.24 14:24:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe PRC - [2012.08.21 13:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 13:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.28 00:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.02.28 05:07:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe PRC - [2011.12.07 14:48:06 | 000,680,960 | ---- | M] () -- E:\Programme\NX8\License Server\ugslmd.exe PRC - [2011.11.04 17:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.07.12 20:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2011.07.12 18:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2011.07.12 18:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2009.08.20 04:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe PRC - [2009.08.07 08:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.08.07 08:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.07.07 13:16:28 | 001,510,152 | ---- | M] (Acresso Software Inc.) -- E:\Programme\NX8\License Server\lmgrd.exe PRC - [2008.01.16 12:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2011.08.11 13:20:42 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2011.03.29 21:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2009.07.29 18:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 05:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.09 22:48:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.23 16:21:19 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.21 13:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.28 00:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:29:06 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 22:57:42 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.07.03 22:50:59 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2012.07.03 22:50:58 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.05.23 01:12:02 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.02.28 05:07:00 | 000,244,800 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc) SRV - [2012.02.28 05:07:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2011.11.01 15:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.11.01 15:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2011.10.21 17:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.20 20:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2011.10.19 16:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.10.13 19:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.07.12 18:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011.07.12 18:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.07.12 18:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011.07.12 18:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.12.10 19:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.03.18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.15 08:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Programme\SolidWorks2010\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost) SRV - [2009.08.07 08:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.08.05 00:36:56 | 000,362,992 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.08.05 00:36:46 | 000,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.08.05 00:33:46 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10) SRV - [2009.08.05 00:33:34 | 000,166,384 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10) SRV - [2009.08.05 00:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009.07.07 13:16:28 | 001,510,152 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- E:\Programme\NX8\License Server\lmgrd.exe -- (UGS License Server (ugslmd) SRV - [2009.06.11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.01.16 12:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.01.04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- c:\program files\pc-doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06000000}_0) DRV:64bit: - [2012.09.26 19:53:00 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.09.20 08:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudobex.sys -- (ssudobex) DRV:64bit: - [2012.09.20 08:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 08:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.08.21 13:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.08.21 13:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.08.21 13:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.08.21 13:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.08.21 13:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.08.21 13:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.03.30 23:48:19 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2012.03.01 10:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.28 05:07:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2012.02.15 06:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.12.27 05:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011.12.23 15:30:56 | 000,412,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.10.31 17:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.10.19 16:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.10.19 16:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.08.11 13:20:42 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2011.06.10 08:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.29 21:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2011.03.29 21:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2011.03.11 10:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 10:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.13 13:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.11.20 17:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 15:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.09.07 16:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2010.01.27 13:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.09.15 15:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.08.07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.30 04:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.30 04:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2009.07.14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 04:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.14 03:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.01 07:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.01 07:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.01 07:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.06.11 01:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.11 01:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.11 01:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.11 00:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.11 00:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.07 10:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2006.10.13 03:21:00 | 000,016,080 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVicPort64.sys -- (TVicPort64) DRV - [2009.07.14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2ABD4A28-5F89-4E40-BD3C-4D075F6ABB21} IE:64bit: - HKLM\..\SearchScopes\{2ABD4A28-5F89-4E40-BD3C-4D075F6ABB21}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {C9EE8ABB-94BF-4751-B615-B37F2FF43682} IE - HKLM\..\SearchScopes\{C9EE8ABB-94BF-4751-B615-B37F2FF43682}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ecosia.org/ IE - HKCU\..\SearchScopes,DefaultScope = {F94031AA-DDAB-44F2-892F-1E2FD8A54053} IE - HKCU\..\SearchScopes\{F94031AA-DDAB-44F2-892F-1E2FD8A54053}: "URL" = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch IE - HKCU\..\SearchScopes\{F9AA3DC2-9818-4F52-8287-1AF4DD4732D8}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ecosia" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org" FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledAddons: en-US@dictionaries.addons.mozilla.org:6.0 FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3 FF - prefs.js..extensions.enabledAddons: firegestures@xuldev.org:1.6.18 FF - prefs.js..network.proxy.http: "192.168.54.1" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.socks_version: 4 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: E:\Programme\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.23 16:21:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.03 10:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\Mozilla\Extensions [2012.10.25 19:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions [2012.09.16 20:16:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.25 19:22:50 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.09.17 11:16:02 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\en-US@dictionaries.addons.mozilla.org [2012.09.28 11:44:16 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\firefox@ghostery.com [2012.10.07 19:04:08 | 000,142,418 | ---- | M] () (No name found) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\firegestures@xuldev.org.xpi [2012.08.24 11:39:15 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.07.26 13:59:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.02 10:40:35 | 000,002,289 | ---- | M] () -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\searchplugins\ecosia.xml [2012.05.03 10:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.23 16:21:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 05:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.23 16:21:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 05:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 05:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 05:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 05:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.11 01:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Adblock IE) - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Programme\MGTEK\Adblock IE\adblockie.dll (MGTEK) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Adblock IE) - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Element Behavior) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33C2304C-DFED-4FFA-8E36-EE693227F40B}: DhcpNameServer = 192.168.0.1 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.10 20:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{4188176f-faa4-11de-a469-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4188176f-faa4-11de-a469-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.11 01:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.24 14:24:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe [2012.10.15 12:38:24 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudobex.sys [2012.10.15 12:38:24 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012.10.15 12:38:24 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2012.10.15 12:33:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2012.10.15 12:33:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.10.15 12:09:53 | 000,000,000 | ---D | C] -- C:\Users\Icke\Desktop\Cell [2012.10.15 12:08:48 | 000,000,000 | ---D | C] -- C:\Temp [2012.10.07 22:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TPFanControl [2012.10.07 21:04:38 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.10.07 21:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.09.29 19:07:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Recorded TV [2012.09.29 19:07:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Recorded Audio [2012.09.29 19:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp Remote [2012.09.29 19:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\OrbNetworks [2012.09.28 12:08:46 | 000,000,000 | ---D | C] -- C:\Users\Icke\Documents\Stronghold 3 [2012.09.28 12:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2012.09.26 20:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.25 20:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.25 20:42:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.24 14:40:50 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.24 14:40:50 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.24 14:37:13 | 001,654,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.24 14:37:13 | 000,714,880 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.24 14:37:13 | 000,665,854 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.24 14:37:13 | 000,154,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.24 14:37:13 | 000,124,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.24 14:32:13 | 3193,589,760 | -HS- | M] () -- C:\hiberfil.sys [2012.10.24 14:31:01 | 000,000,020 | ---- | M] () -- C:\Users\Icke\defogger_reenable [2012.10.24 14:24:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe [2012.10.24 14:23:57 | 000,050,477 | ---- | M] () -- C:\Users\Icke\Desktop\Defogger.exe [2012.10.16 10:28:32 | 000,000,107 | ---- | M] () -- C:\Users\Icke\Desktop\Hotspot ON.bat [2012.10.07 22:36:41 | 000,000,647 | ---- | M] () -- C:\Users\Public\Desktop\TPFanControl.lnk [2012.10.07 21:04:37 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2012.09.26 15:57:16 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.24 14:31:01 | 000,000,020 | ---- | C] () -- C:\Users\Icke\defogger_reenable [2012.10.24 14:23:57 | 000,050,477 | ---- | C] () -- C:\Users\Icke\Desktop\Defogger.exe [2012.10.16 10:26:33 | 000,000,107 | ---- | C] () -- C:\Users\Icke\Desktop\Hotspot ON.bat [2012.10.16 10:26:33 | 000,000,029 | ---- | C] () -- C:\Users\Icke\Desktop\Hotspot OFF.bat [2012.10.07 22:36:41 | 000,000,647 | ---- | C] () -- C:\Users\Public\Desktop\TPFanControl.lnk [2012.10.07 21:04:37 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012.09.09 12:53:22 | 000,001,158 | ---- | C] () -- C:\Users\Icke\AppData\Roaming\ShiftN.ini [2012.07.10 13:43:03 | 000,017,408 | ---- | C] () -- C:\Users\Icke\AppData\Local\WebpageIcons.db [2012.07.03 22:55:32 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2012.05.23 20:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.23 20:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 20:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 20:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 20:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.02.15 06:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 06:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.31 08:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.13 02:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.02.13 06:09:20 | 000,007,605 | ---- | C] () -- C:\Users\Icke\AppData\Local\Resmon.ResmonCfg [2009.02.14 20:56:48 | 000,090,961 | ---- | C] () -- C:\Program Files (x86)\Russian.xml [2008.10.30 13:49:34 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb ========== ZeroAccess Check ========== [2009.07.14 08:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 09:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 08:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 05:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 16:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 05:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.13 18:16:53 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\Audacity [2012.04.13 20:56:58 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\DAEMON Tools Lite [2012.10.21 16:26:21 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\Dropbox [2012.08.16 12:18:42 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\gnupg [2012.04.13 20:56:59 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\IM [2012.09.11 14:16:02 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\InterZet [2012.05.06 00:16:28 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\JAM Software [2012.04.13 20:56:59 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\KeePass [2012.07.02 15:36:48 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\Mathsoft [2012.08.31 17:10:00 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\NetSpeedMonitor [2012.04.13 20:57:03 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\Opera [2012.09.21 15:48:47 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1 [2012.05.14 17:15:28 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\pdfforge [2012.04.13 20:57:05 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\PwrMgr [2012.04.13 20:57:05 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\RapidSolution [2012.06.02 12:54:00 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\Samsung [2012.05.25 23:12:16 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\The Creative Assembly [2012.04.13 20:59:42 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\Trillian [2012.10.22 23:40:57 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Extras.txt: Code:
ATTFilter
OTL Extras logfile created on: 25.10.2012 21:18:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Icke\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,75% Memory free
7,93 Gb Paging File | 6,59 Gb Available in Paging File | 83,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,42 Gb Total Space | 54,56 Gb Free Space | 50,79% Space Free | Partition Type: NTFS
Drive E: | 179,73 Gb Total Space | 36,92 Gb Free Space | 20,54% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 9,68 Gb Free Space | 99,09% Space Free | Partition Type: NTFS
Computer Name: ICKE-THINK | User Name: Icke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BABF2A1-637A-4084-B292-E826DE7F3D7B}" = rport=445 | protocol=6 | dir=out | app=system |
"{0C26AEA7-064F-4B03-A201-84B72ED98AA2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F8EA7B3-E292-484B-B0AD-C2E0CBD0143F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{16D72E81-97DD-4164-AF2B-C5325CCBEDAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{255EC4DA-CF94-4375-9FE6-E26FF4184679}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{27F8B943-AC7F-42B2-95AC-EC0478B3F24D}" = rport=137 | protocol=17 | dir=out | app=system |
"{295CA60B-6ABD-4F0D-A7D2-7B7487B7F04B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{35DF6FD2-168E-48A3-A2E8-6FAC54E46292}" = lport=445 | protocol=6 | dir=in | app=system |
"{39325C29-3CEA-458C-A697-582DA7A686D4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3D325A04-A17C-489D-A6D3-58DBD5A560ED}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3D8928E6-7183-47A0-8C2F-D952EFE819F9}" = rport=138 | protocol=17 | dir=out | app=system |
"{3DC69048-8F4E-45B2-9E7B-DFC0304B1636}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E8B43C8-4D64-46D6-91F4-084C8F31A362}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{446C87C0-79EC-4207-A424-EA71436840B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{47419B5F-9F02-40AF-905F-442A9FE0D319}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A3022C4-CC69-426C-BDF1-0E900549481D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4F09F633-F70D-4F71-9DCE-C725EB2D16FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51D5610F-B1ED-46B7-951C-AF560A260952}" = lport=139 | protocol=6 | dir=in | app=system |
"{6118851B-8F0D-45C2-9C64-94E7F2A383CB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6374B30D-4054-47A9-A957-2E8D38571F65}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{673F571D-15BD-47F1-BED1-2E3AF1BFBEB1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68989FFF-A070-4EE7-A790-3B019264970C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D5E4531-0309-4657-ABC8-87EA06933776}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7070992C-2BD9-4068-BBBC-C2F7BACF4D36}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{70DB773A-D061-42EA-BA6A-6551FDA1D15E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{73635DF1-1BE0-48B8-9113-730E56369561}" = lport=137 | protocol=17 | dir=in | app=system |
"{74556982-C81B-4A30-9010-D98366045AC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75BF8E8E-9D4A-4278-AD7C-660D89C273E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{768A9F52-9AD9-47A4-AC12-9896626514E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86639078-4FAA-4BBD-801A-F2491A572CFC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86CA5F0C-4379-4870-B825-B2510AA02A64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8A2D15B9-6046-4FBC-8617-B852013DBD4A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8E3960BC-8700-4A68-BD32-FA005207FC20}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9B37623B-E0A7-4CC3-A06D-CD722DFBA21F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B33C1748-1A01-428B-9DBF-C0CBB78B5ECD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C147136A-967B-4ACC-819F-1AAFC5D568DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C193C39D-5703-426E-92A7-7EE0E57B8857}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C1F58D86-7799-4C92-9DCB-A679E9AC67E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCD27FA1-D1B2-4290-B6B0-55B2D1430BB7}" = lport=138 | protocol=17 | dir=in | app=system |
"{E6D09F65-F8A0-48C4-9B73-8F6E1BAEA955}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F05FBBF3-F141-40FA-9251-044B6FF98569}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F13A4F41-C381-45BC-8CA2-4213FC074C3C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FF193833-6D5F-4F64-81A5-0F7CAD9F075E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017E266F-E9F3-4D80-9A8F-5838C2BF8905}" = protocol=17 | dir=in | app=e:\programme\winamp remote\bin\orbtray.exe |
"{065273DD-F0F6-4A6B-855D-4DB8E48CB2E5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{097C22C4-7D6E-480F-BF43-A55662E08621}" = protocol=6 | dir=in | app=e:\users\icke\appdata\roaming\dropbox\bin\dropbox.exe |
"{0D18E393-73F2-48E2-861A-1B4132EDCC32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{105E8DC9-77C6-432B-950E-DF97549E5C96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16C67ECE-EE4E-40F5-A3B2-191D741A6468}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{170DA58E-B06E-47B1-B3C5-BED098875DD1}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{1C401B0A-DDC3-408F-9001-83CC9EACD96A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E53021A-EF98-4657-8B0A-F6ED236C2B6F}" = protocol=6 | dir=out | app=system |
"{21B6429F-DEAE-4292-97C5-10E9172A59B0}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{220864F8-3598-4D9C-8A97-B897BA599C5D}" = protocol=6 | dir=in | app=e:\programme\winamp remote\bin\orb.exe |
"{22B61563-CF6D-41E8-9CC5-0ADC5F293AE2}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{2C417F54-C77F-4DFF-816B-B7E29832E487}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DFAE118-0386-4CBE-8B6D-4A4BE10832F5}" = protocol=17 | dir=in | app=e:\users\icke\appdata\roaming\dropbox\bin\dropbox.exe |
"{2EE6245A-116F-4910-BACA-27E0F7E9F997}" = protocol=6 | dir=in | app=e:\programme\winamp remote\bin\orbir.exe |
"{31827C46-B09E-4E5B-9934-97209FCE6AE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{32896B17-3618-4351-B3C2-A8E5D0FE72DD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{32A541E4-C6B1-4843-9ED8-2870DA89B1A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B4C5CBC-4747-4774-98AB-E5ACA5D60F6D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{3C86C26E-F00B-4DF6-A176-784A349D8F16}" = protocol=6 | dir=in | app=e:\programme\winamp remote\bin\orbtray.exe |
"{40C5C9A3-E2BC-4A8E-85C8-5E26FE4A2160}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{45E7631A-692B-49BF-99A1-A844B09B49C8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{464D507A-6AE7-4C64-8AB0-139DC80D58B1}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{489BC5E2-15C5-4D13-BDA4-BF57681EDDC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4FAFA728-7530-471C-A7F2-0DA592CFAEEE}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{51A900FB-2546-4ED9-BBB7-986739E13E24}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{52103536-0480-4185-98E2-FE7523380631}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{552EFAB3-E5BE-46EC-A952-5B75232599DE}" = protocol=17 | dir=in | app=e:\programme\winamp remote\bin\orbir.exe |
"{581B8BDC-E6A2-4CF4-B56E-BD41D4476D36}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5CB3828F-5511-4A92-8994-17B5FB212295}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5EA989E0-4D4A-4D88-AF29-4B1CC66DD198}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5EB6EDAF-7648-4413-A1D0-C380B360BEC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6D0A1853-32C7-48C8-850A-85B1262F9D12}" = protocol=6 | dir=in | app=c:\program files\solidworks2010\solidworks\swscheduler\dtscoordinatorservice.exe |
"{7413DCF7-B69E-4B79-9D01-0D7131BF1C86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7434A214-0500-4496-8324-48E40C2624C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{749BBD15-1107-4897-8E95-DB7386A3BD5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78E0F27B-2456-4400-BE61-6C9A1A8C3010}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7F4E381B-ED72-4D46-924D-247584CDD9F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{868DD805-7647-42D5-82E7-09D342E7F0CD}" = protocol=6 | dir=in | app=e:\programme\winamp remote\bin\orbstreamerclient.exe |
"{8766DFB1-9155-4EBA-BF6B-2D80744CB1F3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8836C752-FF09-4961-917C-8D7969D72D64}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{89D21174-E63B-49BA-9B6E-F3367FF17869}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{8BC19199-5938-494A-8835-F377BA7AA061}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{9C7C9D09-A5C3-4666-B692-3AF900858698}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0DE1826-CA2E-4A6A-8417-96FCDBB24EA1}" = protocol=17 | dir=in | app=e:\programme\utorrent\utorrent.exe |
"{A56DACBD-AA35-4933-AE06-0DAAABA649D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{B2D0BC8B-1499-4CFB-8A3E-18F711EF0ECA}" = protocol=6 | dir=in | app=e:\programme\utorrent\utorrent.exe |
"{D1503485-A6E2-4618-B360-0B062D2C1544}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D50856FB-3368-4F74-AFFB-44E1E7EC2D63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDF9DDE5-CD25-40E0-B48B-098D4244D1EB}" = protocol=17 | dir=in | app=e:\programme\winamp remote\bin\orbstreamerclient.exe |
"{DF6423A0-9989-41E7-A3EA-55D21473D360}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E25AEB48-2198-4151-92A2-3075340A2045}" = protocol=17 | dir=in | app=e:\users\icke\appdata\roaming\dropbox\bin\dropbox.exe |
"{E29178B4-E6F1-4BA2-800C-46F9F84B4357}" = protocol=17 | dir=in | app=c:\program files\solidworks2010\solidworks\swscheduler\dtscoordinatorservice.exe |
"{E716A6B2-9F2E-435C-8311-250B8FC05EDB}" = protocol=6 | dir=in | app=e:\users\icke\appdata\roaming\dropbox\bin\dropbox.exe |
"{E8ECDD31-41D4-408F-B0BE-9F6E7093225B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F1E2B092-7479-480D-BAF2-1EC06A56259A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2C0BC09-1F5D-4E48-B5BB-A8AA9AD96716}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F9623A8C-D69D-45A2-8B65-180400AB6D06}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FD92A07B-3A26-40FC-804F-220F5FB751A3}" = protocol=17 | dir=in | app=e:\programme\winamp remote\bin\orb.exe |
"{FF745AAF-F7FA-4451-B5E1-B4D20BE4B1F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0CD6BF0E-6D23-40A2-953E-127BD8514734}E:\programme\nx8\ugii\ugraf.exe" = protocol=6 | dir=in | app=e:\programme\nx8\ugii\ugraf.exe |
"TCP Query User{16BA6BE4-0967-492E-9F1D-02B28CFA5697}C:\interzet\z-tv\z-tv.exe" = protocol=6 | dir=in | app=c:\interzet\z-tv\z-tv.exe |
"TCP Query User{171A0A88-CD00-479D-B852-AC5A4AF77C44}C:\interzet\strongdc++\strongdc.exe" = protocol=6 | dir=in | app=c:\interzet\strongdc++\strongdc.exe |
"TCP Query User{347FE3DD-B67D-445F-869F-F6951AEA08A6}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{3A65CF72-4339-4E1B-96C4-A1877E6329EB}C:\interzet\z-tv\z-tv.exe" = protocol=6 | dir=in | app=c:\interzet\z-tv\z-tv.exe |
"TCP Query User{775FB6BC-F3E2-4485-A6D7-454663707405}E:\spiele\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=e:\spiele\stronghold 3\bin\win32_release\stronghold3.exe |
"TCP Query User{A67F5585-41A8-40B9-9406-BD104AA238D2}E:\programme\nx8\ugii\ugraf.exe" = protocol=6 | dir=in | app=e:\programme\nx8\ugii\ugraf.exe |
"TCP Query User{BDCA84CF-49A2-4DB5-8AF6-4A2D17C5E2A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{1D281B83-7C8A-4832-8280-0BA557CEE140}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{4202CD6D-11DE-4C02-A998-9947B8FCCCBF}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{5B1D032E-33FC-4861-BC03-3CA24B480219}E:\programme\nx8\ugii\ugraf.exe" = protocol=17 | dir=in | app=e:\programme\nx8\ugii\ugraf.exe |
"UDP Query User{5C71192F-4C0A-43FC-81C7-F2D29E8EB33A}E:\spiele\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=e:\spiele\stronghold 3\bin\win32_release\stronghold3.exe |
"UDP Query User{80064EDD-601E-478B-A4B1-4D09501AE202}C:\interzet\strongdc++\strongdc.exe" = protocol=17 | dir=in | app=c:\interzet\strongdc++\strongdc.exe |
"UDP Query User{CF9A201E-CBDB-4B8D-96EE-AD5121C5F477}C:\interzet\z-tv\z-tv.exe" = protocol=17 | dir=in | app=c:\interzet\z-tv\z-tv.exe |
"UDP Query User{D695A152-7DDB-4C50-8A1D-FC8D1812B792}C:\interzet\z-tv\z-tv.exe" = protocol=17 | dir=in | app=c:\interzet\z-tv\z-tv.exe |
"UDP Query User{E20C3033-4F9E-4A90-9D6B-63C98FC4F067}E:\programme\nx8\ugii\ugraf.exe" = protocol=17 | dir=in | app=e:\programme\nx8\ugii\ugraf.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09D47015-4E54-4F39-A362-56AA860987AB}" = Russisch - ME
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0 x64 Edition
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51676C0E-2D18-49F3-A1BE-005DE2654168}" = Siemens NX 8.0
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{58160868-037B-42CD-B575-AF804A2F0F47}" = Adblock IE 1.1
"{5ECBC7E9-4426-4BA2-91E0-B80C960AC132}" = Russisch - Custom
"{5F352F3C-160B-713A-A031-18293EC4CA5A}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1" = TPFanControl v0.62
"{7A80B61A-72A1-7800-C4B0-855F056243DA}" = ccc-utility64
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0419-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Russian) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F12D74-C53F-6276-73CB-851E73482270}" = AMD Drag and Drop Transcoding
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C4171DD9-EED6-2613-312A-FC8E168E7C3B}" = AMD Accelerated Video Transcoding
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi-Software
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{E9173A5F-22A6-4152-848E-45851DB99162}" = SolidWorks 2010 x64 Edition SP0
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0D12EED917642F81501AB8731CEFC39641FB12CF" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892)
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows-Treiberpaket - Intel hdc (06/04/2009 7.0.0.1013)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"4F8C829E03DB3C4ACA41DAA8ACFF40A7E37DB808" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (06/24/2009 6.0.1.5880)
"97BC12BC08DF3620DB6595D0CE3B078F10B7CA56" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (06/24/2009 5.10.0.5880)
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"VLC media player" = VLC media player 2.0.2
"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05DCB19F-234A-7E88-522D-4C90F3D501EE}" = CCC Help Chinese Standard
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0825DB8F-54A6-1964-3E8E-D9548777447E}" = CCC Help Greek
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0116D6-60DD-9DDB-39A3-B9E82EB82FFA}" = CCC Help Finnish
"{0D6F13C8-83EE-5B1E-AFA2-D048118F8E17}" = CCC Help Swedish
"{0E9E7F27-15EA-C664-796F-BF0B51FAA8D2}" = CCC Help Danish
"{1204BC47-3822-B05A-ED32-987F3653A954}" = Catalyst Control Center Graphics Previews Common
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1577F264-A7FC-5A53-823B-D1EDF32D611D}" = CCC Help Japanese
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14 Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{26C5D4C6-E7EC-64B2-E119-549D9B271820}" = CCC Help Turkish
"{28241D8C-C149-57A3-9659-6C1C2F3588C5}" = CCC Help Czech
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E4125CE-DDCF-8CF6-5A4E-88735CF284F9}" = Gapminder Desktop
"{32C09AEA-BCAE-4595-0A9E-1DA30A0CA936}" = CCC Help English
"{3880E12E-99E8-0191-B947-498F87E360E1}" = CCC Help Korean
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C8BD1B0-5E91-573D-A5F5-B80430D30436}" = CCC Help Spanish
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4026AEE5-528D-72E8-9A23-C51C7EBCB124}" = CCC Help Norwegian
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8FD0B6-CFC9-E468-357C-E6EAA83EE2EB}" = CCC Help German
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{53A5DF5E-E0B2-64D7-9908-500B590B0C7F}" = CCC Help Polish
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56DCD20A-E558-4396-AF59-14D15AA737BB}" = DWGeditor
"{59C45031-B4B1-EAA3-01B3-23FF59A1DDB5}" = CCC Help Thai
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
"{73A0F8AC-61F6-4C86-D448-7EB8C066A0F3}" = CCC Help French
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75430901-2556-AAAF-C31A-CB35BEE5DB71}" = CCC Help Hungarian
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8651BEDC-F331-8263-B856-696194F55B9A}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8D4F1C64-4E17-9532-E0DC-A08E2A7A7502}" = CCC Help Chinese Traditional
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0419-0000-0000000FF1CE}" = Microsoft Office Access MUI (Russian) 2007
"{90120000-0015-0419-0000-0000000FF1CE}_OMUI.ru-ru_{06BBE4EF-FA0F-43D4-8DE6-12B15AE6DC8F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0419-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Russian) 2007
"{90120000-0016-0419-0000-0000000FF1CE}_OMUI.ru-ru_{06BBE4EF-FA0F-43D4-8DE6-12B15AE6DC8F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0419-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Russian) 2007
"{90120000-0017-0419-0000-0000000FF1CE}_OMUI.ru-ru_{1CC57A7C-CA54-4228-A2B4-9853543EB6F7}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0419-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Russian) 2007
"{90120000-0018-0419-0000-0000000FF1CE}_OMUI.ru-ru_{06BBE4EF-FA0F-43D4-8DE6-12B15AE6DC8F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0419-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Russian) 2007
"{90120000-0019-0419-0000-0000000FF1CE}_OMUI.ru-ru_{06BBE4EF-FA0F-43D4-8DE6-12B15AE6DC8F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0419-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Russian) 2007
"{90120000-001A-0419-0000-0000000FF1CE}_OMUI.ru-ru_{06BBE4EF-FA0F-43D4-8DE6-12B15AE6DC8F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0419-0000-0000000FF1CE}" = Microsoft Office Word MUI (Russian) 2007
"{90120000-001B-0419-0000-0000000FF1CE}_OMUI.ru-ru_{06BBE4EF-FA0F-43D4-8DE6-12B15AE6DC8F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_OMUI.ru-ru_{EFE123B8-9F0A-4C50-A67B-0BADF3CB00DC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2007
"{90120000-001F-0422-0000-0000000FF1CE}_OMUI.ru-ru_{E23630A0-8B0D-4145-9CEA-9B4967CDDC0E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0419-1000-0000000FF1CE}_OMUI.ru-ru_{8D43357C-7ED3-4E4C-9804-DB84C67823BC}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0419-0000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2007
"{90120000-0044-0419-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Russian) 2007
"{90120000-0044-0419-0000-0000000FF1CE}_OMUI.ru-ru_{06BBE4EF-FA0F-43D4-8DE6-12B15AE6DC8F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0419-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2007
"{90120000-006E-0419-0000-0000000FF1CE}_OMUI.ru-ru_{8D43357C-7ED3-4E4C-9804-DB84C67823BC}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0419-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Russian) 2007
"{90120000-00A1-0419-0000-0000000FF1CE}_OMUI.ru-ru_{06BBE4EF-FA0F-43D4-8DE6-12B15AE6DC8F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0419-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Russian) 2007
"{90120000-00BA-0419-0000-0000000FF1CE}_OMUI.ru-ru_{06BBE4EF-FA0F-43D4-8DE6-12B15AE6DC8F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0419-0000-0000000FF1CE}" = Microsoft Office O MUI (Russian) 2007
"{90120000-0100-0419-0000-0000000FF1CE}_OMUI.ru-ru_{06BBE4EF-FA0F-43D4-8DE6-12B15AE6DC8F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0419-0000-0000000FF1CE}" = Microsoft Office X MUI (Russian) 2007
"{90120000-0101-0419-0000-0000000FF1CE}_OMUI.ru-ru_{06BBE4EF-FA0F-43D4-8DE6-12B15AE6DC8F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD17B01-2356-455D-5397-1BED89DFA07F}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABF2877B-DDCF-7527-BC7D-685F441AE161}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B40EED7A-63D4-4ED2-910D-9A64FF94DF22}" = UGSLicensing
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BB87040F-C72D-69D8-356B-F7ABE8FD792E}" = CCC Help Portuguese
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4625A3D-F9A3-D5F4-F60F-2BB24DCC1C01}" = Catalyst Control Center
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DB9E4EAB-2717-499F-8D56-4CC8A644AB60}" = MPlayer für Windows (Full Package)
"{DFDDBC6C-54F0-A526-40C5-E3DC41BD4098}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}" = Mathcad 14
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14 Resource Center
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F06119B1-23C6-8EB7-D8B9-1EDBAC8B254A}" = Catalyst Control Center Localization All
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"avast" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"DAEMON Tools Lite" = DAEMON Tools Lite
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"iZet 1.06" = iZet 1.06
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.ru-ru" = Microsoft Office Language Pack 2007 - Russian/русский
"Opera 12.02.1578" = Opera 12.02
"Orb" = Winamp Remote
"org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1" = Gapminder Desktop
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"ShiftN_is1" = ShiftN 3.6.1
"SolidWorks Installation Manager 20100-40000-1100-100" = SolidWorks 2010 x64 Edition SP0
"SpeedFan" = SpeedFan (remove only)
"StrongDC++ 2.42" = StrongDC++ 2.42
"TreeSize Free_is1" = TreeSize Free V2.7
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WizMouse_is1" = WizMouse v1.6.0.2
"Zattoo4" = Zattoo4 4.0.5
"Z-TV -" = Z-TV -
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.08.2012 11:09:20 | Computer Name = Icke-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000532d0
ID
des fehlerhaften Prozesses: 0xe50 Startzeit der fehlerhaften Anwendung: 0x01cd81075ecd406c
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: d835116b-eec6-11e1-b7a6-904ce5e43bc7
Error - 01.09.2012 14:18:32 | Computer Name = Icke-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0xb24 Startzeit der fehlerhaften Anwendung: 0x01cd845920550cf0
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 6f9d3a69-f461-11e1-a21a-904ce5e43bc7
Error - 03.09.2012 15:12:25 | Computer Name = Icke-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: DUI70.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdf25 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000013639
ID
des fehlerhaften Prozesses: 0xaa4 Startzeit der fehlerhaften Anwendung: 0x01cd89cc5d8c6770
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\DUI70.dll Berichtskennung: 4b7004c9-f5fb-11e1-812c-904ce5e43bc7
Error - 05.09.2012 02:58:07 | Computer Name = Icke-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x14e8 Startzeit der fehlerhaften Anwendung: 0x01cd8a0811a252c0
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 0ba3a155-f727-11e1-812c-904ce5e43bc7
Error - 05.09.2012 13:37:48 | Computer Name = Icke-THINK | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 13c8 Startzeit: 01cd8b33d86d246b Endzeit: 0 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 643ee801-f780-11e1-812c-904ce5e43bc7
Error - 12.09.2012 04:50:17 | Computer Name = Icke-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7a485 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038dc9 ID des fehlerhaften
Prozesses: 0x72c Startzeit der fehlerhaften Anwendung: 0x01cd90c327533efd Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: df670c74-fcb6-11e1-8002-904ce5e43bc7
Error - 12.09.2012 05:35:20 | Computer Name = Icke-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0xe88 Startzeit der fehlerhaften Anwendung: 0x01cd90c30df9caed
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 2a9cfd26-fcbd-11e1-8002-904ce5e43bc7
Error - 12.09.2012 13:32:41 | Computer Name = Icke-THINK | Source = Application Hang | ID = 1002
Description = Programm izet.exe, Version 1.7.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b4 Startzeit: 01cd90e25039105b
Endzeit:
10 Anwendungspfad: C:\InterZet\iZet\izet.exe Berichts-ID: d7eb8824-fcff-11e1-8002-904ce5e43bc7
Error - 13.09.2012 12:26:36 | Computer Name = Icke-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: EXPLORERFRAME.dll, Version:
6.1.7601.17514, Zeitstempel: 0x4ce7c6a8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000003b345
ID
des fehlerhaften Prozesses: 0xdf4 Startzeit der fehlerhaften Anwendung: 0x01cd91115e07eaee
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\EXPLORERFRAME.dll Berichtskennung: c9633f64-fdbf-11e1-adee-904ce5e43bc7
Error - 13.09.2012 17:05:43 | Computer Name = Icke-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1690 Startzeit der fehlerhaften Anwendung: 0x01cd91cc92b6e429
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c7550909-fde6-11e1-adee-904ce5e43bc7
[ Lenovo-Lenovo Patch Utility/Admin Events ]
Error - 08.10.2012 01:28:11 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to download the manifest file.
Error - 08.10.2012 01:28:11 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to download the manifest file.
Error - 08.10.2012 01:28:11 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to download the manifest file.
Error - 08.10.2012 01:28:12 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to get available patch. Return 2.
Error - 08.10.2012 01:28:12 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to get available patch. Return 2.
Error - 08.10.2012 01:28:12 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to get available patch. Return 2.
Error - 08.10.2012 01:28:12 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to get available patch. Return 2.
Error - 17.10.2012 12:48:33 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise
konnten nicht übersetzt werden.
Error - 17.10.2012 12:48:39 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml".
Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
Error - 17.10.2012 12:48:39 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to download the manifest file.
[ Lenovo-Message Center Plus/Admin Events ]
Error - 11.02.2010 10:11:11 | Computer Name = Icke-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. ->
Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
[ System Events ]
Error - 01.08.2012 02:59:55 | Computer Name = Icke-THINK | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 01.08.2012 02:59:55 | Computer Name = Icke-THINK | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 02.08.2012 02:36:19 | Computer Name = Icke-THINK | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 02.08.2012 09:08:08 | Computer Name = Icke-THINK | Source = DCOM | ID = 10010
Description =
Error - 03.08.2012 03:19:19 | Computer Name = Icke-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 03.08.2012 04:43:30 | Computer Name = Icke-THINK | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 04.08.2012 03:34:11 | Computer Name = Icke-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 04.08.2012 05:19:41 | Computer Name = Icke-THINK | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 04.08.2012 07:36:41 | Computer Name = Icke-THINK | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 04.08.2012 08:01:26 | Computer Name = Icke-THINK | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.09.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Icke :: ICKE-THINK [Administrator] 09.11.2012 13:42:02 mbam-log-2012-11-09 (13-42-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236530 Laufzeit: 8 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
10.11.2012, 11:23
| #2 |
| /// TB-Ausbilder   | svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 2 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
11.11.2012, 21:58
| #3 |
| | svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter Hi Matthias,
__________________danke für die schnelle Antwort. hier die Logfiles: Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-12 00:47:00
-----------------------------
00:47:00.720 OS Version: Windows x64 6.1.7601 Service Pack 1
00:47:00.720 Number of processors: 2 586 0x170A
00:47:00.720 ComputerName: ICKE-THINK UserName: Icke
00:47:01.469 Initialize success
00:47:01.516 AVAST engine defs: 12111100
00:47:07.678 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:47:07.678 Disk 0 Vendor: HITACHI_ PB3Z Size: 305245MB BusType: 3
00:47:07.694 Disk 0 MBR read successfully
00:47:07.694 Disk 0 MBR scan
00:47:07.694 Disk 0 unknown MBR code
00:47:07.694 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
00:47:07.709 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110000 MB offset 2459648
00:47:07.709 Disk 0 Partition - 00 0F Extended LBA 184043 MB offset 227739648
00:47:07.740 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712
00:47:07.772 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 184042 MB offset 227741696
00:47:07.772 Disk 0 scanning C:\Windows\system32\drivers
00:47:16.274 Service scanning
00:47:46.085 Modules scanning
00:47:46.085 Disk 0 trace - called modules:
00:47:46.116 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
00:47:46.116 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057a3530]
00:47:46.116 3 CLASSPNP.SYS[fffff8800102743f] -> nt!IofCallDriver -> [0xfffffa8003cf8be0]
00:47:46.132 5 ACPI.sys[fffff88000f9e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004699050]
00:47:46.506 AVAST engine scan C:\Windows
00:47:47.988 AVAST engine scan C:\Windows\system32
00:50:16.516 AVAST engine scan C:\Windows\system32\drivers
00:50:28.045 AVAST engine scan C:\Users\Icke
00:50:28.388 AVAST engine scan C:\ProgramData
00:51:18.963 Scan finished successfully
00:51:43.908 Disk 0 MBR has been saved successfully to "C:\Users\Icke\Desktop\MBR.dat"
00:51:43.908 The log file has been saved successfully to "C:\Users\Icke\Desktop\aswMBR.txt"
Code:
ATTFilter
00:52:58.0645 9756 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:52:58.0760 9756 ============================================================
00:52:58.0760 9756 Current date / time: 2012/11/12 00:52:58.0760
00:52:58.0760 9756 SystemInfo:
00:52:58.0760 9756
00:52:58.0760 9756 OS Version: 6.1.7601 ServicePack: 1.0
00:52:58.0760 9756 Product type: Workstation
00:52:58.0760 9756 ComputerName: ICKE-THINK
00:52:58.0760 9756 UserName: Icke
00:52:58.0760 9756 Windows directory: C:\Windows
00:52:58.0760 9756 System windows directory: C:\Windows
00:52:58.0760 9756 Running under WOW64
00:52:58.0760 9756 Processor architecture: Intel x64
00:52:58.0760 9756 Number of processors: 2
00:52:58.0760 9756 Page size: 0x1000
00:52:58.0760 9756 Boot type: Normal boot
00:52:58.0760 9756 ============================================================
00:52:59.0435 9756 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:52:59.0443 9756 ============================================================
00:52:59.0443 9756 \Device\Harddisk0\DR0:
00:52:59.0443 9756 MBR partitions:
00:52:59.0443 9756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
00:52:59.0443 9756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0xD6D8000
00:52:59.0460 9756 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD931000, BlocksNum 0x16775000
00:52:59.0460 9756 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x13882B0
00:52:59.0460 9756 ============================================================
00:52:59.0498 9756 C: <-> \Device\Harddisk0\DR0\Partition2
00:52:59.0533 9756 Q: <-> \Device\Harddisk0\DR0\Partition4
00:52:59.0578 9756 E: <-> \Device\Harddisk0\DR0\Partition3
00:52:59.0578 9756 ============================================================
00:52:59.0578 9756 Initialize success
00:52:59.0578 9756 ============================================================
00:53:06.0706 7000 ============================================================
00:53:06.0706 7000 Scan started
00:53:06.0706 7000 Mode: Manual;
00:53:06.0706 7000 ============================================================
00:53:09.0420 7000 ================ Scan system memory ========================
00:53:09.0420 7000 System memory - ok
00:53:09.0420 7000 ================ Scan services =============================
00:53:09.0639 7000 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:53:09.0639 7000 1394ohci - ok
00:53:09.0670 7000 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:53:09.0670 7000 ACPI - ok
00:53:09.0732 7000 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:53:09.0732 7000 AcpiPmi - ok
00:53:09.0873 7000 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:53:09.0873 7000 AdobeARMservice - ok
00:53:10.0075 7000 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:53:10.0075 7000 AdobeFlashPlayerUpdateSvc - ok
00:53:10.0122 7000 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:53:10.0138 7000 adp94xx - ok
00:53:10.0153 7000 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:53:10.0153 7000 adpahci - ok
00:53:10.0169 7000 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:53:10.0169 7000 adpu320 - ok
00:53:10.0216 7000 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:53:10.0216 7000 AeLookupSvc - ok
00:53:10.0263 7000 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:53:10.0278 7000 AFD - ok
00:53:10.0325 7000 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:53:10.0325 7000 agp440 - ok
00:53:10.0356 7000 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:53:10.0356 7000 ALG - ok
00:53:10.0387 7000 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:53:10.0387 7000 aliide - ok
00:53:10.0419 7000 [ F238BE4FA4E55EB67F17281FADF69851 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:53:10.0434 7000 AMD External Events Utility - ok
00:53:10.0465 7000 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:53:10.0465 7000 amdide - ok
00:53:10.0497 7000 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:53:10.0497 7000 AmdK8 - ok
00:53:10.0684 7000 [ 2DB9047AAC9D981F59CE06D04D70C4D8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:53:11.0089 7000 amdkmdag - ok
00:53:11.0136 7000 [ 2D9005EA0BFD25C740E53C8DD3C069E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:53:11.0136 7000 amdkmdap - ok
00:53:11.0152 7000 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:53:11.0152 7000 AmdPPM - ok
00:53:11.0199 7000 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:53:11.0199 7000 amdsata - ok
00:53:11.0199 7000 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:53:11.0199 7000 amdsbs - ok
00:53:11.0214 7000 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:53:11.0214 7000 amdxata - ok
00:53:11.0245 7000 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
00:53:11.0261 7000 AMPPAL - ok
00:53:11.0277 7000 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
00:53:11.0277 7000 AMPPALP - ok
00:53:11.0386 7000 [ 2CC0CBF2707BE4D5B6CE6B87D9DA2F97 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
00:53:11.0386 7000 AMPPALR3 - ok
00:53:11.0433 7000 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:53:11.0433 7000 AppID - ok
00:53:11.0464 7000 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:53:11.0464 7000 AppIDSvc - ok
00:53:11.0495 7000 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:53:11.0495 7000 Appinfo - ok
00:53:11.0526 7000 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
00:53:11.0526 7000 AppMgmt - ok
00:53:11.0557 7000 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:53:11.0557 7000 arc - ok
00:53:11.0557 7000 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:53:11.0557 7000 arcsas - ok
00:53:11.0589 7000 [ F9278A56E92DF6B16476431B582236B4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
00:53:11.0589 7000 aswFsBlk - ok
00:53:11.0620 7000 [ FA86861F5B30A2909F8A555ACCF10F33 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
00:53:11.0620 7000 aswMonFlt - ok
00:53:11.0651 7000 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
00:53:11.0651 7000 aswRdr - ok
00:53:11.0682 7000 [ 0CB9A8CFB177E4FBA9F3A3D7EB038AC7 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
00:53:11.0682 7000 aswSnx - ok
00:53:11.0729 7000 [ 27215E171E212EA5770406EC216F7409 ] aswSP C:\Windows\system32\drivers\aswSP.sys
00:53:11.0729 7000 aswSP - ok
00:53:11.0760 7000 [ 88AF99223812186A8046001EA22DAB86 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
00:53:11.0760 7000 aswTdi - ok
00:53:11.0776 7000 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:53:11.0776 7000 AsyncMac - ok
00:53:11.0823 7000 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:53:11.0823 7000 atapi - ok
00:53:11.0869 7000 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
00:53:11.0869 7000 AtiHDAudioService - ok
00:53:11.0994 7000 [ 2DB9047AAC9D981F59CE06D04D70C4D8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:53:12.0041 7000 atikmdag - ok
00:53:12.0103 7000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:53:12.0103 7000 AudioEndpointBuilder - ok
00:53:12.0119 7000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:53:12.0119 7000 AudioSrv - ok
00:53:12.0181 7000 [ FB05FF189FC5F57DE636315B1F5E56DB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:53:12.0181 7000 avast! Antivirus - ok
00:53:12.0228 7000 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:53:12.0244 7000 AxInstSV - ok
00:53:12.0306 7000 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:53:12.0306 7000 b06bdrv - ok
00:53:12.0337 7000 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:53:12.0337 7000 b57nd60a - ok
00:53:12.0415 7000 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
00:53:12.0415 7000 BBSvc - ok
00:53:12.0493 7000 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
00:53:12.0493 7000 BBUpdate - ok
00:53:12.0540 7000 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
00:53:12.0556 7000 BcmSqlStartupSvc - ok
00:53:12.0587 7000 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:53:12.0587 7000 BDESVC - ok
00:53:12.0618 7000 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:53:12.0618 7000 Beep - ok
00:53:12.0681 7000 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:53:12.0696 7000 BFE - ok
00:53:12.0727 7000 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
00:53:12.0727 7000 BITS - ok
00:53:12.0759 7000 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:53:12.0759 7000 blbdrive - ok
00:53:12.0790 7000 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:53:12.0790 7000 bowser - ok
00:53:12.0805 7000 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:53:12.0805 7000 BrFiltLo - ok
00:53:12.0868 7000 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:53:12.0868 7000 BrFiltUp - ok
00:53:12.0915 7000 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:53:12.0915 7000 Browser - ok
00:53:12.0930 7000 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:53:12.0930 7000 Brserid - ok
00:53:12.0946 7000 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:53:12.0946 7000 BrSerWdm - ok
00:53:12.0946 7000 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:53:12.0946 7000 BrUsbMdm - ok
00:53:12.0946 7000 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:53:12.0946 7000 BrUsbSer - ok
00:53:13.0008 7000 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
00:53:13.0008 7000 BthEnum - ok
00:53:13.0024 7000 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:53:13.0024 7000 BTHMODEM - ok
00:53:13.0039 7000 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
00:53:13.0055 7000 BthPan - ok
00:53:13.0071 7000 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
00:53:13.0086 7000 BTHPORT - ok
00:53:13.0117 7000 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:53:13.0117 7000 bthserv - ok
00:53:13.0149 7000 [ D6CEEC2F878149E4DB9FE93FA5D8FE60 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
00:53:13.0149 7000 BTHSSecurityMgr - ok
00:53:13.0180 7000 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
00:53:13.0180 7000 BTHUSB - ok
00:53:13.0227 7000 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
00:53:13.0227 7000 btusbflt - ok
00:53:13.0242 7000 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
00:53:13.0242 7000 btwaudio - ok
00:53:13.0273 7000 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
00:53:13.0273 7000 btwavdt - ok
00:53:13.0289 7000 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
00:53:13.0289 7000 btwl2cap - ok
00:53:13.0289 7000 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
00:53:13.0305 7000 btwrchid - ok
00:53:13.0320 7000 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:53:13.0320 7000 cdfs - ok
00:53:13.0367 7000 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:53:13.0367 7000 cdrom - ok
00:53:13.0414 7000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:53:13.0414 7000 CertPropSvc - ok
00:53:13.0445 7000 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:53:13.0445 7000 circlass - ok
00:53:13.0476 7000 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:53:13.0476 7000 CLFS - ok
00:53:13.0539 7000 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:53:13.0554 7000 clr_optimization_v2.0.50727_32 - ok
00:53:13.0601 7000 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:53:13.0601 7000 clr_optimization_v2.0.50727_64 - ok
00:53:13.0648 7000 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:53:13.0679 7000 clr_optimization_v4.0.30319_32 - ok
00:53:13.0695 7000 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:53:13.0695 7000 clr_optimization_v4.0.30319_64 - ok
00:53:13.0726 7000 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:53:13.0726 7000 CmBatt - ok
00:53:13.0741 7000 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:53:13.0741 7000 cmdide - ok
00:53:13.0788 7000 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:53:13.0788 7000 CNG - ok
00:53:13.0851 7000 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:53:13.0851 7000 Compbatt - ok
00:53:13.0882 7000 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:53:13.0882 7000 CompositeBus - ok
00:53:13.0897 7000 COMSysApp - ok
00:53:13.0975 7000 [ AB82A8885AB9687D82AA51A4B4F62E2D ] CoordinatorServiceHost C:\Program Files\SolidWorks2010\SolidWorks\swScheduler\DTSCoordinatorService.exe
00:53:13.0975 7000 CoordinatorServiceHost - ok
00:53:14.0007 7000 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:53:14.0007 7000 crcdisk - ok
00:53:14.0053 7000 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:53:14.0053 7000 CryptSvc - ok
00:53:14.0100 7000 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
00:53:14.0100 7000 CSC - ok
00:53:14.0131 7000 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
00:53:14.0147 7000 CscService - ok
00:53:14.0194 7000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:53:14.0194 7000 DcomLaunch - ok
00:53:14.0241 7000 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:53:14.0241 7000 defragsvc - ok
00:53:14.0272 7000 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:53:14.0287 7000 DfsC - ok
00:53:14.0303 7000 dgderdrv - ok
00:53:14.0350 7000 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
00:53:14.0350 7000 dg_ssudbus - ok
00:53:14.0412 7000 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:53:14.0428 7000 Dhcp - ok
00:53:14.0459 7000 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:53:14.0459 7000 discache - ok
00:53:14.0506 7000 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:53:14.0506 7000 Disk - ok
00:53:14.0537 7000 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:53:14.0537 7000 Dnscache - ok
00:53:14.0584 7000 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:53:14.0584 7000 dot3svc - ok
00:53:14.0631 7000 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:53:14.0631 7000 DPS - ok
00:53:14.0662 7000 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:53:14.0662 7000 drmkaud - ok
00:53:14.0709 7000 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:53:14.0724 7000 DXGKrnl - ok
00:53:14.0740 7000 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:53:14.0740 7000 EapHost - ok
00:53:14.0818 7000 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:53:14.0896 7000 ebdrv - ok
00:53:14.0911 7000 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:53:14.0911 7000 EFS - ok
00:53:14.0958 7000 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:53:14.0974 7000 ehRecvr - ok
00:53:14.0974 7000 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:53:14.0989 7000 ehSched - ok
00:53:15.0036 7000 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:53:15.0036 7000 elxstor - ok
00:53:15.0067 7000 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:53:15.0067 7000 ErrDev - ok
00:53:15.0114 7000 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:53:15.0114 7000 EventSystem - ok
00:53:15.0192 7000 [ 532B8FF8E07F3772B086620377654F95 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:53:15.0208 7000 EvtEng - ok
00:53:15.0239 7000 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:53:15.0239 7000 exfat - ok
00:53:15.0255 7000 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:53:15.0255 7000 fastfat - ok
00:53:15.0333 7000 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:53:15.0333 7000 Fax - ok
00:53:15.0364 7000 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:53:15.0364 7000 fdc - ok
00:53:15.0395 7000 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:53:15.0395 7000 fdPHost - ok
00:53:15.0442 7000 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:53:15.0442 7000 FDResPub - ok
00:53:15.0504 7000 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:53:15.0504 7000 FileInfo - ok
00:53:15.0551 7000 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:53:15.0551 7000 Filetrace - ok
00:53:15.0613 7000 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:53:15.0629 7000 FLEXnet Licensing Service - ok
00:53:15.0691 7000 [ F1A9C61436E12A637A647870DD6D9EEF ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
00:53:15.0707 7000 FLEXnet Licensing Service 64 - ok
00:53:15.0738 7000 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:53:15.0738 7000 flpydisk - ok
00:53:15.0816 7000 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:53:15.0816 7000 FltMgr - ok
00:53:15.0894 7000 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:53:15.0910 7000 FontCache - ok
00:53:15.0972 7000 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:53:15.0972 7000 FontCache3.0.0.0 - ok
00:53:16.0050 7000 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:53:16.0050 7000 FsDepends - ok
00:53:16.0113 7000 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:53:16.0113 7000 Fs_Rec - ok
00:53:16.0159 7000 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:53:16.0159 7000 fvevol - ok
00:53:16.0191 7000 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:53:16.0191 7000 gagp30kx - ok
00:53:16.0269 7000 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:53:16.0269 7000 gpsvc - ok
00:53:16.0284 7000 gupdate - ok
00:53:16.0284 7000 gupdatem - ok
00:53:16.0315 7000 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:53:16.0315 7000 hcw85cir - ok
00:53:16.0362 7000 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:53:16.0378 7000 HdAudAddService - ok
00:53:16.0409 7000 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:53:16.0409 7000 HDAudBus - ok
00:53:16.0471 7000 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:53:16.0471 7000 HidBatt - ok
00:53:16.0503 7000 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:53:16.0503 7000 HidBth - ok
00:53:16.0503 7000 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:53:16.0503 7000 HidIr - ok
00:53:16.0549 7000 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:53:16.0549 7000 hidserv - ok
00:53:16.0596 7000 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:53:16.0596 7000 HidUsb - ok
00:53:16.0627 7000 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:53:16.0643 7000 hkmsvc - ok
00:53:16.0674 7000 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:53:16.0674 7000 HomeGroupListener - ok
00:53:16.0721 7000 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:53:16.0721 7000 HomeGroupProvider - ok
00:53:16.0768 7000 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:53:16.0768 7000 HpSAMD - ok
00:53:16.0830 7000 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:53:16.0846 7000 HTTP - ok
00:53:16.0877 7000 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:53:16.0893 7000 hwpolicy - ok
00:53:16.0908 7000 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:53:16.0908 7000 i8042prt - ok
00:53:16.0939 7000 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
00:53:16.0939 7000 IAANTMON - ok
00:53:16.0971 7000 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:53:16.0986 7000 iaStor - ok
00:53:17.0017 7000 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:53:17.0017 7000 iaStorV - ok
00:53:17.0064 7000 [ 2151176DB657AEFF9B873D23380C3F5B ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
00:53:17.0064 7000 IBMPMDRV - ok
00:53:17.0095 7000 [ C76A67AED080538D420550C903696788 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
00:53:17.0111 7000 IBMPMSVC - ok
00:53:17.0173 7000 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:53:17.0189 7000 idsvc - ok
00:53:17.0314 7000 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
00:53:17.0439 7000 igfx - ok
00:53:17.0470 7000 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:53:17.0470 7000 iirsp - ok
00:53:17.0532 7000 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:53:17.0532 7000 IKEEXT - ok
00:53:17.0641 7000 [ 28CEEFBD2C63F91DC17DED3E8D27ECF5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:53:17.0673 7000 IntcAzAudAddService - ok
00:53:17.0704 7000 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:53:17.0704 7000 intelide - ok
00:53:17.0719 7000 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:53:17.0719 7000 intelppm - ok
00:53:17.0751 7000 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:53:17.0751 7000 IPBusEnum - ok
00:53:17.0797 7000 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:53:17.0797 7000 IpFilterDriver - ok
00:53:17.0844 7000 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:53:17.0844 7000 iphlpsvc - ok
00:53:17.0875 7000 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:53:17.0875 7000 IPMIDRV - ok
00:53:17.0922 7000 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:53:17.0922 7000 IPNAT - ok
00:53:17.0938 7000 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:53:17.0938 7000 IRENUM - ok
00:53:17.0969 7000 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:53:17.0969 7000 isapnp - ok
00:53:18.0016 7000 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:53:18.0016 7000 iScsiPrt - ok
00:53:18.0047 7000 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
00:53:18.0047 7000 IviRegMgr - ok
00:53:18.0078 7000 [ E56417C56B6A7316B6F527C890A1860D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
00:53:18.0078 7000 JMCR - ok
00:53:18.0109 7000 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
00:53:18.0109 7000 kbdclass - ok
00:53:18.0141 7000 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:53:18.0141 7000 kbdhid - ok
00:53:18.0156 7000 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:53:18.0156 7000 KeyIso - ok
00:53:18.0187 7000 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:53:18.0187 7000 KSecDD - ok
00:53:18.0219 7000 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:53:18.0219 7000 KSecPkg - ok
00:53:18.0250 7000 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:53:18.0250 7000 ksthunk - ok
00:53:18.0297 7000 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:53:18.0297 7000 KtmRm - ok
00:53:18.0359 7000 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:53:18.0359 7000 LanmanServer - ok
00:53:18.0406 7000 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:53:18.0406 7000 LanmanWorkstation - ok
00:53:18.0468 7000 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
00:53:18.0468 7000 LENOVO.MICMUTE - ok
00:53:18.0515 7000 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
00:53:18.0515 7000 lenovo.smi - ok
00:53:18.0546 7000 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
00:53:18.0546 7000 Lenovo.VIRTSCRLSVC - ok
00:53:18.0577 7000 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:53:18.0577 7000 lltdio - ok
00:53:18.0609 7000 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:53:18.0624 7000 lltdsvc - ok
00:53:18.0640 7000 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:53:18.0640 7000 lmhosts - ok
00:53:18.0671 7000 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:53:18.0671 7000 LSI_FC - ok
00:53:18.0671 7000 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:53:18.0671 7000 LSI_SAS - ok
00:53:18.0687 7000 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:53:18.0687 7000 LSI_SAS2 - ok
00:53:18.0687 7000 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:53:18.0687 7000 LSI_SCSI - ok
00:53:18.0718 7000 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:53:18.0718 7000 luafv - ok
00:53:18.0749 7000 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:53:18.0749 7000 Mcx2Svc - ok
00:53:18.0749 7000 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:53:18.0749 7000 megasas - ok
00:53:18.0765 7000 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:53:18.0765 7000 MegaSR - ok
00:53:18.0796 7000 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:53:18.0796 7000 MMCSS - ok
00:53:18.0811 7000 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:53:18.0811 7000 Modem - ok
00:53:18.0843 7000 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:53:18.0843 7000 monitor - ok
00:53:18.0874 7000 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:53:18.0889 7000 mouclass - ok
00:53:18.0921 7000 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:53:18.0921 7000 mouhid - ok
00:53:18.0952 7000 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:53:18.0952 7000 mountmgr - ok
00:53:19.0014 7000 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:53:19.0014 7000 MozillaMaintenance - ok
00:53:19.0045 7000 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:53:19.0045 7000 mpio - ok
00:53:19.0061 7000 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:53:19.0061 7000 mpsdrv - ok
00:53:19.0123 7000 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:53:19.0123 7000 MpsSvc - ok
00:53:19.0170 7000 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:53:19.0170 7000 MRxDAV - ok
00:53:19.0201 7000 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:53:19.0201 7000 mrxsmb - ok
00:53:19.0233 7000 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:53:19.0233 7000 mrxsmb10 - ok
00:53:19.0233 7000 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:53:19.0248 7000 mrxsmb20 - ok
00:53:19.0264 7000 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:53:19.0264 7000 msahci - ok
00:53:19.0295 7000 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:53:19.0295 7000 msdsm - ok
00:53:19.0326 7000 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:53:19.0326 7000 MSDTC - ok
00:53:19.0357 7000 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:53:19.0357 7000 Msfs - ok
00:53:19.0389 7000 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:53:19.0389 7000 mshidkmdf - ok
00:53:19.0404 7000 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:53:19.0404 7000 msisadrv - ok
00:53:19.0435 7000 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:53:19.0435 7000 MSiSCSI - ok
00:53:19.0451 7000 msiserver - ok
00:53:19.0467 7000 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:53:19.0467 7000 MSKSSRV - ok
00:53:19.0498 7000 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:53:19.0498 7000 MSPCLOCK - ok
00:53:19.0513 7000 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:53:19.0513 7000 MSPQM - ok
00:53:19.0545 7000 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:53:19.0560 7000 MsRPC - ok
00:53:19.0576 7000 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:53:19.0591 7000 mssmbios - ok
00:53:19.0623 7000 MSSQL$MSSMLBIZ - ok
00:53:19.0654 7000 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
00:53:19.0654 7000 MSSQLServerADHelper - ok
00:53:19.0685 7000 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:53:19.0685 7000 MSTEE - ok
00:53:19.0701 7000 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:53:19.0701 7000 MTConfig - ok
00:53:19.0732 7000 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:53:19.0732 7000 Mup - ok
00:53:19.0763 7000 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:53:19.0779 7000 napagent - ok
00:53:19.0825 7000 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:53:19.0825 7000 NativeWifiP - ok
00:53:19.0888 7000 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:53:19.0888 7000 NDIS - ok
00:53:19.0919 7000 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:53:19.0919 7000 NdisCap - ok
00:53:19.0935 7000 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:53:19.0935 7000 NdisTapi - ok
00:53:19.0966 7000 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:53:19.0966 7000 Ndisuio - ok
00:53:19.0997 7000 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:53:20.0013 7000 NdisWan - ok
00:53:20.0059 7000 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:53:20.0059 7000 NDProxy - ok
00:53:20.0106 7000 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:53:20.0106 7000 NetBIOS - ok
00:53:20.0137 7000 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:53:20.0137 7000 NetBT - ok
00:53:20.0153 7000 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:53:20.0153 7000 Netlogon - ok
00:53:20.0215 7000 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:53:20.0215 7000 Netman - ok
00:53:20.0247 7000 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:53:20.0262 7000 netprofm - ok
00:53:20.0293 7000 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:53:20.0293 7000 NetTcpPortSharing - ok
00:53:20.0465 7000 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
00:53:20.0652 7000 NETw5s64 - ok
00:53:20.0761 7000 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
00:53:20.0871 7000 netw5v64 - ok
00:53:21.0073 7000 [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
00:53:21.0261 7000 NETwNs64 - ok
00:53:21.0292 7000 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:53:21.0292 7000 nfrd960 - ok
00:53:21.0354 7000 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:53:21.0354 7000 NlaSvc - ok
00:53:21.0370 7000 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:53:21.0370 7000 Npfs - ok
00:53:21.0401 7000 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:53:21.0401 7000 nsi - ok
00:53:21.0401 7000 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:53:21.0417 7000 nsiproxy - ok
00:53:21.0479 7000 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:53:21.0495 7000 Ntfs - ok
00:53:21.0526 7000 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:53:21.0526 7000 Null - ok
00:53:21.0557 7000 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:53:21.0557 7000 nvraid - ok
00:53:21.0573 7000 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:53:21.0573 7000 nvstor - ok
00:53:21.0604 7000 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:53:21.0604 7000 nv_agp - ok
00:53:21.0682 7000 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:53:21.0682 7000 odserv - ok
00:53:21.0697 7000 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:53:21.0713 7000 ohci1394 - ok
00:53:21.0760 7000 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:53:21.0760 7000 ose - ok
00:53:21.0791 7000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:53:21.0791 7000 p2pimsvc - ok
00:53:21.0822 7000 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:53:21.0838 7000 p2psvc - ok
00:53:21.0853 7000 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:53:21.0853 7000 Parport - ok
00:53:21.0900 7000 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:53:21.0900 7000 partmgr - ok
00:53:21.0916 7000 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:53:21.0916 7000 PcaSvc - ok
00:53:21.0947 7000 PCDSRVC{127174DC-C366ED8B-06000000}_0 - ok
00:53:21.0978 7000 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - ok
00:53:22.0009 7000 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:53:22.0009 7000 pci - ok
00:53:22.0025 7000 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:53:22.0025 7000 pciide - ok
00:53:22.0056 7000 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:53:22.0056 7000 pcmcia - ok
00:53:22.0087 7000 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:53:22.0087 7000 pcw - ok
00:53:22.0119 7000 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:53:22.0119 7000 PEAUTH - ok
00:53:22.0181 7000 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:53:22.0197 7000 PeerDistSvc - ok
00:53:22.0275 7000 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:53:22.0275 7000 PerfHost - ok
00:53:22.0337 7000 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:53:22.0368 7000 pla - ok
00:53:22.0399 7000 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:53:22.0399 7000 PlugPlay - ok
00:53:22.0431 7000 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:53:22.0431 7000 PNRPAutoReg - ok
00:53:22.0446 7000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:53:22.0446 7000 PNRPsvc - ok
00:53:22.0493 7000 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:53:22.0493 7000 PolicyAgent - ok
00:53:22.0540 7000 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
00:53:22.0540 7000 Power - ok
00:53:22.0602 7000 [ 4CADD52E1669693937360C7ED680365B ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
00:53:22.0618 7000 Power Manager DBC Service - ok
00:53:22.0649 7000 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:53:22.0649 7000 PptpMiniport - ok
00:53:22.0680 7000 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:53:22.0680 7000 Processor - ok
00:53:22.0696 7000 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:53:22.0711 7000 ProfSvc - ok
00:53:22.0727 7000 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:53:22.0727 7000 ProtectedStorage - ok
00:53:22.0758 7000 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
00:53:22.0774 7000 psadd - ok
00:53:22.0821 7000 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:53:22.0821 7000 Psched - ok
00:53:22.0852 7000 [ 71399B176DE1CAEFD5AD4287ABB9E8A3 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
00:53:22.0852 7000 PwmEWSvc - ok
00:53:22.0883 7000 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
00:53:22.0883 7000 PxHlpa64 - ok
00:53:22.0914 7000 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:53:22.0930 7000 ql2300 - ok
00:53:22.0961 7000 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:53:22.0961 7000 ql40xx - ok
00:53:22.0992 7000 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:53:22.0992 7000 QWAVE - ok
00:53:23.0008 7000 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:53:23.0008 7000 QWAVEdrv - ok
00:53:23.0023 7000 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:53:23.0023 7000 RasAcd - ok
00:53:23.0055 7000 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:53:23.0055 7000 RasAgileVpn - ok
00:53:23.0055 7000 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:53:23.0070 7000 RasAuto - ok
00:53:23.0101 7000 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:53:23.0101 7000 Rasl2tp - ok
00:53:23.0164 7000 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:53:23.0164 7000 RasMan - ok
00:53:23.0195 7000 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:53:23.0195 7000 RasPppoe - ok
00:53:23.0211 7000 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:53:23.0226 7000 RasSstp - ok
00:53:23.0273 7000 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:53:23.0273 7000 rdbss - ok
00:53:23.0289 7000 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:53:23.0289 7000 rdpbus - ok
00:53:23.0289 7000 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:53:23.0289 7000 RDPCDD - ok
00:53:23.0335 7000 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:53:23.0335 7000 RDPDR - ok
00:53:23.0351 7000 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:53:23.0351 7000 RDPENCDD - ok
00:53:23.0382 7000 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:53:23.0382 7000 RDPREFMP - ok
00:53:23.0413 7000 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:53:23.0413 7000 RDPWD - ok
00:53:23.0476 7000 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:53:23.0476 7000 rdyboost - ok
00:53:23.0554 7000 [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:53:23.0569 7000 RegSrvc - ok
00:53:23.0601 7000 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:53:23.0601 7000 RemoteAccess - ok
00:53:23.0632 7000 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:53:23.0632 7000 RemoteRegistry - ok
00:53:23.0663 7000 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
00:53:23.0663 7000 RFCOMM - ok
00:53:23.0710 7000 [ 14A99FD851272C73B758546EF8F0E641 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
00:53:23.0710 7000 Roxio UPnP Renderer 10 - ok
00:53:23.0725 7000 [ BA917F2F2BD5033E70823797C73CDFCB ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
00:53:23.0741 7000 Roxio Upnp Server 10 - ok
00:53:23.0803 7000 [ 8986D20CF294D794A79FB18FF697B68B ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
00:53:23.0803 7000 RoxLiveShare10 - ok
00:53:23.0835 7000 [ D8C44229EB2495E774350529ED9BE08D ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
00:53:23.0850 7000 RoxMediaDB10 - ok
00:53:23.0866 7000 [ 53716357F4B3C99112CF0A21932C5688 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
00:53:23.0866 7000 RoxWatch10 - ok
00:53:23.0897 7000 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:53:23.0897 7000 RpcEptMapper - ok
00:53:23.0928 7000 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:53:23.0928 7000 RpcLocator - ok
00:53:23.0975 7000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:53:23.0975 7000 RpcSs - ok
00:53:24.0022 7000 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:53:24.0022 7000 rspndr - ok
00:53:24.0069 7000 [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
00:53:24.0069 7000 RTHDMIAzAudService - ok
00:53:24.0115 7000 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:53:24.0115 7000 RTL8167 - ok
00:53:24.0147 7000 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
00:53:24.0162 7000 s3cap - ok
00:53:24.0162 7000 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:53:24.0178 7000 SamSs - ok
00:53:24.0193 7000 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:53:24.0193 7000 sbp2port - ok
00:53:24.0365 7000 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService E:\Programme\Spybot - Search & Destroy\SDWinSec.exe
00:53:24.0381 7000 SBSDWSCService - ok
00:53:24.0427 7000 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:53:24.0427 7000 SCardSvr - ok
00:53:24.0474 7000 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:53:24.0474 7000 scfilter - ok
00:53:24.0537 7000 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:53:24.0552 7000 Schedule - ok
00:53:24.0583 7000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:53:24.0583 7000 SCPolicySvc - ok
00:53:24.0630 7000 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
00:53:24.0630 7000 sdbus - ok
00:53:24.0661 7000 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:53:24.0661 7000 SDRSVC - ok
00:53:24.0693 7000 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:53:24.0693 7000 secdrv - ok
00:53:24.0739 7000 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:53:24.0739 7000 seclogon - ok
00:53:24.0771 7000 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:53:24.0771 7000 SENS - ok
00:53:24.0786 7000 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:53:24.0786 7000 SensrSvc - ok
00:53:24.0817 7000 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:53:24.0817 7000 Serenum - ok
00:53:24.0833 7000 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:53:24.0833 7000 Serial - ok
00:53:24.0849 7000 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:53:24.0849 7000 sermouse - ok
00:53:24.0911 7000 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:53:24.0911 7000 SessionEnv - ok
00:53:24.0942 7000 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:53:24.0942 7000 sffdisk - ok
00:53:24.0958 7000 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:53:24.0958 7000 sffp_mmc - ok
00:53:24.0973 7000 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:53:24.0973 7000 sffp_sd - ok
00:53:25.0005 7000 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:53:25.0005 7000 sfloppy - ok
00:53:25.0020 7000 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:53:25.0036 7000 SharedAccess - ok
00:53:25.0083 7000 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:53:25.0083 7000 ShellHWDetection - ok
00:53:25.0114 7000 [ C3F190562FE82EFDA7CCEF305EBAD3E3 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
00:53:25.0114 7000 Shockprf - ok
00:53:25.0129 7000 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:53:25.0129 7000 SiSRaid2 - ok
00:53:25.0129 7000 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:53:25.0129 7000 SiSRaid4 - ok
00:53:25.0192 7000 [ B7FBC508933553828E0948B537FD7984 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:53:25.0192 7000 SkypeUpdate - ok
00:53:25.0223 7000 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:53:25.0223 7000 Smb - ok
00:53:25.0270 7000 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:53:25.0270 7000 SNMPTRAP - ok
00:53:25.0317 7000 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
00:53:25.0317 7000 SolidWorks Licensing Service - ok
00:53:25.0426 7000 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
00:53:25.0426 7000 speedfan - ok
00:53:25.0457 7000 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:53:25.0457 7000 spldr - ok
00:53:25.0488 7000 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:53:25.0504 7000 Spooler - ok
00:53:25.0613 7000 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:53:25.0691 7000 sppsvc - ok
00:53:25.0722 7000 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:53:25.0738 7000 sppuinotify - ok
00:53:25.0753 7000 sptd - ok
00:53:25.0816 7000 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
00:53:25.0816 7000 SQLBrowser - ok
00:53:25.0863 7000 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:53:25.0863 7000 SQLWriter - ok
00:53:25.0894 7000 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:53:25.0894 7000 srv - ok
00:53:25.0925 7000 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:53:25.0925 7000 srv2 - ok
00:53:25.0972 7000 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:53:25.0972 7000 SrvHsfHDA - ok
00:53:26.0003 7000 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:53:26.0019 7000 SrvHsfV92 - ok
00:53:26.0050 7000 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:53:26.0065 7000 SrvHsfWinac - ok
00:53:26.0097 7000 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:53:26.0097 7000 srvnet - ok
00:53:26.0128 7000 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:53:26.0128 7000 SSDPSRV - ok
00:53:26.0159 7000 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:53:26.0175 7000 SstpSvc - ok
00:53:26.0221 7000 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
00:53:26.0221 7000 ssudmdm - ok
00:53:26.0268 7000 [ F161567B90721F4C42BD5F95A4C9B2D0 ] ssudobex C:\Windows\system32\DRIVERS\ssudobex.sys
00:53:26.0268 7000 ssudobex - ok
00:53:26.0299 7000 Steam Client Service - ok
00:53:26.0315 7000 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:53:26.0315 7000 stexstor - ok
00:53:26.0377 7000 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:53:26.0377 7000 stisvc - ok
00:53:26.0424 7000 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
00:53:26.0424 7000 stllssvr - ok
00:53:26.0440 7000 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:53:26.0455 7000 storflt - ok
00:53:26.0487 7000 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
00:53:26.0502 7000 StorSvc - ok
00:53:26.0518 7000 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:53:26.0518 7000 storvsc - ok
00:53:26.0549 7000 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:53:26.0549 7000 swenum - ok
00:53:26.0580 7000 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:53:26.0596 7000 swprv - ok
00:53:26.0627 7000 [ C0B7405C899C485AA0B6F9866A4061CD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:53:26.0627 7000 SynTP - ok
00:53:26.0705 7000 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:53:26.0736 7000 SysMain - ok
00:53:26.0767 7000 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:53:26.0767 7000 TabletInputService - ok
00:53:26.0799 7000 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:53:26.0799 7000 TapiSrv - ok
00:53:26.0814 7000 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:53:26.0830 7000 TBS - ok
00:53:26.0892 7000 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:53:26.0908 7000 Tcpip - ok
00:53:26.0939 7000 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:53:26.0955 7000 TCPIP6 - ok
00:53:26.0986 7000 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:53:26.0986 7000 tcpipreg - ok
00:53:27.0001 7000 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:53:27.0001 7000 TDPIPE - ok
00:53:27.0033 7000 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:53:27.0033 7000 TDTCP - ok
00:53:27.0079 7000 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:53:27.0079 7000 tdx - ok
00:53:27.0111 7000 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:53:27.0111 7000 TermDD - ok
00:53:27.0142 7000 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:53:27.0142 7000 TermService - ok
00:53:27.0173 7000 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:53:27.0189 7000 Themes - ok
00:53:27.0204 7000 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:53:27.0220 7000 THREADORDER - ok
00:53:27.0220 7000 [ 1BB77ECCBFA3675B1EE8D6D6D37A1E1E ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
00:53:27.0220 7000 TPDIGIMN - ok
00:53:27.0251 7000 [ 88F81D810FF16AC65B02643DAF308D4F ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
00:53:27.0251 7000 TPHDEXLGSVC - ok
00:53:27.0298 7000 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
00:53:27.0298 7000 TPHKLOAD - ok
00:53:27.0345 7000 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
00:53:27.0345 7000 TPHKSVC - ok
00:53:27.0360 7000 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
00:53:27.0360 7000 TPM - ok
00:53:27.0391 7000 [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
00:53:27.0391 7000 TPPWRIF - ok
00:53:27.0423 7000 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:53:27.0423 7000 TrkWks - ok
00:53:27.0485 7000 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:53:27.0485 7000 TrustedInstaller - ok
00:53:27.0532 7000 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:53:27.0532 7000 tssecsrv - ok
00:53:27.0579 7000 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:53:27.0579 7000 TsUsbFlt - ok
00:53:27.0625 7000 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:53:27.0625 7000 tunnel - ok
00:53:27.0672 7000 TVICPORT - ok
00:53:27.0735 7000 [ A65643ED30A30E46317C0B25818BC9B7 ] TVicPort64 C:\Windows\system32\drivers\TVicPort64.sys
00:53:27.0735 7000 TVicPort64 - ok
00:53:27.0750 7000 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:53:27.0750 7000 uagp35 - ok
00:53:27.0781 7000 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:53:27.0797 7000 udfs - ok
00:53:27.0906 7000 [ A3A5DCF65B4AC8D98C7E2DD9B58B37A3 ] UGS License Server (ugslmd) E:\Programme\NX8\License Server\lmgrd.exe
00:53:27.0922 7000 UGS License Server (ugslmd) - ok
00:53:27.0969 7000 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:53:27.0969 7000 UI0Detect - ok
00:53:28.0015 7000 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:53:28.0015 7000 uliagpkx - ok
00:53:28.0062 7000 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:53:28.0062 7000 umbus - ok
00:53:28.0078 7000 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:53:28.0078 7000 UmPass - ok
00:53:28.0109 7000 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
00:53:28.0125 7000 UmRdpService - ok
00:53:28.0156 7000 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:53:28.0156 7000 upnphost - ok
00:53:28.0171 7000 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:53:28.0171 7000 usbccgp - ok
00:53:28.0187 7000 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:53:28.0187 7000 usbcir - ok
00:53:28.0203 7000 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:53:28.0203 7000 usbehci - ok
00:53:28.0249 7000 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:53:28.0249 7000 usbhub - ok
00:53:28.0281 7000 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:53:28.0281 7000 usbohci - ok
00:53:28.0312 7000 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:53:28.0312 7000 usbprint - ok
00:53:28.0312 7000 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:53:28.0327 7000 usbscan - ok
00:53:28.0343 7000 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:53:28.0343 7000 USBSTOR - ok
00:53:28.0374 7000 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:53:28.0374 7000 usbuhci - ok
00:53:28.0405 7000 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
00:53:28.0421 7000 usbvideo - ok
00:53:28.0468 7000 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
00:53:28.0468 7000 usb_rndisx - ok
00:53:28.0499 7000 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:53:28.0499 7000 UxSms - ok
00:53:28.0530 7000 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:53:28.0530 7000 VaultSvc - ok
00:53:28.0561 7000 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:53:28.0561 7000 vdrvroot - ok
00:53:28.0593 7000 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:53:28.0608 7000 vds - ok
00:53:28.0639 7000 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:53:28.0639 7000 vga - ok
00:53:28.0655 7000 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:53:28.0655 7000 VgaSave - ok
00:53:28.0671 7000 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:53:28.0686 7000 vhdmp - ok
00:53:28.0702 7000 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:53:28.0702 7000 viaide - ok
00:53:28.0717 7000 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:53:28.0717 7000 vmbus - ok
00:53:28.0733 7000 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
00:53:28.0749 7000 VMBusHID - ok
00:53:28.0764 7000 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:53:28.0764 7000 volmgr - ok
00:53:28.0811 7000 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:53:28.0811 7000 volmgrx - ok
00:53:28.0842 7000 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:53:28.0858 7000 volsnap - ok
00:53:28.0873 7000 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:53:28.0873 7000 vsmraid - ok
00:53:28.0936 7000 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:53:28.0951 7000 VSS - ok
00:53:28.0967 7000 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:53:28.0967 7000 vwifibus - ok
00:53:29.0014 7000 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:53:29.0014 7000 vwififlt - ok
00:53:29.0045 7000 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
00:53:29.0045 7000 vwifimp - ok
00:53:29.0076 7000 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:53:29.0092 7000 W32Time - ok
00:53:29.0107 7000 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:53:29.0107 7000 WacomPen - ok
00:53:29.0154 7000 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:53:29.0170 7000 WANARP - ok
00:53:29.0170 7000 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:53:29.0170 7000 Wanarpv6 - ok
00:53:29.0248 7000 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:53:29.0263 7000 WatAdminSvc - ok
00:53:29.0310 7000 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:53:29.0326 7000 wbengine - ok
00:53:29.0357 7000 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:53:29.0357 7000 WbioSrvc - ok
00:53:29.0404 7000 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:53:29.0419 7000 wcncsvc - ok
00:53:29.0435 7000 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:53:29.0435 7000 WcsPlugInService - ok
00:53:29.0451 7000 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:53:29.0466 7000 Wd - ok
00:53:29.0497 7000 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:53:29.0497 7000 Wdf01000 - ok
00:53:29.0513 7000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:53:29.0529 7000 WdiServiceHost - ok
00:53:29.0529 7000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:53:29.0529 7000 WdiSystemHost - ok
00:53:29.0575 7000 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:53:29.0575 7000 WebClient - ok
00:53:29.0591 7000 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:53:29.0591 7000 Wecsvc - ok
00:53:29.0622 7000 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:53:29.0622 7000 wercplsupport - ok
00:53:29.0638 7000 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:53:29.0638 7000 WerSvc - ok
00:53:29.0669 7000 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:53:29.0669 7000 WfpLwf - ok
00:53:29.0685 7000 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:53:29.0685 7000 WIMMount - ok
00:53:29.0700 7000 WinDefend - ok
00:53:29.0716 7000 WinHttpAutoProxySvc - ok
00:53:29.0763 7000 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:53:29.0763 7000 Winmgmt - ok
00:53:29.0841 7000 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:53:29.0872 7000 WinRM - ok
00:53:29.0919 7000 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
00:53:29.0919 7000 WinUSB - ok
00:53:29.0965 7000 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:53:29.0965 7000 Wlansvc - ok
00:53:30.0012 7000 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:53:30.0012 7000 WmiAcpi - ok
00:53:30.0043 7000 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:53:30.0043 7000 wmiApSrv - ok
00:53:30.0090 7000 WMPNetworkSvc - ok
00:53:30.0106 7000 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:53:30.0106 7000 WPCSvc - ok
00:53:30.0137 7000 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:53:30.0137 7000 WPDBusEnum - ok
00:53:30.0168 7000 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:53:30.0168 7000 ws2ifsl - ok
00:53:30.0199 7000 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
00:53:30.0199 7000 wscsvc - ok
00:53:30.0215 7000 WSearch - ok
00:53:30.0293 7000 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:53:30.0309 7000 wuauserv - ok
00:53:30.0355 7000 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:53:30.0355 7000 WudfPf - ok
00:53:30.0387 7000 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:53:30.0387 7000 WUDFRd - ok
00:53:30.0433 7000 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:53:30.0433 7000 wudfsvc - ok
00:53:30.0480 7000 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:53:30.0480 7000 WwanSvc - ok
00:53:30.0527 7000 ================ Scan global ===============================
00:53:30.0574 7000 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:53:30.0621 7000 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
00:53:30.0636 7000 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
00:53:30.0652 7000 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:53:30.0683 7000 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:53:30.0699 7000 [Global] - ok
00:53:30.0699 7000 ================ Scan MBR ==================================
00:53:30.0714 7000 [ 64D7BED8676774A49DA5E8B37D00B888 ] \Device\Harddisk0\DR0
00:53:30.0901 7000 \Device\Harddisk0\DR0 - ok
00:53:30.0901 7000 ================ Scan VBR ==================================
00:53:30.0901 7000 [ F4D5B6E66051D5BA50FCDE8C22F784E6 ] \Device\Harddisk0\DR0\Partition1
00:53:30.0917 7000 \Device\Harddisk0\DR0\Partition1 - ok
00:53:30.0917 7000 [ D5EFFC721A0AD73046CC3BE27C7B9B94 ] \Device\Harddisk0\DR0\Partition2
00:53:30.0917 7000 \Device\Harddisk0\DR0\Partition2 - ok
00:53:30.0948 7000 [ FD902F94700B4CC7D46394AB31401465 ] \Device\Harddisk0\DR0\Partition3
00:53:30.0948 7000 \Device\Harddisk0\DR0\Partition3 - ok
00:53:30.0979 7000 [ B7DEAD3994CC9FFDA96D11E039084B53 ] \Device\Harddisk0\DR0\Partition4
00:53:30.0979 7000 \Device\Harddisk0\DR0\Partition4 - ok
00:53:30.0979 7000 ============================================================
00:53:30.0979 7000 Scan finished
00:53:30.0979 7000 ============================================================
00:53:30.0995 9768 Detected object count: 0
00:53:30.0995 9768 Actual detected object count: 0
00:54:05.0724 11576 Deinitialize success
|
|
12.11.2012, 17:01
| #4 | |
| /// TB-Ausbilder | svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter Servus, Schritt 1 Ich sehe, dass du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall uTorrent. Diese Programme erlauben es dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und das ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass du dir eine infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art von Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software / Programme deinstallieren und deinstalliere die oben genannte Software. Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst. Schritt 2 Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall CCleaner. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende der Bereinigung empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Schritt 3 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 4 Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste mit deiner nächsten Antwort
|
|
13.11.2012, 18:41
| #5 |
| | svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter utorrent deinstalliert ccleaner hatte bis jetzt keine Probleme bereitet, aber ich werde in Zukunft noch vorsichtiger damit umgehen. Die ersten beiden Logfiles sind von adwcleaner und combofix. Anschließend sind nochmal die Logfiles von tdsskiller, otl und aswmbt angehängt. Ich habe die Tests nochmals laufen lassen, als svchost gerade mal wieder die CPU zu 100% ausgelastet hat. voilà: Combofix Logfile: Code:
ATTFilter ComboFix 12-11-12.03 - Icke 13.11.2012 20:55:35.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4061.2418 [GMT 4:00]
ausgeführt von:: c:\users\Icke\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
c:\programdata\Roaming
c:\windows\SysWow64\muzapp.exe
Q:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-13 bis 2012-11-13 ))))))))))))))))))))))))))))))
.
.
2012-11-13 17:05 . 2012-11-13 17:05 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-11-13 17:05 . 2012-11-13 17:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-13 08:43 . 2012-11-13 15:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{795EE732-AD67-4037-9928-AA4BC8D4CC3C}\offreg.dll
2012-11-13 08:20 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{795EE732-AD67-4037-9928-AA4BC8D4CC3C}\mpengine.dll
2012-11-12 17:07 . 2012-11-12 17:07 -------- d-----w- c:\programdata\Navigator
2012-11-12 17:07 . 2012-11-12 17:07 -------- dc----w- c:\users\Icke\AppData\Roaming\Navigator
2012-11-12 08:07 . 2012-08-20 11:48 19032 ------w- c:\windows\system32\pwdrvio.sys
2012-11-12 08:07 . 2012-08-20 11:48 2966720 ----a-w- c:\windows\system32\pwNative.exe
2012-11-12 08:07 . 2012-08-20 11:48 12384 ------w- c:\windows\system32\pwdspio.sys
2012-11-09 09:38 . 2012-11-09 09:38 -------- dc----w- c:\users\Icke\AppData\Roaming\Malwarebytes
2012-11-09 09:38 . 2012-11-09 09:38 -------- d-----w- c:\programdata\Malwarebytes
2012-11-09 09:38 . 2012-09-29 15:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-09 08:21 . 2012-11-09 08:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-25 10:43 . 2012-09-24 19:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-15 08:38 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudobex.sys
2012-10-15 08:38 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-10-15 08:38 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-10-15 08:08 . 2012-10-28 20:19 -------- d-----w- C:\Temp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 21:31 . 2012-07-10 09:36 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 21:31 . 2012-07-10 09:36 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-23 10:18 . 2012-03-30 21:27 364096 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-23 10:18 . 2012-03-30 21:27 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-23 10:18 . 2012-03-30 21:27 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-23 10:18 . 2012-03-30 21:27 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-23 10:18 . 2012-03-30 21:27 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-23 10:17 . 2012-03-30 21:27 41224 ----a-w- c:\windows\avastSS.scr
2012-10-23 10:17 . 2012-03-30 21:27 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-23 10:17 . 2012-03-30 21:27 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-03-30 21:27 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-11 22:03 . 2010-02-06 06:55 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-26 15:53 . 2012-09-26 15:52 95760 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-09-26 11:57 . 2012-05-23 16:49 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-09-17 16:18 . 2012-07-10 09:30 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-17 16:18 . 2012-07-10 09:30 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-14 19:19 . 2012-10-11 11:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-11 11:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-03 07:25 . 2012-09-03 07:25 6656 ----a-w- c:\windows\SysWow64\Rus_ME.dll
2012-09-03 07:25 . 2012-09-03 07:25 7168 ----a-w- c:\windows\system32\Rus_ME.dll
2012-09-02 13:14 . 2012-09-02 13:14 7168 ----a-w- c:\windows\system32\Rus_MOD.dll
2012-09-02 13:14 . 2012-09-02 13:14 6656 ----a-w- c:\windows\SysWow64\Rus_MOD.dll
2012-08-31 18:19 . 2012-10-11 11:22 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-11 11:22 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-11 11:21 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-11 11:21 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-24 18:05 . 2012-10-11 11:19 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-11 11:19 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 22:22 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 22:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 22:22 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 22:22 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 22:22 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 22:22 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 22:22 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 22:22 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 22:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 22:22 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 22:22 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 22:22 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 22:22 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 22:22 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 22:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 22:22 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 22:22 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 22:22 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 22:22 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 22:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 22:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 22:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 01:26 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 01:26 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 01:26 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 01:26 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 06:46 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-11 11:21 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-11 11:20 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-11 11:20 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-11 11:21 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-11 11:20 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-11 11:21 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-11 11:21 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-11 11:21 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-11 11:20 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 11:20 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-11 11:20 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-11 11:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-11 11:20 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-11 11:20 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-11 11:21 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-11 11:20 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 11:20 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 11:20 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 11:20 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 -c--a-w- c:\users\Icke\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 -c--a-w- c:\users\Icke\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 -c--a-w- c:\users\Icke\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 -c--a-w- c:\users\Icke\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17420464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-02-28 1631808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
SyncToy 2.1(x64).lnk - c:\windows\Installer\{88DAAF05-5A72-46D2-A7C5-C3759697E943}\_6FEFF9B68218417F98F549.exe [2012-9-11 9454]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks2010\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-07-03 1315592]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PCDSRVC{127174DC-C366ED8B-06000000}_0;PCDSRVC{127174DC-C366ED8B-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0;PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-02-28 89152]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-08-20 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-08-20 12384]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-02-28 244800]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2012-09-20 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-25 1255736]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-04 313840]
R4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-04 362992]
R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-04 309744]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
R4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-04 166384]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-29 23664]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-23 71600]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 SBSDWSCService;SBSD Security Center Service;e:\programme\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 TVicPort64;TVicPort64; [x]
S2 UGS License Server (ugslmd);UGS-Lizenzserver (ugslmd);e:\programme\NX8\License Server\lmgrd.exe [2009-07-07 1510152]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-09-26 95760]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-03-30 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-13 174168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 21:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 10:17 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 -c--a-w- c:\users\Icke\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 -c--a-w- c:\users\Icke\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 -c--a-w- c:\users\Icke\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 -c--a-w- c:\users\Icke\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10081312]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ecosia.org/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\
FF - prefs.js: browser.startup.homepage - hxxp://ecosia.org
FF - prefs.js: network.proxy.http - 192.168.54.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: 2012-09-17 11:16; en-US@dictionaries.addons.mozilla.org; c:\users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\en-US@dictionaries.addons.mozilla.org
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Setup Utility 12.0 - e:\programme\Navigator12\Setup Utility\clickertray.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{184E4FA0-DE8C26D4-06000000}_0]
"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-13 21:09:20
ComboFix-quarantined-files.txt 2012-11-13 17:09
.
Vor Suchlauf: 14 Verzeichnis(se), 58.057.699.328 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 57.408.483.328 Bytes frei
.
- - End Of File - - 2301ECB6AE37096DE8F3069BEDD2FAE2
--- --- --- adwcleaner Code:
ATTFilter # AdwCleaner v2.007 - Datei am 13/11/2012 um 18:24:12 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Icke - ICKE-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Icke\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Icke\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.10.1652.0
Datei : C:\Users\Icke\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2053 octets] - [13/11/2012 18:24:12]
########## EOF - C:\AdwCleaner[S1].txt - [2113 octets] ##########
Code:
ATTFilter 17:39:31.0982 48072 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:39:32.0128 48072 ============================================================
17:39:32.0128 48072 Current date / time: 2012/11/13 17:39:32.0128
17:39:32.0128 48072 SystemInfo:
17:39:32.0128 48072
17:39:32.0128 48072 OS Version: 6.1.7601 ServicePack: 1.0
17:39:32.0128 48072 Product type: Workstation
17:39:32.0128 48072 ComputerName: ICKE-THINK
17:39:32.0128 48072 UserName: Icke
17:39:32.0128 48072 Windows directory: C:\Windows
17:39:32.0128 48072 System windows directory: C:\Windows
17:39:32.0129 48072 Running under WOW64
17:39:32.0129 48072 Processor architecture: Intel x64
17:39:32.0129 48072 Number of processors: 2
17:39:32.0129 48072 Page size: 0x1000
17:39:32.0129 48072 Boot type: Normal boot
17:39:32.0129 48072 ============================================================
17:39:33.0071 48072 Drive \Device\Harddisk1\DR8 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
17:39:33.0085 48072 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:39:33.0108 48072 Drive \Device\Harddisk1\DR8 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:39:33.0112 48072 ============================================================
17:39:33.0112 48072 \Device\Harddisk1\DR8:
17:39:33.0112 48072 MBR partitions:
17:39:33.0112 48072 \Device\Harddisk1\DR8\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
17:39:33.0112 48072 \Device\Harddisk0\DR0:
17:39:33.0128 48072 MBR partitions:
17:39:33.0128 48072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
17:39:33.0128 48072 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0xD6D8000
17:39:33.0144 48072 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD931000, BlocksNum 0x16775000
17:39:33.0144 48072 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x13882B0
17:39:33.0144 48072 \Device\Harddisk1\DR8:
17:39:33.0144 48072 MBR partitions:
17:39:33.0144 48072 \Device\Harddisk1\DR8\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
17:39:33.0144 48072 ============================================================
17:39:33.0181 48072 C: <-> \Device\Harddisk0\DR0\Partition2
17:39:33.0257 48072 Q: <-> \Device\Harddisk0\DR0\Partition4
17:39:33.0293 48072 E: <-> \Device\Harddisk0\DR0\Partition3
17:39:33.0294 48072 ============================================================
17:39:33.0294 48072 Initialize success
17:39:33.0294 48072 ============================================================
17:39:35.0434 48116 ============================================================
17:39:35.0434 48116 Scan started
17:39:35.0434 48116 Mode: Manual;
17:39:35.0434 48116 ============================================================
17:39:37.0294 48116 ================ Scan system memory ========================
17:39:37.0294 48116 System memory - ok
17:39:37.0294 48116 ================ Scan services =============================
17:39:37.0559 48116 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:39:37.0561 48116 1394ohci - ok
17:39:37.0592 48116 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:39:37.0596 48116 ACPI - ok
17:39:37.0657 48116 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:39:37.0658 48116 AcpiPmi - ok
17:39:37.0791 48116 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:39:37.0792 48116 AdobeARMservice - ok
17:39:37.0983 48116 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:39:37.0985 48116 AdobeFlashPlayerUpdateSvc - ok
17:39:38.0039 48116 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:39:38.0044 48116 adp94xx - ok
17:39:38.0064 48116 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:39:38.0069 48116 adpahci - ok
17:39:38.0077 48116 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:39:38.0079 48116 adpu320 - ok
17:39:38.0138 48116 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:39:38.0140 48116 AeLookupSvc - ok
17:39:38.0191 48116 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:39:38.0196 48116 AFD - ok
17:39:38.0242 48116 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:39:38.0243 48116 agp440 - ok
17:39:38.0322 48116 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:39:38.0324 48116 ALG - ok
17:39:38.0363 48116 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:39:38.0364 48116 aliide - ok
17:39:38.0401 48116 [ F238BE4FA4E55EB67F17281FADF69851 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:39:38.0404 48116 AMD External Events Utility - ok
17:39:38.0474 48116 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:39:38.0474 48116 amdide - ok
17:39:38.0512 48116 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:39:38.0513 48116 AmdK8 - ok
17:39:39.0781 48116 [ 2DB9047AAC9D981F59CE06D04D70C4D8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:39:39.0926 48116 amdkmdag - ok
17:39:39.0983 48116 [ 2D9005EA0BFD25C740E53C8DD3C069E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:39:39.0987 48116 amdkmdap - ok
17:39:40.0012 48116 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:39:40.0013 48116 AmdPPM - ok
17:39:40.0057 48116 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:39:40.0058 48116 amdsata - ok
17:39:40.0082 48116 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:39:40.0084 48116 amdsbs - ok
17:39:40.0105 48116 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:39:40.0105 48116 amdxata - ok
17:39:40.0140 48116 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
17:39:40.0142 48116 AMPPAL - ok
17:39:40.0160 48116 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
17:39:40.0162 48116 AMPPALP - ok
17:39:40.0269 48116 [ 2CC0CBF2707BE4D5B6CE6B87D9DA2F97 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
17:39:40.0277 48116 AMPPALR3 - ok
17:39:40.0320 48116 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:39:40.0321 48116 AppID - ok
17:39:40.0347 48116 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:39:40.0348 48116 AppIDSvc - ok
17:39:40.0395 48116 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:39:40.0396 48116 Appinfo - ok
17:39:40.0421 48116 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:39:40.0423 48116 AppMgmt - ok
17:39:40.0449 48116 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:39:40.0450 48116 arc - ok
17:39:40.0460 48116 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:39:40.0461 48116 arcsas - ok
17:39:40.0490 48116 [ F9278A56E92DF6B16476431B582236B4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
17:39:40.0491 48116 aswFsBlk - ok
17:39:40.0522 48116 [ FA86861F5B30A2909F8A555ACCF10F33 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:39:40.0523 48116 aswMonFlt - ok
17:39:40.0560 48116 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
17:39:40.0560 48116 aswRdr - ok
17:39:40.0601 48116 [ 0CB9A8CFB177E4FBA9F3A3D7EB038AC7 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:39:40.0611 48116 aswSnx - ok
17:39:40.0650 48116 [ 27215E171E212EA5770406EC216F7409 ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:39:40.0654 48116 aswSP - ok
17:39:40.0674 48116 [ 88AF99223812186A8046001EA22DAB86 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
17:39:40.0675 48116 aswTdi - ok
17:39:40.0713 48116 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:39:40.0713 48116 AsyncMac - ok
17:39:40.0753 48116 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:39:40.0754 48116 atapi - ok
17:39:40.0806 48116 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:39:40.0807 48116 AtiHDAudioService - ok
17:39:40.0981 48116 [ 2DB9047AAC9D981F59CE06D04D70C4D8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:39:41.0017 48116 atikmdag - ok
17:39:41.0092 48116 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:39:41.0099 48116 AudioEndpointBuilder - ok
17:39:41.0111 48116 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:39:41.0116 48116 AudioSrv - ok
17:39:41.0171 48116 [ FB05FF189FC5F57DE636315B1F5E56DB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:39:41.0172 48116 avast! Antivirus - ok
17:39:41.0223 48116 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:39:41.0224 48116 AxInstSV - ok
17:39:41.0257 48116 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:39:41.0261 48116 b06bdrv - ok
17:39:41.0289 48116 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:39:41.0292 48116 b57nd60a - ok
17:39:41.0407 48116 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
17:39:41.0410 48116 BBSvc - ok
17:39:41.0493 48116 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
17:39:41.0497 48116 BBUpdate - ok
17:39:41.0545 48116 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:39:41.0546 48116 BcmSqlStartupSvc - ok
17:39:41.0572 48116 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:39:41.0573 48116 BDESVC - ok
17:39:41.0604 48116 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:39:41.0605 48116 Beep - ok
17:39:41.0682 48116 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:39:41.0690 48116 BFE - ok
17:39:41.0731 48116 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:39:41.0742 48116 BITS - ok
17:39:41.0768 48116 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:39:41.0769 48116 blbdrive - ok
17:39:41.0799 48116 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:39:41.0800 48116 bowser - ok
17:39:41.0821 48116 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:39:41.0822 48116 BrFiltLo - ok
17:39:41.0854 48116 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:39:41.0855 48116 BrFiltUp - ok
17:39:41.0885 48116 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:39:41.0887 48116 Browser - ok
17:39:41.0896 48116 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:39:41.0899 48116 Brserid - ok
17:39:41.0908 48116 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:39:41.0909 48116 BrSerWdm - ok
17:39:41.0916 48116 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:39:41.0917 48116 BrUsbMdm - ok
17:39:41.0923 48116 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:39:41.0923 48116 BrUsbSer - ok
17:39:41.0967 48116 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:39:41.0968 48116 BthEnum - ok
17:39:41.0986 48116 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:39:41.0986 48116 BTHMODEM - ok
17:39:42.0024 48116 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:39:42.0025 48116 BthPan - ok
17:39:42.0065 48116 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:39:42.0071 48116 BTHPORT - ok
17:39:42.0109 48116 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:39:42.0111 48116 bthserv - ok
17:39:42.0160 48116 [ D6CEEC2F878149E4DB9FE93FA5D8FE60 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
17:39:42.0162 48116 BTHSSecurityMgr - ok
17:39:42.0195 48116 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:39:42.0196 48116 BTHUSB - ok
17:39:42.0246 48116 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
17:39:42.0247 48116 btusbflt - ok
17:39:42.0276 48116 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
17:39:42.0277 48116 btwaudio - ok
17:39:42.0305 48116 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
17:39:42.0307 48116 btwavdt - ok
17:39:42.0318 48116 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
17:39:42.0319 48116 btwl2cap - ok
17:39:42.0340 48116 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
17:39:42.0341 48116 btwrchid - ok
17:39:42.0375 48116 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:39:42.0376 48116 cdfs - ok
17:39:42.0420 48116 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:39:42.0421 48116 cdrom - ok
17:39:42.0485 48116 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:39:42.0487 48116 CertPropSvc - ok
17:39:42.0523 48116 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:39:42.0524 48116 circlass - ok
17:39:42.0554 48116 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:39:42.0558 48116 CLFS - ok
17:39:42.0628 48116 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:39:42.0631 48116 clr_optimization_v2.0.50727_32 - ok
17:39:42.0671 48116 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:39:42.0673 48116 clr_optimization_v2.0.50727_64 - ok
17:39:42.0729 48116 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:39:42.0731 48116 clr_optimization_v4.0.30319_32 - ok
17:39:42.0751 48116 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:39:42.0754 48116 clr_optimization_v4.0.30319_64 - ok
17:39:42.0779 48116 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:39:42.0780 48116 CmBatt - ok
17:39:42.0798 48116 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:39:42.0799 48116 cmdide - ok
17:39:42.0840 48116 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:39:42.0845 48116 CNG - ok
17:39:42.0890 48116 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:39:42.0891 48116 Compbatt - ok
17:39:42.0923 48116 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:39:42.0924 48116 CompositeBus - ok
17:39:42.0946 48116 COMSysApp - ok
17:39:43.0030 48116 [ AB82A8885AB9687D82AA51A4B4F62E2D ] CoordinatorServiceHost C:\Program Files\SolidWorks2010\SolidWorks\swScheduler\DTSCoordinatorService.exe
17:39:43.0031 48116 CoordinatorServiceHost - ok
17:39:43.0057 48116 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:39:43.0058 48116 crcdisk - ok
17:39:43.0107 48116 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:39:43.0110 48116 CryptSvc - ok
17:39:43.0158 48116 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:39:43.0163 48116 CSC - ok
17:39:43.0189 48116 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:39:43.0197 48116 CscService - ok
17:39:43.0246 48116 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:39:43.0255 48116 DcomLaunch - ok
17:39:43.0291 48116 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:39:43.0296 48116 defragsvc - ok
17:39:43.0335 48116 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:39:43.0336 48116 DfsC - ok
17:39:43.0365 48116 dgderdrv - ok
17:39:43.0419 48116 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
17:39:43.0420 48116 dg_ssudbus - ok
17:39:43.0494 48116 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:39:43.0498 48116 Dhcp - ok
17:39:43.0529 48116 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:39:43.0530 48116 discache - ok
17:39:43.0566 48116 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:39:43.0567 48116 Disk - ok
17:39:43.0595 48116 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:39:43.0599 48116 Dnscache - ok
17:39:43.0638 48116 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:39:43.0642 48116 dot3svc - ok
17:39:43.0679 48116 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:39:43.0683 48116 DPS - ok
17:39:43.0723 48116 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:39:43.0723 48116 drmkaud - ok
17:39:43.0774 48116 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:39:43.0784 48116 DXGKrnl - ok
17:39:43.0819 48116 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:39:43.0822 48116 EapHost - ok
17:39:43.0899 48116 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:39:43.0968 48116 ebdrv - ok
17:39:43.0991 48116 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:39:43.0995 48116 EFS - ok
17:39:44.0040 48116 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:39:44.0048 48116 ehRecvr - ok
17:39:44.0059 48116 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:39:44.0061 48116 ehSched - ok
17:39:44.0101 48116 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:39:44.0106 48116 elxstor - ok
17:39:44.0134 48116 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:39:44.0135 48116 ErrDev - ok
17:39:44.0180 48116 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:39:44.0186 48116 EventSystem - ok
17:39:44.0269 48116 [ 532B8FF8E07F3772B086620377654F95 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:39:44.0285 48116 EvtEng - ok
17:39:44.0310 48116 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:39:44.0313 48116 exfat - ok
17:39:44.0331 48116 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:39:44.0334 48116 fastfat - ok
17:39:44.0404 48116 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:39:44.0412 48116 Fax - ok
17:39:44.0431 48116 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:39:44.0432 48116 fdc - ok
17:39:44.0461 48116 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:39:44.0464 48116 fdPHost - ok
17:39:44.0478 48116 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:39:44.0481 48116 FDResPub - ok
17:39:44.0509 48116 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:39:44.0510 48116 FileInfo - ok
17:39:44.0522 48116 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:39:44.0523 48116 Filetrace - ok
17:39:44.0596 48116 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:39:44.0606 48116 FLEXnet Licensing Service - ok
17:39:44.0687 48116 [ F1A9C61436E12A637A647870DD6D9EEF ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
17:39:44.0700 48116 FLEXnet Licensing Service 64 - ok
17:39:44.0720 48116 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:39:44.0721 48116 flpydisk - ok
17:39:44.0769 48116 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:39:44.0772 48116 FltMgr - ok
17:39:44.0829 48116 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:39:44.0843 48116 FontCache - ok
17:39:44.0911 48116 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:39:44.0912 48116 FontCache3.0.0.0 - ok
17:39:44.0948 48116 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:39:44.0949 48116 FsDepends - ok
17:39:44.0977 48116 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:39:44.0979 48116 Fs_Rec - ok
17:39:45.0028 48116 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:39:45.0031 48116 fvevol - ok
17:39:45.0054 48116 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:39:45.0056 48116 gagp30kx - ok
17:39:45.0098 48116 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:39:45.0107 48116 gpsvc - ok
17:39:45.0116 48116 gupdate - ok
17:39:45.0123 48116 gupdatem - ok
17:39:45.0143 48116 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:39:45.0144 48116 hcw85cir - ok
17:39:45.0201 48116 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:39:45.0205 48116 HdAudAddService - ok
17:39:45.0235 48116 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:39:45.0240 48116 HDAudBus - ok
17:39:45.0255 48116 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:39:45.0256 48116 HidBatt - ok
17:39:45.0306 48116 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:39:45.0308 48116 HidBth - ok
17:39:45.0333 48116 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:39:45.0334 48116 HidIr - ok
17:39:45.0368 48116 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:39:45.0371 48116 hidserv - ok
17:39:45.0412 48116 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:39:45.0413 48116 HidUsb - ok
17:39:45.0457 48116 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:39:45.0460 48116 hkmsvc - ok
17:39:45.0507 48116 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:39:45.0512 48116 HomeGroupListener - ok
17:39:45.0556 48116 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:39:45.0562 48116 HomeGroupProvider - ok
17:39:45.0607 48116 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:39:45.0608 48116 HpSAMD - ok
17:39:45.0659 48116 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:39:45.0666 48116 HTTP - ok
17:39:45.0707 48116 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:39:45.0707 48116 hwpolicy - ok
17:39:45.0729 48116 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:39:45.0730 48116 i8042prt - ok
17:39:45.0769 48116 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:39:45.0774 48116 IAANTMON - ok
17:39:45.0810 48116 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:39:45.0813 48116 iaStor - ok
17:39:45.0849 48116 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:39:45.0853 48116 iaStorV - ok
17:39:45.0903 48116 [ 2151176DB657AEFF9B873D23380C3F5B ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
17:39:45.0903 48116 IBMPMDRV - ok
17:39:45.0968 48116 [ C76A67AED080538D420550C903696788 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
17:39:45.0970 48116 IBMPMSVC - ok
17:39:46.0042 48116 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:39:46.0052 48116 idsvc - ok
17:39:46.0204 48116 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:39:46.0321 48116 igfx - ok
17:39:46.0352 48116 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:39:46.0353 48116 iirsp - ok
17:39:46.0417 48116 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:39:46.0427 48116 IKEEXT - ok
17:39:46.0545 48116 [ 28CEEFBD2C63F91DC17DED3E8D27ECF5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:39:46.0569 48116 IntcAzAudAddService - ok
17:39:46.0601 48116 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:39:46.0601 48116 intelide - ok
17:39:46.0624 48116 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:39:46.0625 48116 intelppm - ok
17:39:46.0652 48116 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:39:46.0655 48116 IPBusEnum - ok
17:39:46.0697 48116 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:39:46.0698 48116 IpFilterDriver - ok
17:39:46.0738 48116 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:39:46.0746 48116 iphlpsvc - ok
17:39:46.0775 48116 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:39:46.0776 48116 IPMIDRV - ok
17:39:46.0817 48116 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:39:46.0818 48116 IPNAT - ok
17:39:46.0844 48116 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:39:46.0845 48116 IRENUM - ok
17:39:46.0863 48116 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:39:46.0864 48116 isapnp - ok
17:39:46.0898 48116 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:39:46.0901 48116 iScsiPrt - ok
17:39:46.0956 48116 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
17:39:46.0958 48116 IviRegMgr - ok
17:39:46.0992 48116 [ E56417C56B6A7316B6F527C890A1860D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
17:39:46.0994 48116 JMCR - ok
17:39:47.0020 48116 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:39:47.0021 48116 kbdclass - ok
17:39:47.0060 48116 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:39:47.0061 48116 kbdhid - ok
17:39:47.0080 48116 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:39:47.0083 48116 KeyIso - ok
17:39:47.0110 48116 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:39:47.0112 48116 KSecDD - ok
17:39:47.0138 48116 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:39:47.0140 48116 KSecPkg - ok
17:39:47.0177 48116 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:39:47.0178 48116 ksthunk - ok
17:39:47.0209 48116 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:39:47.0215 48116 KtmRm - ok
17:39:47.0276 48116 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:39:47.0283 48116 LanmanServer - ok
17:39:47.0311 48116 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:39:47.0317 48116 LanmanWorkstation - ok
17:39:47.0374 48116 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
17:39:47.0375 48116 LENOVO.MICMUTE - ok
17:39:47.0423 48116 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
17:39:47.0425 48116 lenovo.smi - ok
17:39:47.0461 48116 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
17:39:47.0463 48116 Lenovo.VIRTSCRLSVC - ok
17:39:47.0509 48116 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:39:47.0510 48116 lltdio - ok
17:39:47.0579 48116 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:39:47.0584 48116 lltdsvc - ok
17:39:47.0622 48116 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:39:47.0625 48116 lmhosts - ok
17:39:47.0689 48116 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:39:47.0690 48116 LSI_FC - ok
17:39:47.0701 48116 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:39:47.0702 48116 LSI_SAS - ok
17:39:47.0709 48116 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:39:47.0711 48116 LSI_SAS2 - ok
17:39:47.0718 48116 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:39:47.0720 48116 LSI_SCSI - ok
17:39:47.0767 48116 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:39:47.0768 48116 luafv - ok
17:39:47.0841 48116 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:39:47.0845 48116 Mcx2Svc - ok
17:39:47.0850 48116 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:39:47.0852 48116 megasas - ok
17:39:47.0907 48116 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:39:47.0910 48116 MegaSR - ok
17:39:47.0933 48116 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:39:47.0936 48116 MMCSS - ok
17:39:47.0957 48116 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:39:47.0958 48116 Modem - ok
17:39:47.0993 48116 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:39:47.0994 48116 monitor - ok
17:39:48.0025 48116 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:39:48.0026 48116 mouclass - ok
17:39:48.0059 48116 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:39:48.0060 48116 mouhid - ok
17:39:48.0100 48116 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:39:48.0101 48116 mountmgr - ok
17:39:48.0174 48116 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:39:48.0176 48116 MozillaMaintenance - ok
17:39:48.0194 48116 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:39:48.0195 48116 mpio - ok
17:39:48.0217 48116 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:39:48.0218 48116 mpsdrv - ok
17:39:48.0275 48116 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:39:48.0286 48116 MpsSvc - ok
17:39:48.0332 48116 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:39:48.0333 48116 MRxDAV - ok
17:39:48.0370 48116 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:39:48.0372 48116 mrxsmb - ok
17:39:48.0393 48116 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:39:48.0396 48116 mrxsmb10 - ok
17:39:48.0417 48116 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:39:48.0419 48116 mrxsmb20 - ok
17:39:48.0443 48116 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:39:48.0444 48116 msahci - ok
17:39:48.0476 48116 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:39:48.0478 48116 msdsm - ok
17:39:48.0496 48116 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:39:48.0500 48116 MSDTC - ok
17:39:48.0551 48116 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:39:48.0552 48116 Msfs - ok
17:39:48.0570 48116 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:39:48.0570 48116 mshidkmdf - ok
17:39:48.0588 48116 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:39:48.0589 48116 msisadrv - ok
17:39:48.0627 48116 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:39:48.0630 48116 MSiSCSI - ok
17:39:48.0639 48116 msiserver - ok
17:39:48.0665 48116 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:39:48.0666 48116 MSKSSRV - ok
17:39:48.0696 48116 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:39:48.0697 48116 MSPCLOCK - ok
17:39:48.0712 48116 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:39:48.0713 48116 MSPQM - ok
17:39:48.0760 48116 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:39:48.0764 48116 MsRPC - ok
17:39:48.0794 48116 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:39:48.0795 48116 mssmbios - ok
17:39:48.0851 48116 MSSQL$MSSMLBIZ - ok
17:39:48.0881 48116 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:39:48.0883 48116 MSSQLServerADHelper - ok
17:39:48.0919 48116 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:39:48.0920 48116 MSTEE - ok
17:39:48.0930 48116 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:39:48.0931 48116 MTConfig - ok
17:39:48.0952 48116 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:39:48.0953 48116 Mup - ok
17:39:49.0001 48116 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:39:49.0009 48116 napagent - ok
17:39:49.0059 48116 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:39:49.0063 48116 NativeWifiP - ok
17:39:49.0126 48116 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:39:49.0136 48116 NDIS - ok
17:39:49.0170 48116 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:39:49.0171 48116 NdisCap - ok
17:39:49.0186 48116 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:39:49.0188 48116 NdisTapi - ok
17:39:49.0218 48116 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:39:49.0219 48116 Ndisuio - ok
17:39:49.0271 48116 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:39:49.0273 48116 NdisWan - ok
17:39:49.0317 48116 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:39:49.0318 48116 NDProxy - ok
17:39:49.0356 48116 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:39:49.0357 48116 NetBIOS - ok
17:39:49.0405 48116 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:39:49.0408 48116 NetBT - ok
17:39:49.0447 48116 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:39:49.0449 48116 Netlogon - ok
17:39:49.0524 48116 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:39:49.0530 48116 Netman - ok
17:39:49.0570 48116 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:39:49.0577 48116 netprofm - ok
17:39:49.0610 48116 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:39:49.0612 48116 NetTcpPortSharing - ok
17:39:49.0785 48116 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
17:39:49.0921 48116 NETw5s64 - ok
17:39:50.0063 48116 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
17:39:50.0171 48116 netw5v64 - ok
17:39:50.0366 48116 [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
17:39:50.0536 48116 NETwNs64 - ok
17:39:50.0574 48116 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:39:50.0575 48116 nfrd960 - ok
17:39:50.0625 48116 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:39:50.0631 48116 NlaSvc - ok
17:39:50.0644 48116 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:39:50.0646 48116 Npfs - ok
17:39:50.0674 48116 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:39:50.0677 48116 nsi - ok
17:39:50.0686 48116 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:39:50.0687 48116 nsiproxy - ok
17:39:50.0765 48116 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:39:50.0782 48116 Ntfs - ok
17:39:50.0811 48116 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:39:50.0812 48116 Null - ok
17:39:50.0842 48116 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:39:50.0844 48116 nvraid - ok
17:39:50.0871 48116 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:39:50.0873 48116 nvstor - ok
17:39:50.0910 48116 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:39:50.0911 48116 nv_agp - ok
17:39:50.0977 48116 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:39:50.0983 48116 odserv - ok
17:39:51.0004 48116 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:39:51.0006 48116 ohci1394 - ok
17:39:51.0054 48116 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:39:51.0057 48116 ose - ok
17:39:51.0101 48116 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:39:51.0108 48116 p2pimsvc - ok
17:39:51.0157 48116 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:39:51.0164 48116 p2psvc - ok
17:39:51.0209 48116 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:39:51.0210 48116 Parport - ok
17:39:51.0238 48116 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:39:51.0239 48116 partmgr - ok
17:39:51.0260 48116 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:39:51.0266 48116 PcaSvc - ok
17:39:51.0315 48116 PCDSRVC{127174DC-C366ED8B-06000000}_0 - ok
17:39:51.0344 48116 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - ok
17:39:51.0378 48116 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:39:51.0380 48116 pci - ok
17:39:51.0406 48116 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:39:51.0407 48116 pciide - ok
17:39:51.0450 48116 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:39:51.0453 48116 pcmcia - ok
17:39:51.0471 48116 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:39:51.0472 48116 pcw - ok
17:39:51.0502 48116 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:39:51.0509 48116 PEAUTH - ok
17:39:51.0564 48116 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:39:51.0580 48116 PeerDistSvc - ok
17:39:51.0651 48116 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:39:51.0654 48116 PerfHost - ok
17:39:51.0733 48116 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:39:51.0750 48116 pla - ok
17:39:51.0810 48116 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:39:51.0818 48116 PlugPlay - ok
17:39:51.0836 48116 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:39:51.0839 48116 PNRPAutoReg - ok
17:39:51.0857 48116 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:39:51.0863 48116 PNRPsvc - ok
17:39:51.0905 48116 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:39:51.0912 48116 PolicyAgent - ok
17:39:51.0944 48116 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
17:39:51.0951 48116 Power - ok
17:39:52.0020 48116 [ 4CADD52E1669693937360C7ED680365B ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
17:39:52.0022 48116 Power Manager DBC Service - ok
17:39:52.0065 48116 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:39:52.0066 48116 PptpMiniport - ok
17:39:52.0094 48116 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:39:52.0096 48116 Processor - ok
17:39:52.0146 48116 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:39:52.0152 48116 ProfSvc - ok
17:39:52.0169 48116 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:39:52.0172 48116 ProtectedStorage - ok
17:39:52.0209 48116 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
17:39:52.0211 48116 psadd - ok
17:39:52.0258 48116 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:39:52.0260 48116 Psched - ok
17:39:52.0320 48116 [ DEFD557D9B8C0FA3CEA6CC576400114E ] pwdrvio C:\Windows\system32\pwdrvio.sys
17:39:52.0324 48116 pwdrvio - ok
17:39:52.0351 48116 [ A2EE3B70A9E05F651B888078726C2787 ] pwdspio C:\Windows\system32\pwdspio.sys
17:39:52.0355 48116 pwdspio - ok
17:39:52.0386 48116 [ 71399B176DE1CAEFD5AD4287ABB9E8A3 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
17:39:52.0389 48116 PwmEWSvc - ok
17:39:52.0423 48116 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:39:52.0424 48116 PxHlpa64 - ok
17:39:52.0477 48116 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:39:52.0492 48116 ql2300 - ok
17:39:52.0523 48116 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:39:52.0526 48116 ql40xx - ok
17:39:52.0557 48116 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:39:52.0563 48116 QWAVE - ok
17:39:52.0577 48116 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:39:52.0578 48116 QWAVEdrv - ok
17:39:52.0593 48116 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:39:52.0594 48116 RasAcd - ok
17:39:52.0626 48116 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:39:52.0627 48116 RasAgileVpn - ok
17:39:52.0651 48116 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:39:52.0655 48116 RasAuto - ok
17:39:52.0696 48116 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:39:52.0698 48116 Rasl2tp - ok
17:39:52.0745 48116 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:39:52.0753 48116 RasMan - ok
17:39:52.0781 48116 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:39:52.0783 48116 RasPppoe - ok
17:39:52.0817 48116 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:39:52.0818 48116 RasSstp - ok
17:39:52.0867 48116 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:39:52.0871 48116 rdbss - ok
17:39:52.0885 48116 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:39:52.0886 48116 rdpbus - ok
17:39:52.0905 48116 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:39:52.0906 48116 RDPCDD - ok
17:39:52.0950 48116 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:39:52.0952 48116 RDPDR - ok
17:39:52.0986 48116 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:39:52.0987 48116 RDPENCDD - ok
17:39:53.0014 48116 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:39:53.0015 48116 RDPREFMP - ok
17:39:53.0046 48116 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:39:53.0049 48116 RDPWD - ok
17:39:53.0109 48116 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:39:53.0112 48116 rdyboost - ok
17:39:53.0216 48116 [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:39:53.0225 48116 RegSrvc - ok
17:39:53.0277 48116 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:39:53.0281 48116 RemoteAccess - ok
17:39:53.0308 48116 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:39:53.0313 48116 RemoteRegistry - ok
17:39:53.0371 48116 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:39:53.0373 48116 RFCOMM - ok
17:39:53.0446 48116 [ 14A99FD851272C73B758546EF8F0E641 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
17:39:53.0450 48116 Roxio UPnP Renderer 10 - ok
17:39:53.0486 48116 [ BA917F2F2BD5033E70823797C73CDFCB ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
17:39:53.0491 48116 Roxio Upnp Server 10 - ok
17:39:53.0563 48116 [ 8986D20CF294D794A79FB18FF697B68B ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
17:39:53.0568 48116 RoxLiveShare10 - ok
17:39:53.0613 48116 [ D8C44229EB2495E774350529ED9BE08D ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
17:39:53.0625 48116 RoxMediaDB10 - ok
17:39:53.0652 48116 [ 53716357F4B3C99112CF0A21932C5688 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
17:39:53.0654 48116 RoxWatch10 - ok
17:39:53.0689 48116 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:39:53.0694 48116 RpcEptMapper - ok
17:39:53.0726 48116 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:39:53.0728 48116 RpcLocator - ok
17:39:53.0768 48116 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:39:53.0775 48116 RpcSs - ok
17:39:53.0827 48116 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:39:53.0829 48116 rspndr - ok
17:39:53.0872 48116 [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
17:39:53.0875 48116 RTHDMIAzAudService - ok
17:39:53.0928 48116 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:39:53.0934 48116 RTL8167 - ok
17:39:53.0964 48116 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:39:53.0965 48116 s3cap - ok
17:39:53.0980 48116 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:39:53.0983 48116 SamSs - ok
17:39:54.0011 48116 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:39:54.0013 48116 sbp2port - ok
17:39:54.0189 48116 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService E:\Programme\Spybot - Search & Destroy\SDWinSec.exe
17:39:54.0207 48116 SBSDWSCService - ok
17:39:54.0261 48116 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:39:54.0267 48116 SCardSvr - ok
17:39:54.0309 48116 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:39:54.0311 48116 scfilter - ok
17:39:54.0370 48116 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:39:54.0386 48116 Schedule - ok
17:39:54.0431 48116 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:39:54.0432 48116 SCPolicySvc - ok
17:39:54.0473 48116 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
17:39:54.0474 48116 sdbus - ok
17:39:54.0499 48116 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:39:54.0504 48116 SDRSVC - ok
17:39:54.0541 48116 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:39:54.0542 48116 secdrv - ok
17:39:54.0581 48116 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:39:54.0585 48116 seclogon - ok
17:39:54.0612 48116 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:39:54.0617 48116 SENS - ok
17:39:54.0642 48116 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:39:54.0646 48116 SensrSvc - ok
17:39:54.0662 48116 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:39:54.0664 48116 Serenum - ok
17:39:54.0674 48116 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:39:54.0676 48116 Serial - ok
17:39:54.0710 48116 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:39:54.0711 48116 sermouse - ok
17:39:54.0762 48116 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:39:54.0766 48116 SessionEnv - ok
17:39:54.0794 48116 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:39:54.0795 48116 sffdisk - ok
17:39:54.0821 48116 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:39:54.0822 48116 sffp_mmc - ok
17:39:54.0835 48116 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:39:54.0837 48116 sffp_sd - ok
17:39:54.0864 48116 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:39:54.0864 48116 sfloppy - ok
17:39:54.0902 48116 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:39:54.0907 48116 SharedAccess - ok
17:39:54.0952 48116 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:39:54.0960 48116 ShellHWDetection - ok
17:39:54.0986 48116 [ C3F190562FE82EFDA7CCEF305EBAD3E3 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
17:39:54.0987 48116 Shockprf - ok
17:39:55.0005 48116 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:39:55.0006 48116 SiSRaid2 - ok
17:39:55.0032 48116 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:39:55.0033 48116 SiSRaid4 - ok
17:39:55.0098 48116 [ B7FBC508933553828E0948B537FD7984 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:39:55.0100 48116 SkypeUpdate - ok
17:39:55.0113 48116 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:39:55.0115 48116 Smb - ok
17:39:55.0158 48116 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:39:55.0163 48116 SNMPTRAP - ok
17:39:55.0201 48116 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
17:39:55.0203 48116 SolidWorks Licensing Service - ok
17:39:55.0360 48116 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
17:39:55.0364 48116 speedfan - ok
17:39:55.0395 48116 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:39:55.0396 48116 spldr - ok
17:39:55.0446 48116 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:39:55.0456 48116 Spooler - ok
17:39:55.0569 48116 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:39:55.0650 48116 sppsvc - ok
17:39:55.0682 48116 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:39:55.0687 48116 sppuinotify - ok
17:39:55.0710 48116 sptd - ok
17:39:55.0768 48116 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:39:55.0771 48116 SQLBrowser - ok
17:39:55.0817 48116 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:39:55.0820 48116 SQLWriter - ok
17:39:55.0850 48116 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:39:55.0856 48116 srv - ok
17:39:55.0886 48116 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:39:55.0890 48116 srv2 - ok
17:39:55.0931 48116 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:39:55.0935 48116 SrvHsfHDA - ok
17:39:55.0974 48116 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:39:55.0990 48116 SrvHsfV92 - ok
17:39:56.0020 48116 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:39:56.0028 48116 SrvHsfWinac - ok
17:39:56.0057 48116 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:39:56.0059 48116 srvnet - ok
17:39:56.0094 48116 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:39:56.0100 48116 SSDPSRV - ok
17:39:56.0118 48116 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:39:56.0123 48116 SstpSvc - ok
17:39:56.0200 48116 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
17:39:56.0202 48116 ssudmdm - ok
17:39:56.0242 48116 [ F161567B90721F4C42BD5F95A4C9B2D0 ] ssudobex C:\Windows\system32\DRIVERS\ssudobex.sys
17:39:56.0244 48116 ssudobex - ok
17:39:56.0280 48116 Steam Client Service - ok
17:39:56.0306 48116 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:39:56.0307 48116 stexstor - ok
17:39:56.0360 48116 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:39:56.0371 48116 stisvc - ok
17:39:56.0409 48116 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
17:39:56.0411 48116 stllssvr - ok
17:39:56.0435 48116 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:39:56.0437 48116 storflt - ok
17:39:56.0458 48116 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
17:39:56.0462 48116 StorSvc - ok
17:39:56.0498 48116 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:39:56.0499 48116 storvsc - ok
17:39:56.0535 48116 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:39:56.0536 48116 swenum - ok
17:39:56.0568 48116 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:39:56.0577 48116 swprv - ok
17:39:56.0629 48116 [ C0B7405C899C485AA0B6F9866A4061CD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:39:56.0633 48116 SynTP - ok
17:39:56.0708 48116 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:39:56.0729 48116 SysMain - ok
17:39:56.0769 48116 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:39:56.0774 48116 TabletInputService - ok
17:39:56.0803 48116 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:39:56.0811 48116 TapiSrv - ok
17:39:56.0843 48116 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:39:56.0849 48116 TBS - ok
17:39:56.0912 48116 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:39:56.0932 48116 Tcpip - ok
17:39:57.0001 48116 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:39:57.0012 48116 TCPIP6 - ok
17:39:57.0051 48116 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:39:57.0052 48116 tcpipreg - ok
17:39:57.0073 48116 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:39:57.0074 48116 TDPIPE - ok
17:39:57.0103 48116 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:39:57.0105 48116 TDTCP - ok
17:39:57.0167 48116 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:39:57.0168 48116 tdx - ok
17:39:57.0196 48116 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:39:57.0197 48116 TermDD - ok
17:39:57.0224 48116 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:39:57.0235 48116 TermService - ok
17:39:57.0278 48116 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:39:57.0284 48116 Themes - ok
17:39:57.0321 48116 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:39:57.0324 48116 THREADORDER - ok
17:39:57.0355 48116 [ 1BB77ECCBFA3675B1EE8D6D6D37A1E1E ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
17:39:57.0356 48116 TPDIGIMN - ok
17:39:57.0402 48116 [ 88F81D810FF16AC65B02643DAF308D4F ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
17:39:57.0407 48116 TPHDEXLGSVC - ok
17:39:57.0458 48116 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
17:39:57.0460 48116 TPHKLOAD - ok
17:39:57.0518 48116 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
17:39:57.0520 48116 TPHKSVC - ok
17:39:57.0540 48116 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
17:39:57.0541 48116 TPM - ok
17:39:57.0573 48116 [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
17:39:57.0574 48116 TPPWRIF - ok
17:39:57.0600 48116 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:39:57.0606 48116 TrkWks - ok
17:39:57.0662 48116 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:39:57.0665 48116 TrustedInstaller - ok
17:39:57.0715 48116 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:39:57.0717 48116 tssecsrv - ok
17:39:57.0781 48116 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:39:57.0782 48116 TsUsbFlt - ok
17:39:57.0844 48116 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:39:57.0845 48116 tunnel - ok
17:39:57.0882 48116 TVICPORT - ok
17:39:57.0942 48116 [ A65643ED30A30E46317C0B25818BC9B7 ] TVicPort64 C:\Windows\system32\drivers\TVicPort64.sys
17:39:57.0943 48116 TVicPort64 - ok
17:39:57.0963 48116 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:39:57.0964 48116 uagp35 - ok
17:39:58.0000 48116 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:39:58.0003 48116 udfs - ok
17:39:58.0110 48116 [ A3A5DCF65B4AC8D98C7E2DD9B58B37A3 ] UGS License Server (ugslmd) E:\Programme\NX8\License Server\lmgrd.exe
17:39:58.0133 48116 UGS License Server (ugslmd) - ok
17:39:58.0173 48116 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:39:58.0178 48116 UI0Detect - ok
17:39:58.0221 48116 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:39:58.0222 48116 uliagpkx - ok
17:39:58.0255 48116 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:39:58.0256 48116 umbus - ok
17:39:58.0285 48116 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:39:58.0286 48116 UmPass - ok
17:39:58.0336 48116 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:39:58.0343 48116 UmRdpService - ok
17:39:58.0371 48116 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:39:58.0379 48116 upnphost - ok
17:39:58.0401 48116 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:39:58.0402 48116 usbccgp - ok
17:39:58.0427 48116 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:39:58.0429 48116 usbcir - ok
17:39:58.0450 48116 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:39:58.0452 48116 usbehci - ok
17:39:58.0493 48116 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:39:58.0496 48116 usbhub - ok
17:39:58.0518 48116 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:39:58.0520 48116 usbohci - ok
17:39:58.0578 48116 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:39:58.0579 48116 usbprint - ok
17:39:58.0585 48116 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:39:58.0588 48116 usbscan - ok
17:39:58.0603 48116 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:39:58.0605 48116 USBSTOR - ok
17:39:58.0623 48116 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:39:58.0625 48116 usbuhci - ok
17:39:58.0666 48116 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:39:58.0668 48116 usbvideo - ok
17:39:58.0725 48116 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
17:39:58.0726 48116 usb_rndisx - ok
17:39:58.0753 48116 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:39:58.0758 48116 UxSms - ok
17:39:58.0780 48116 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:39:58.0783 48116 VaultSvc - ok
17:39:58.0812 48116 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:39:58.0813 48116 vdrvroot - ok
17:39:58.0850 48116 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:39:58.0860 48116 vds - ok
17:39:58.0891 48116 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:39:58.0892 48116 vga - ok
17:39:58.0903 48116 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:39:58.0904 48116 VgaSave - ok
17:39:58.0931 48116 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:39:58.0933 48116 vhdmp - ok
17:39:58.0952 48116 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:39:58.0953 48116 viaide - ok
17:39:58.0975 48116 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:39:58.0977 48116 vmbus - ok
17:39:58.0995 48116 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:39:58.0996 48116 VMBusHID - ok
17:39:59.0014 48116 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:39:59.0017 48116 volmgr - ok
17:39:59.0062 48116 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:39:59.0067 48116 volmgrx - ok
17:39:59.0102 48116 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:39:59.0106 48116 volsnap - ok
17:39:59.0138 48116 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:39:59.0141 48116 vsmraid - ok
17:39:59.0200 48116 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:39:59.0220 48116 VSS - ok
17:39:59.0235 48116 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:39:59.0247 48116 vwifibus - ok
17:39:59.0292 48116 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:39:59.0293 48116 vwififlt - ok
17:39:59.0321 48116 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:39:59.0322 48116 vwifimp - ok
17:39:59.0380 48116 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:39:59.0388 48116 W32Time - ok
17:39:59.0423 48116 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:39:59.0424 48116 WacomPen - ok
17:39:59.0471 48116 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:39:59.0473 48116 WANARP - ok
17:39:59.0478 48116 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:39:59.0479 48116 Wanarpv6 - ok
17:39:59.0564 48116 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:39:59.0578 48116 WatAdminSvc - ok
17:39:59.0631 48116 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:39:59.0651 48116 wbengine - ok
17:39:59.0680 48116 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:39:59.0686 48116 WbioSrvc - ok
17:39:59.0736 48116 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:39:59.0745 48116 wcncsvc - ok
17:39:59.0762 48116 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:39:59.0768 48116 WcsPlugInService - ok
17:39:59.0801 48116 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:39:59.0802 48116 Wd - ok
17:39:59.0837 48116 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:39:59.0844 48116 Wdf01000 - ok
17:39:59.0872 48116 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:39:59.0877 48116 WdiServiceHost - ok
17:39:59.0882 48116 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:39:59.0888 48116 WdiSystemHost - ok
17:39:59.0925 48116 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:39:59.0932 48116 WebClient - ok
17:39:59.0955 48116 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:39:59.0962 48116 Wecsvc - ok
17:39:59.0981 48116 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:39:59.0986 48116 wercplsupport - ok
17:40:00.0016 48116 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:40:00.0022 48116 WerSvc - ok
17:40:00.0052 48116 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:40:00.0053 48116 WfpLwf - ok
17:40:00.0068 48116 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:40:00.0069 48116 WIMMount - ok
17:40:00.0081 48116 WinDefend - ok
17:40:00.0096 48116 WinHttpAutoProxySvc - ok
17:40:00.0149 48116 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:40:00.0164 48116 Winmgmt - ok
17:40:00.0245 48116 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:40:00.0270 48116 WinRM - ok
17:40:00.0326 48116 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
17:40:00.0327 48116 WinUSB - ok
17:40:00.0370 48116 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:40:00.0383 48116 Wlansvc - ok
17:40:00.0419 48116 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:40:00.0420 48116 WmiAcpi - ok
17:40:00.0457 48116 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:40:00.0460 48116 wmiApSrv - ok
17:40:00.0483 48116 WMPNetworkSvc - ok
17:40:00.0501 48116 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:40:00.0506 48116 WPCSvc - ok
17:40:00.0536 48116 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:40:00.0542 48116 WPDBusEnum - ok
17:40:00.0571 48116 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:40:00.0572 48116 ws2ifsl - ok
17:40:00.0597 48116 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:40:00.0603 48116 wscsvc - ok
17:40:00.0608 48116 WSearch - ok
17:40:00.0686 48116 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:40:00.0716 48116 wuauserv - ok
17:40:00.0748 48116 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:40:00.0750 48116 WudfPf - ok
17:40:00.0775 48116 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:40:00.0778 48116 WUDFRd - ok
17:40:00.0818 48116 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:40:00.0824 48116 wudfsvc - ok
17:40:00.0854 48116 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:40:00.0861 48116 WwanSvc - ok
17:40:00.0890 48116 ================ Scan global ===============================
17:40:00.0925 48116 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:40:00.0963 48116 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:40:00.0976 48116 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:40:00.0996 48116 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:40:01.0034 48116 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:40:01.0041 48116 [Global] - ok
17:40:01.0041 48116 ================ Scan MBR ==================================
17:40:01.0051 48116 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR8
17:40:01.0095 48116 \Device\Harddisk1\DR8 - ok
17:40:01.0109 48116 [ 64D7BED8676774A49DA5E8B37D00B888 ] \Device\Harddisk0\DR0
17:40:01.0284 48116 \Device\Harddisk0\DR0 - ok
17:40:01.0293 48116 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR8
17:40:01.0332 48116 \Device\Harddisk1\DR8 - ok
17:40:01.0332 48116 ================ Scan VBR ==================================
17:40:01.0338 48116 [ 436A53149E9993A88FDB55FC151EF87A ] \Device\Harddisk1\DR8\Partition1
17:40:01.0339 48116 \Device\Harddisk1\DR8\Partition1 - ok
17:40:01.0343 48116 [ F4D5B6E66051D5BA50FCDE8C22F784E6 ] \Device\Harddisk0\DR0\Partition1
17:40:01.0344 48116 \Device\Harddisk0\DR0\Partition1 - ok
17:40:01.0366 48116 [ D5EFFC721A0AD73046CC3BE27C7B9B94 ] \Device\Harddisk0\DR0\Partition2
17:40:01.0367 48116 \Device\Harddisk0\DR0\Partition2 - ok
17:40:01.0393 48116 [ FD902F94700B4CC7D46394AB31401465 ] \Device\Harddisk0\DR0\Partition3
17:40:01.0395 48116 \Device\Harddisk0\DR0\Partition3 - ok
17:40:01.0420 48116 [ B7DEAD3994CC9FFDA96D11E039084B53 ] \Device\Harddisk0\DR0\Partition4
17:40:01.0421 48116 \Device\Harddisk0\DR0\Partition4 - ok
17:40:01.0427 48116 [ 436A53149E9993A88FDB55FC151EF87A ] \Device\Harddisk1\DR8\Partition1
17:40:01.0429 48116 \Device\Harddisk1\DR8\Partition1 - ok
17:40:01.0429 48116 ============================================================
17:40:01.0429 48116 Scan finished
17:40:01.0429 48116 ============================================================
17:40:01.0445 48104 Detected object count: 0
17:40:01.0445 48104 Actual detected object count: 0
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-13 17:34:22
-----------------------------
17:34:22.011 OS Version: Windows x64 6.1.7601 Service Pack 1
17:34:22.011 Number of processors: 2 586 0x170A
17:34:22.012 ComputerName: ICKE-THINK UserName: Icke
17:34:22.597 Initialize success
17:34:22.738 AVAST engine defs: 12111300
17:34:45.834 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:34:45.838 Disk 0 Vendor: HITACHI_ PB3Z Size: 305245MB BusType: 3
17:34:45.846 Disk 1 \Device\Harddisk1\DR8 -> \Device\Scsi\JMCR1Port1Path0Target0Lun0
17:34:45.849 Disk 1 Vendor: JMCR____ Size: 7580MB BusType: 0
17:34:45.869 Disk 0 MBR read successfully
17:34:45.872 Disk 0 MBR scan
17:34:45.875 Disk 0 unknown MBR code
17:34:45.882 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
17:34:45.893 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110000 MB offset 2459648
17:34:45.896 Disk 0 Partition - 00 0F Extended LBA 184043 MB offset 227739648
17:34:45.924 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712
17:34:45.953 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 184042 MB offset 227741696
17:34:45.979 Disk 0 scanning C:\Windows\system32\drivers
17:34:55.865 Service scanning
17:35:29.469 Modules scanning
17:35:29.476 Disk 0 trace - called modules:
17:35:29.504 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
17:35:29.509 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057c1790]
17:35:29.515 3 CLASSPNP.SYS[fffff88001aad43f] -> nt!IofCallDriver -> [0xfffffa8003cf76f0]
17:35:29.521 5 ACPI.sys[fffff88000f437a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046b7050]
17:35:29.823 AVAST engine scan C:\Windows
17:35:31.318 AVAST engine scan C:\Windows\system32
17:37:57.087 AVAST engine scan C:\Windows\system32\drivers
17:38:10.800 AVAST engine scan C:\Users\Icke
17:38:12.156 AVAST engine scan C:\ProgramData
17:39:07.785 Scan finished successfully
17:39:23.951 Disk 0 MBR has been saved successfully to "C:\Users\Icke\Desktop\MBR.dat"
17:39:23.956 The log file has been saved successfully to "C:\Users\Icke\Desktop\aswMBR_1.txt"
Vielen Dank für deine Mühe und deine geopferte Freizeit!!  |
|
13.11.2012, 20:01
| #6 |
| /// TB-Ausbilder | svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter Servus, was genau zeigt das Wartungscenter als "Win32/Adload.DA-Virus" an? Wo soll sich diese Datei befinden? Schritt 1
Code:
ATTFilter /md5start
svchost.exe
/md5stop
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.  Bitte lade Junkware Removal Tool auf Deinen Desktop.
Bitte poste mit deiner nächsten Antwort
|
|
15.11.2012, 14:25
| #7 |
| | svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter Hallo, die Meldung des Wartungscenters wurde schon archiviert und ich sehe keinen Dateipfad. OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.11.2012 15:45:40 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Icke\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 63,41% Memory free
7,93 Gb Paging File | 6,51 Gb Available in Paging File | 82,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,42 Gb Total Space | 53,27 Gb Free Space | 49,59% Space Free | Partition Type: NTFS
Drive E: | 179,73 Gb Total Space | 59,00 Gb Free Space | 32,83% Space Free | Partition Type: NTFS
Drive H: | 7,38 Gb Total Space | 2,70 Gb Free Space | 36,54% Space Free | Partition Type: FAT32
Drive Q: | 9,77 Gb Total Space | 9,68 Gb Free Space | 99,09% Space Free | Partition Type: NTFS
Computer Name: ICKE-THINK | User Name: Icke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< MD5 for: SVCHOST.EXE >
[2009.07.14 05:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009.07.14 05:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 05:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 05:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009.07.14 05:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 05:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< End of report >
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.0.9 (11.13.2012)
OS: Windows 7 Professional x64
Ran by Icke on 15.11.2012 at 16:52:25,36
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.11.2012 at 17:00:11,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
15.11.2012, 14:37
| #8 |
| /// TB-Ausbilder | svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter Servus, sieht ok aus. Wir machen nochmal einen Scan mit OTL zur Kontrolle: Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. |
|
18.11.2012, 10:05
| #9 |
| /// TB-Ausbilder | svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
20.11.2012, 18:46
| #10 |
| | svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter Falls es doch noch weitergeht: OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.11.2012 00:46:15 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Icke\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 60,38% Memory free 7,93 Gb Paging File | 6,41 Gb Available in Paging File | 80,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 107,42 Gb Total Space | 52,47 Gb Free Space | 48,85% Space Free | Partition Type: NTFS Drive E: | 179,73 Gb Total Space | 58,78 Gb Free Space | 32,70% Space Free | Partition Type: NTFS Drive H: | 7,38 Gb Total Space | 2,70 Gb Free Space | 36,54% Space Free | Partition Type: FAT32 Drive Q: | 9,77 Gb Total Space | 9,68 Gb Free Space | 99,09% Space Free | Partition Type: NTFS Computer Name: ICKE-THINK | User Name: Icke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.24 14:24:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe PRC - [2012.10.23 14:17:40 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.23 14:17:40 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.28 00:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.02.28 05:07:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe PRC - [2011.12.07 14:48:06 | 000,680,960 | ---- | M] () -- E:\Programme\NX8\License Server\ugslmd.exe PRC - [2011.11.04 17:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.07.12 20:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2011.07.12 18:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2011.07.12 18:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2009.08.20 04:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe PRC - [2009.08.07 08:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.08.07 08:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.07.07 13:16:28 | 001,510,152 | ---- | M] (Acresso Software Inc.) -- E:\Programme\NX8\License Server\lmgrd.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- E:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.01.16 12:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2011.08.11 13:20:42 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2011.03.29 21:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2009.07.29 18:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 05:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.11.08 01:31:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.30 01:51:14 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.23 14:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.28 00:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:29:06 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 22:57:42 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.07.03 22:50:59 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2012.07.03 22:50:58 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.05.23 01:12:02 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.02.28 05:07:00 | 000,244,800 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc) SRV - [2012.02.28 05:07:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2011.11.01 15:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.11.01 15:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2011.10.21 17:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.20 20:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2011.10.19 16:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.10.13 19:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.07.12 18:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011.07.12 18:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.07.12 18:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011.07.12 18:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.12.10 19:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.03.18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.15 08:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Programme\SolidWorks2010\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost) SRV - [2009.08.07 08:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.08.05 00:36:56 | 000,362,992 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.08.05 00:36:46 | 000,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.08.05 00:33:46 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10) SRV - [2009.08.05 00:33:34 | 000,166,384 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10) SRV - [2009.08.05 00:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009.07.07 13:16:28 | 001,510,152 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- E:\Programme\NX8\License Server\lmgrd.exe -- (UGS License Server (ugslmd) SRV - [2009.06.11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.01.16 12:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.01.04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- c:\program files\pc-doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06000000}_0) DRV:64bit: - [2012.10.23 14:18:31 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.23 14:18:31 | 000,364,096 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.23 14:18:31 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.23 14:18:30 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.23 14:18:30 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 20:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.09.26 19:53:00 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.09.20 08:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudobex.sys -- (ssudobex) DRV:64bit: - [2012.09.20 08:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 08:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.08.20 15:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2012.08.20 15:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2012.03.30 23:48:19 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2012.03.01 10:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.28 05:07:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2012.02.15 06:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.12.27 05:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011.12.23 15:30:56 | 000,412,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.10.31 17:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.10.19 16:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.10.19 16:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.08.11 13:20:42 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2011.06.10 08:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.29 21:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2011.03.29 21:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2011.03.11 10:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 10:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.13 13:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.11.20 17:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 15:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.09.07 16:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2010.01.27 13:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.09.15 15:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.08.07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.30 04:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.30 04:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2009.07.14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 04:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.14 03:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.01 07:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.01 07:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.01 07:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.06.11 01:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.11 01:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.11 01:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.11 00:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.11 00:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.07 10:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2006.10.13 03:21:00 | 000,016,080 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVicPort64.sys -- (TVicPort64) DRV - [2009.07.14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{2ABD4A28-5F89-4E40-BD3C-4D075F6ABB21}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{C9EE8ABB-94BF-4751-B615-B37F2FF43682}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ecosia.org/ IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{F94031AA-DDAB-44F2-892F-1E2FD8A54053}: "URL" = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch IE - HKCU\..\SearchScopes\{F9AA3DC2-9818-4F52-8287-1AF4DD4732D8}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org" FF - prefs.js..extensions.enabledAddons: en-US@dictionaries.addons.mozilla.org:6.0 FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3 FF - prefs.js..extensions.enabledAddons: firegestures@xuldev.org:1.6.18 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11 FF - prefs.js..network.proxy.http: "192.168.54.1" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.socks_version: 4 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: E:\Programme\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 01:51:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.03 10:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\Mozilla\Extensions [2012.11.06 15:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions [2012.11.06 15:10:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.25 19:22:50 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.09.17 11:16:02 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\en-US@dictionaries.addons.mozilla.org [2012.09.28 11:44:16 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\firefox@ghostery.com [2012.10.07 19:04:08 | 000,142,418 | ---- | M] () (No name found) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\firegestures@xuldev.org.xpi [2012.08.24 11:39:15 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.07.26 13:59:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.02 10:40:35 | 000,002,289 | ---- | M] () -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\64lejqo5.default\searchplugins\ecosia.xml [2012.10.30 01:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.30 01:51:16 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 05:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.23 16:21:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 05:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 05:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 05:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 05:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.13 21:05:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Adblock IE) - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Programme\MGTEK\Adblock IE\adblockie.dll (MGTEK) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Adblock IE) - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Element Behavior) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33C2304C-DFED-4FFA-8E36-EE693227F40B}: DhcpNameServer = 192.168.0.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F4159FE-891D-41FC-97AB-1A28FBBFB790}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DE41026-6AE1-4510-AEA2-EB15259ED781}: DhcpNameServer = 192.168.0.1 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.15 16:52:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2012.11.15 16:52:12 | 000,000,000 | ---D | C] -- C:\JRT [2012.11.15 03:47:00 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.15 03:47:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.15 03:25:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.15 03:25:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.15 03:25:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.15 03:25:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.15 03:25:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.15 03:25:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.15 03:25:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.15 03:25:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.15 03:25:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.15 03:25:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.15 03:25:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.15 03:25:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.15 03:25:43 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.15 03:25:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.15 03:25:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.15 03:14:19 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.15 03:14:16 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.15 03:14:15 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.15 03:14:15 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.15 03:13:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.15 03:12:49 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.11.14 17:30:35 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.14 17:30:35 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.14 17:30:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.14 17:30:22 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.14 17:30:21 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.14 17:30:20 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.14 17:30:19 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.14 17:30:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.14 17:30:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.14 17:30:14 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.14 17:30:13 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.14 11:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPSBabel [2012.11.13 21:45:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.13 20:52:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.13 20:52:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.13 20:52:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.13 20:51:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.13 20:51:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.12 22:57:52 | 005,000,679 | R--- | C] (Swearware) -- C:\Users\Icke\Desktop\ComboFix.exe [2012.11.12 21:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Navigator [2012.11.12 21:07:09 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\Navigator [2012.11.12 12:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 7.6.1 [2012.11.12 12:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter [2012.11.12 12:01:50 | 015,087,792 | ---- | C] (MiniTool Solution Ltd. ) -- C:\Users\Icke\Desktop\pwhe761.exe [2012.11.12 11:57:29 | 000,000,000 | ---D | C] -- C:\Users\Icke\Desktop\Klaus [2012.11.12 11:43:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.11.12 00:52:39 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Icke\Desktop\tdsskiller.exe [2012.11.12 00:38:19 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Icke\Desktop\aswMBR.exe [2012.11.09 13:38:30 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\Malwarebytes [2012.11.09 13:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.09 13:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.09 13:38:20 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.09 12:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.11.09 12:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.10.30 01:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.29 00:14:32 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2012.10.25 14:43:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.10.25 14:43:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.10.25 14:43:57 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.10.24 14:45:08 | 075,767,872 | ---- | C] (Microsoft Corporation) -- C:\Users\Icke\Desktop\msert.exe [2012.10.24 14:24:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.16 00:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.16 00:44:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.15 16:48:31 | 000,893,141 | ---- | M] () -- C:\Users\Icke\Desktop\JRT.exe [2012.11.15 15:18:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.11.15 12:43:53 | 001,654,782 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.15 12:43:53 | 000,714,880 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.15 12:43:53 | 000,665,854 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.15 12:43:53 | 000,154,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.15 12:43:53 | 000,124,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.15 12:11:52 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 12:11:52 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 04:18:29 | 000,000,438 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.11.15 04:17:17 | 000,482,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.15 04:16:08 | 3193,589,760 | -HS- | M] () -- C:\hiberfil.sys [2012.11.14 11:43:48 | 000,005,395 | ---- | M] () -- C:\Users\Icke\Desktop\HKI_Tour.kml [2012.11.13 21:33:07 | 000,011,307 | ---- | M] () -- C:\Users\Icke\Desktop\OTL_1.rar [2012.11.13 21:05:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.13 17:39:23 | 000,000,512 | ---- | M] () -- C:\Users\Icke\Desktop\MBR.dat [2012.11.12 22:59:36 | 005,000,679 | R--- | M] (Swearware) -- C:\Users\Icke\Desktop\ComboFix.exe [2012.11.12 20:05:46 | 000,541,569 | ---- | M] () -- C:\Users\Icke\Desktop\adwcleaner.exe [2012.11.12 19:47:57 | 013,657,306 | ---- | M] () -- C:\Users\Icke\Desktop\oruxmapshandbuch (1).pdf [2012.11.12 12:04:45 | 000,001,714 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter.lnk [2012.11.12 12:02:18 | 015,087,792 | ---- | M] (MiniTool Solution Ltd. ) -- C:\Users\Icke\Desktop\pwhe761.exe [2012.11.12 12:00:07 | 006,265,395 | ---- | M] () -- C:\Users\Icke\Desktop\sdfmt3_1.zip [2012.11.12 00:52:49 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Icke\Desktop\tdsskiller.exe [2012.11.12 00:38:51 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Icke\Desktop\aswMBR.exe [2012.11.08 01:31:23 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.11.08 01:31:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.11.06 23:06:57 | 000,148,596 | ---- | M] () -- C:\Users\Icke\Desktop\esche-5.pdf [2012.10.29 16:35:10 | 000,014,931 | ---- | M] () -- C:\Users\Icke\Desktop\Kontoumsaetze_710_784852600_20121029_133506.pdf [2012.10.28 02:48:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.10.24 14:45:59 | 075,767,872 | ---- | M] (Microsoft Corporation) -- C:\Users\Icke\Desktop\msert.exe [2012.10.24 14:31:01 | 000,000,020 | ---- | M] () -- C:\Users\Icke\defogger_reenable [2012.10.24 14:24:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe [2012.10.24 14:23:57 | 000,050,477 | ---- | M] () -- C:\Users\Icke\Desktop\Defogger.exe [2012.10.23 14:18:31 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.10.23 14:18:31 | 000,364,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.10.23 14:18:31 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.10.23 14:18:30 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.10.23 14:18:30 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.10.23 14:17:48 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.10.23 14:17:38 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.10.23 14:17:13 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.15 16:48:17 | 000,893,141 | ---- | C] () -- C:\Users\Icke\Desktop\JRT.exe [2012.11.15 15:18:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.11.15 03:47:07 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.15 03:14:15 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.14 11:43:47 | 000,005,395 | ---- | C] () -- C:\Users\Icke\Desktop\HKI_Tour.kml [2012.11.13 21:33:07 | 000,011,307 | ---- | C] () -- C:\Users\Icke\Desktop\OTL_1.rar [2012.11.13 20:52:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.13 20:52:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.13 20:52:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.13 20:52:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.13 20:52:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.12 20:05:46 | 000,541,569 | ---- | C] () -- C:\Users\Icke\Desktop\adwcleaner.exe [2012.11.12 19:47:56 | 013,657,306 | ---- | C] () -- C:\Users\Icke\Desktop\oruxmapshandbuch (1).pdf [2012.11.12 12:07:14 | 002,966,720 | ---- | C] () -- C:\Windows\SysNative\pwNative.exe [2012.11.12 12:07:14 | 000,019,032 | ---- | C] () -- C:\Windows\SysNative\pwdrvio.sys [2012.11.12 12:07:13 | 000,012,384 | ---- | C] () -- C:\Windows\SysNative\pwdspio.sys [2012.11.12 12:04:45 | 000,001,714 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter.lnk [2012.11.12 11:59:40 | 006,265,395 | ---- | C] () -- C:\Users\Icke\Desktop\sdfmt3_1.zip [2012.11.12 00:51:43 | 000,000,512 | ---- | C] () -- C:\Users\Icke\Desktop\MBR.dat [2012.11.06 23:06:53 | 000,148,596 | ---- | C] () -- C:\Users\Icke\Desktop\esche-5.pdf [2012.10.29 16:35:09 | 000,014,931 | ---- | C] () -- C:\Users\Icke\Desktop\Kontoumsaetze_710_784852600_20121029_133506.pdf [2012.10.24 14:31:01 | 000,000,020 | ---- | C] () -- C:\Users\Icke\defogger_reenable [2012.10.24 14:23:57 | 000,050,477 | ---- | C] () -- C:\Users\Icke\Desktop\Defogger.exe [2012.09.09 12:53:22 | 000,001,158 | ---- | C] () -- C:\Users\Icke\AppData\Roaming\ShiftN.ini [2012.07.10 13:43:03 | 000,017,408 | ---- | C] () -- C:\Users\Icke\AppData\Local\WebpageIcons.db [2012.07.03 22:55:32 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2012.05.23 20:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.23 20:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 20:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 20:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 20:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.02.15 06:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 06:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.31 08:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.13 02:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.02.13 06:09:20 | 000,007,605 | ---- | C] () -- C:\Users\Icke\AppData\Local\Resmon.ResmonCfg [2009.02.14 20:56:48 | 000,090,961 | ---- | C] () -- C:\Program Files (x86)\Russian.xml ========== ZeroAccess Check ========== [2009.07.14 08:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 09:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 08:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 05:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 16:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 05:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.11.2012 00:46:18 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Icke\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 60,38% Memory free
7,93 Gb Paging File | 6,41 Gb Available in Paging File | 80,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,42 Gb Total Space | 52,47 Gb Free Space | 48,85% Space Free | Partition Type: NTFS
Drive E: | 179,73 Gb Total Space | 58,78 Gb Free Space | 32,70% Space Free | Partition Type: NTFS
Drive H: | 7,38 Gb Total Space | 2,70 Gb Free Space | 36,54% Space Free | Partition Type: FAT32
Drive Q: | 9,77 Gb Total Space | 9,68 Gb Free Space | 99,09% Space Free | Partition Type: NTFS
Computer Name: ICKE-THINK | User Name: Icke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BABF2A1-637A-4084-B292-E826DE7F3D7B}" = rport=445 | protocol=6 | dir=out | app=system |
"{0C26AEA7-064F-4B03-A201-84B72ED98AA2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F8EA7B3-E292-484B-B0AD-C2E0CBD0143F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{16D72E81-97DD-4164-AF2B-C5325CCBEDAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{255EC4DA-CF94-4375-9FE6-E26FF4184679}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{27F8B943-AC7F-42B2-95AC-EC0478B3F24D}" = rport=137 | protocol=17 | dir=out | app=system |
"{295CA60B-6ABD-4F0D-A7D2-7B7487B7F04B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{35DF6FD2-168E-48A3-A2E8-6FAC54E46292}" = lport=445 | protocol=6 | dir=in | app=system |
"{39325C29-3CEA-458C-A697-582DA7A686D4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3D325A04-A17C-489D-A6D3-58DBD5A560ED}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3D8928E6-7183-47A0-8C2F-D952EFE819F9}" = rport=138 | protocol=17 | dir=out | app=system |
"{3DC69048-8F4E-45B2-9E7B-DFC0304B1636}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E8B43C8-4D64-46D6-91F4-084C8F31A362}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{446C87C0-79EC-4207-A424-EA71436840B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{47419B5F-9F02-40AF-905F-442A9FE0D319}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A3022C4-CC69-426C-BDF1-0E900549481D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4F09F633-F70D-4F71-9DCE-C725EB2D16FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51D5610F-B1ED-46B7-951C-AF560A260952}" = lport=139 | protocol=6 | dir=in | app=system |
"{6118851B-8F0D-45C2-9C64-94E7F2A383CB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6374B30D-4054-47A9-A957-2E8D38571F65}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{673F571D-15BD-47F1-BED1-2E3AF1BFBEB1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68989FFF-A070-4EE7-A790-3B019264970C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D5E4531-0309-4657-ABC8-87EA06933776}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7070992C-2BD9-4068-BBBC-C2F7BACF4D36}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{70DB773A-D061-42EA-BA6A-6551FDA1D15E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{73635DF1-1BE0-48B8-9113-730E56369561}" = lport=137 | protocol=17 | dir=in | app=system |
"{74556982-C81B-4A30-9010-D98366045AC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75BF8E8E-9D4A-4278-AD7C-660D89C273E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{768A9F52-9AD9-47A4-AC12-9896626514E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86639078-4FAA-4BBD-801A-F2491A572CFC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86CA5F0C-4379-4870-B825-B2510AA02A64}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8A2D15B9-6046-4FBC-8617-B852013DBD4A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8E3960BC-8700-4A68-BD32-FA005207FC20}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9B37623B-E0A7-4CC3-A06D-CD722DFBA21F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B33C1748-1A01-428B-9DBF-C0CBB78B5ECD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C147136A-967B-4ACC-819F-1AAFC5D568DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C193C39D-5703-426E-92A7-7EE0E57B8857}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C1F58D86-7799-4C92-9DCB-A679E9AC67E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCD27FA1-D1B2-4290-B6B0-55B2D1430BB7}" = lport=138 | protocol=17 | dir=in | app=system |
"{E6D09F65-F8A0-48C4-9B73-8F6E1BAEA955}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F05FBBF3-F141-40FA-9251-044B6FF98569}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F13A4F41-C381-45BC-8CA2-4213FC074C3C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FF193833-6D5F-4F64-81A5-0F7CAD9F075E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017E266F-E9F3-4D80-9A8F-5838C2BF8905}" = protocol=17 | dir=in | app=e:\programme\winamp remote\bin\orbtray.exe |
"{065273DD-F0F6-4A6B-855D-4DB8E48CB2E5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{097C22C4-7D6E-480F-BF43-A55662E08621}" = protocol=6 | dir=in | app=e:\users\icke\appdata\roaming\dropbox\bin\dropbox.exe |
"{0D18E393-73F2-48E2-861A-1B4132EDCC32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{105E8DC9-77C6-432B-950E-DF97549E5C96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{16C67ECE-EE4E-40F5-A3B2-191D741A6468}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{170DA58E-B06E-47B1-B3C5-BED098875DD1}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{1C401B0A-DDC3-408F-9001-83CC9EACD96A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E53021A-EF98-4657-8B0A-F6ED236C2B6F}" = protocol=6 | dir=out | app=system |
"{21B6429F-DEAE-4292-97C5-10E9172A59B0}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{220864F8-3598-4D9C-8A97-B897BA599C5D}" = protocol=6 | dir=in | app=e:\programme\winamp remote\bin\orb.exe |
"{22B61563-CF6D-41E8-9CC5-0ADC5F293AE2}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{2C417F54-C77F-4DFF-816B-B7E29832E487}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DFAE118-0386-4CBE-8B6D-4A4BE10832F5}" = protocol=17 | dir=in | app=e:\users\icke\appdata\roaming\dropbox\bin\dropbox.exe |
"{2EE6245A-116F-4910-BACA-27E0F7E9F997}" = protocol=6 | dir=in | app=e:\programme\winamp remote\bin\orbir.exe |
"{31827C46-B09E-4E5B-9934-97209FCE6AE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{32896B17-3618-4351-B3C2-A8E5D0FE72DD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{32A541E4-C6B1-4843-9ED8-2870DA89B1A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B4C5CBC-4747-4774-98AB-E5ACA5D60F6D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{3C86C26E-F00B-4DF6-A176-784A349D8F16}" = protocol=6 | dir=in | app=e:\programme\winamp remote\bin\orbtray.exe |
"{40C5C9A3-E2BC-4A8E-85C8-5E26FE4A2160}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{45E7631A-692B-49BF-99A1-A844B09B49C8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{464D507A-6AE7-4C64-8AB0-139DC80D58B1}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{489BC5E2-15C5-4D13-BDA4-BF57681EDDC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4FAFA728-7530-471C-A7F2-0DA592CFAEEE}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{51A900FB-2546-4ED9-BBB7-986739E13E24}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{52103536-0480-4185-98E2-FE7523380631}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{552EFAB3-E5BE-46EC-A952-5B75232599DE}" = protocol=17 | dir=in | app=e:\programme\winamp remote\bin\orbir.exe |
"{581B8BDC-E6A2-4CF4-B56E-BD41D4476D36}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5CB3828F-5511-4A92-8994-17B5FB212295}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5EA989E0-4D4A-4D88-AF29-4B1CC66DD198}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5EB6EDAF-7648-4413-A1D0-C380B360BEC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6D0A1853-32C7-48C8-850A-85B1262F9D12}" = protocol=6 | dir=in | app=c:\program files\solidworks2010\solidworks\swscheduler\dtscoordinatorservice.exe |
"{7413DCF7-B69E-4B79-9D01-0D7131BF1C86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7434A214-0500-4496-8324-48E40C2624C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{749BBD15-1107-4897-8E95-DB7386A3BD5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78E0F27B-2456-4400-BE61-6C9A1A8C3010}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7F4E381B-ED72-4D46-924D-247584CDD9F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{868DD805-7647-42D5-82E7-09D342E7F0CD}" = protocol=6 | dir=in | app=e:\programme\winamp remote\bin\orbstreamerclient.exe |
"{8766DFB1-9155-4EBA-BF6B-2D80744CB1F3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8836C752-FF09-4961-917C-8D7969D72D64}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{89D21174-E63B-49BA-9B6E-F3367FF17869}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{8BC19199-5938-494A-8835-F377BA7AA061}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{9C7C9D09-A5C3-4666-B692-3AF900858698}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A56DACBD-AA35-4933-AE06-0DAAABA649D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{D1503485-A6E2-4618-B360-0B062D2C1544}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D50856FB-3368-4F74-AFFB-44E1E7EC2D63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDF9DDE5-CD25-40E0-B48B-098D4244D1EB}" = protocol=17 | dir=in | app=e:\programme\winamp remote\bin\orbstreamerclient.exe |
"{DF6423A0-9989-41E7-A3EA-55D21473D360}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E25AEB48-2198-4151-92A2-3075340A2045}" = protocol=17 | dir=in | app=e:\users\icke\appdata\roaming\dropbox\bin\dropbox.exe |
"{E29178B4-E6F1-4BA2-800C-46F9F84B4357}" = protocol=17 | dir=in | app=c:\program files\solidworks2010\solidworks\swscheduler\dtscoordinatorservice.exe |
"{E716A6B2-9F2E-435C-8311-250B8FC05EDB}" = protocol=6 | dir=in | app=e:\users\icke\appdata\roaming\dropbox\bin\dropbox.exe |
"{E8ECDD31-41D4-408F-B0BE-9F6E7093225B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F1E2B092-7479-480D-BAF2-1EC06A56259A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2C0BC09-1F5D-4E48-B5BB-A8AA9AD96716}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F9623A8C-D69D-45A2-8B65-180400AB6D06}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FD92A07B-3A26-40FC-804F-220F5FB751A3}" = protocol=17 | dir=in | app=e:\programme\winamp remote\bin\orb.exe |
"{FF745AAF-F7FA-4451-B5E1-B4D20BE4B1F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0CD6BF0E-6D23-40A2-953E-127BD8514734}E:\programme\nx8\ugii\ugraf.exe" = protocol=6 | dir=in | app=e:\programme\nx8\ugii\ugraf.exe |
"TCP Query User{16BA6BE4-0967-492E-9F1D-02B28CFA5697}C:\interzet\z-tv\z-tv.exe" = protocol=6 | dir=in | app=c:\interzet\z-tv\z-tv.exe |
"TCP Query User{171A0A88-CD00-479D-B852-AC5A4AF77C44}C:\interzet\strongdc++\strongdc.exe" = protocol=6 | dir=in | app=c:\interzet\strongdc++\strongdc.exe |
"TCP Query User{347FE3DD-B67D-445F-869F-F6951AEA08A6}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{3A65CF72-4339-4E1B-96C4-A1877E6329EB}C:\interzet\z-tv\z-tv.exe" = protocol=6 | dir=in | app=c:\interzet\z-tv\z-tv.exe |
"TCP Query User{775FB6BC-F3E2-4485-A6D7-454663707405}E:\spiele\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=6 | dir=in | app=e:\spiele\stronghold 3\bin\win32_release\stronghold3.exe |
"TCP Query User{A67F5585-41A8-40B9-9406-BD104AA238D2}E:\programme\nx8\ugii\ugraf.exe" = protocol=6 | dir=in | app=e:\programme\nx8\ugii\ugraf.exe |
"TCP Query User{BDCA84CF-49A2-4DB5-8AF6-4A2D17C5E2A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{1D281B83-7C8A-4832-8280-0BA557CEE140}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{4202CD6D-11DE-4C02-A998-9947B8FCCCBF}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"UDP Query User{5B1D032E-33FC-4861-BC03-3CA24B480219}E:\programme\nx8\ugii\ugraf.exe" = protocol=17 | dir=in | app=e:\programme\nx8\ugii\ugraf.exe |
"UDP Query User{5C71192F-4C0A-43FC-81C7-F2D29E8EB33A}E:\spiele\stronghold 3\bin\win32_release\stronghold3.exe" = protocol=17 | dir=in | app=e:\spiele\stronghold 3\bin\win32_release\stronghold3.exe |
"UDP Query User{80064EDD-601E-478B-A4B1-4D09501AE202}C:\interzet\strongdc++\strongdc.exe" = protocol=17 | dir=in | app=c:\interzet\strongdc++\strongdc.exe |
"UDP Query User{CF9A201E-CBDB-4B8D-96EE-AD5121C5F477}C:\interzet\z-tv\z-tv.exe" = protocol=17 | dir=in | app=c:\interzet\z-tv\z-tv.exe |
"UDP Query User{D695A152-7DDB-4C50-8A1D-FC8D1812B792}C:\interzet\z-tv\z-tv.exe" = protocol=17 | dir=in | app=c:\interzet\z-tv\z-tv.exe |
"UDP Query User{E20C3033-4F9E-4A90-9D6B-63C98FC4F067}E:\programme\nx8\ugii\ugraf.exe" = protocol=17 | dir=in | app=e:\programme\nx8\ugii\ugraf.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09D47015-4E54-4F39-A362-56AA860987AB}" = Russisch - ME
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0 x64 Edition
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51676C0E-2D18-49F3-A1BE-005DE2654168}" = Siemens NX 8.0
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{58160868-037B-42CD-B575-AF804A2F0F47}" = Adblock IE 1.1
"{5ECBC7E9-4426-4BA2-91E0-B80C960AC132}" = Russisch - Custom
"{5F352F3C-160B-713A-A031-18293EC4CA5A}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1" = TPFanControl v0.62
"{7A80B61A-72A1-7800-C4B0-855F056243DA}" = ccc-utility64
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0419-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Russian) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F12D74-C53F-6276-73CB-851E73482270}" = AMD Drag and Drop Transcoding
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C4171DD9-EED6-2613-312A-FC8E168E7C3B}" = AMD Accelerated Video Transcoding
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi-Software
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{E9173A5F-22A6-4152-848E-45851DB99162}" = SolidWorks 2010 x64 Edition SP0
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0D12EED917642F81501AB8731CEFC39641FB12CF" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892)
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows-Treiberpaket - Intel hdc (06/04/2009 7.0.0.1013)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"4F8C829E03DB3C4ACA41DAA8ACFF40A7E37DB808" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (06/24/2009 6.0.1.5880)
"97BC12BC08DF3620DB6595D0CE3B078F10B7CA56" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (06/24/2009 5.10.0.5880)
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"VLC media player" = VLC media player 2.0.2
"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.6.1
"{05DCB19F-234A-7E88-522D-4C90F3D501EE}" = CCC Help Chinese Standard
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0825DB8F-54A6-1964-3E8E-D9548777447E}" = CCC Help Greek
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0116D6-60DD-9DDB-39A3-B9E82EB82FFA}" = CCC Help Finnish
"{0D6F13C8-83EE-5B1E-AFA2-D048118F8E17}" = CCC Help Swedish
"{0E9E7F27-15EA-C664-796F-BF0B51FAA8D2}" = CCC Help Danish
"{1204BC47-3822-B05A-ED32-987F3653A954}" = Catalyst Control Center Graphics Previews Common
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1577F264-A7FC-5A53-823B-D1EDF32D611D}" = CCC Help Japanese
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14 Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{26C5D4C6-E7EC-64B2-E119-549D9B271820}" = CCC Help Turkish
"{28241D8C-C149-57A3-9659-6C1C2F3588C5}" = CCC Help Czech
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E4125CE-DDCF-8CF6-5A4E-88735CF284F9}" = Gapminder Desktop
"{32C09AEA-BCAE-4595-0A9E-1DA30A0CA936}" = CCC Help English
"{3880E12E-99E8-0191-B947-498F87E360E1}" = CCC Help Korean
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C8BD1B0-5E91-573D-A5F5-B80430D30436}" = CCC Help Spanish
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4026AEE5-528D-72E8-9A23-C51C7EBCB124}" = CCC Help Norwegian
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8FD0B6-CFC9-E468-357C-E6EAA83EE2EB}" = CCC Help German
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{53A5DF5E-E0B2-64D7-9908-500B590B0C7F}" = CCC Help Polish
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56DCD20A-E558-4396-AF59-14D15AA737BB}" = DWGeditor
"{59C45031-B4B1-EAA3-01B3-23FF59A1DDB5}" = CCC Help Thai
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
"{73A0F8AC-61F6-4C86-D448-7EB8C066A0F3}" = CCC Help French
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75430901-2556-AAAF-C31A-CB35BEE5DB71}" = CCC Help Hungarian
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8651BEDC-F331-8263-B856-696194F55B9A}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8D4F1C64-4E17-9532-E0DC-A08E2A7A7502}" = CCC Help Chinese Traditional
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0419-0000-0000000FF1CE}" = Microsoft Office Access MUI (Russian) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0419-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Russian) 2007
"{90120000-0017-0419-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Russian) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0419-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Russian) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0419-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Russian) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0419-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Russian) 2007
"{90120000-001A-0419-0000-0000000FF1CE}_OMUI.ru-ru_{06BBE4EF-FA0F-43D4-8DE6-12B15AE6DC8F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0419-0000-0000000FF1CE}" = Microsoft Office Word MUI (Russian) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0419-0000-0000000FF1CE}" = Microsoft Office Proofing (Russian) 2007
"{90120000-0044-0419-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Russian) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0419-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Russian) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0419-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Russian) 2007
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0419-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Russian) 2007
"{90120000-0100-0419-0000-0000000FF1CE}" = Microsoft Office O MUI (Russian) 2007
"{90120000-0101-0419-0000-0000000FF1CE}" = Microsoft Office X MUI (Russian) 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD17B01-2356-455D-5397-1BED89DFA07F}" = CCC Help Dutch
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABF2877B-DDCF-7527-BC7D-685F441AE161}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B40EED7A-63D4-4ED2-910D-9A64FF94DF22}" = UGSLicensing
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BB87040F-C72D-69D8-356B-F7ABE8FD792E}" = CCC Help Portuguese
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4625A3D-F9A3-D5F4-F60F-2BB24DCC1C01}" = Catalyst Control Center
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DB9E4EAB-2717-499F-8D56-4CC8A644AB60}" = MPlayer für Windows (Full Package)
"{DFDDBC6C-54F0-A526-40C5-E3DC41BD4098}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}" = Mathcad 14
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14 Resource Center
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F06119B1-23C6-8EB7-D8B9-1EDBAC8B254A}" = Catalyst Control Center Localization All
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"avast" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"DAEMON Tools Lite" = DAEMON Tools Lite
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"iZet 1.06" = iZet 1.06
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.ru-ru" = Microsoft Office Language Pack 2007 - Russian/русский
"Opera 12.10.1652" = Opera 12.10
"Orb" = Winamp Remote
"PROHYBRIDR" = 2007 Microsoft Office system
"ShiftN_is1" = ShiftN 3.6.1
"SolidWorks Installation Manager 20100-40000-1100-100" = SolidWorks 2010 x64 Edition SP0
"SpeedFan" = SpeedFan (remove only)
"StrongDC++ 2.42" = StrongDC++ 2.42
"TreeSize Free_is1" = TreeSize Free V2.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WizMouse_is1" = WizMouse v1.6.0.2
"Zattoo4" = Zattoo4 4.0.5
"Z-TV -" = Z-TV -
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Lenovo-Lenovo Patch Utility/Admin Events ]
Error - 27.10.2012 16:43:44 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to download the manifest file.
Error - 27.10.2012 16:43:44 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to get available patch. Return 2.
Error - 27.10.2012 16:43:44 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to get available patch. Return 2.
Error - 29.10.2012 03:53:37 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise
konnten nicht übersetzt werden.
Error - 29.10.2012 03:53:40 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml".
Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
Error - 29.10.2012 03:53:40 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to download the manifest file.
Error - 29.10.2012 03:53:40 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to get available patch. Return 2.
Error - 06.11.2012 09:34:32 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise
konnten nicht übersetzt werden.
Error - 06.11.2012 09:34:34 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 1
Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml".
Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
Error - 06.11.2012 09:34:34 | Computer Name = Icke-THINK | Source = Lenovo Patch Utility | ID = 2
Description = Failed to download the manifest file.
[ Lenovo-Message Center Plus/Admin Events ]
Error - 11.02.2010 10:11:11 | Computer Name = Icke-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. ->
Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
[ System Events ]
Error - 15.11.2012 16:44:21 | Computer Name = Icke-THINK | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
|
|
20.11.2012, 20:44
| #11 |
| /// TB-Ausbilder | svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter Servus, Schritt 1
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
|
21.11.2012, 13:56
| #12 |
| | svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter MBAM Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.20.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Icke :: ICKE-THINK [Administrator] 21.11.2012 00:33:42 mbam-log-2012-11-21 (00-33-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 246846 Laufzeit: 4 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Zu den Dateien, die er nicht säubern kann und die angeblich befallen sind: Ich habe sie erst letzte Woche Mittwoch heruntergeladen und installiert. Meine Probleme sind aber älter. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c78040b9b918174b80fa11b30610cc80
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-21 12:05:47
# local_time=2012-11-21 04:05:47 (+0400, Russische Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 5203 105075262 0 0
# compatibility_mode=8192 67108863 100 0 580 580 0 0
# scanned=387666
# found=4
# cleaned=0
# scan_time=54135
C:\Users\Icke\Downloads\cbsidlm-tr1_7-GPX_to_KMZKML_Converter-ORG2-10619126.exe Win32/DownloadAdmin.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Icke\Downloads\gpx to kmz kml converter.exe MSIL/Solimba application (unable to clean) 00000000000000000000000000000000 I
E:\Users\Icke\Downloads\cbsidlm-tr1_7-GPX_to_KMZKML_Converter-ORG2-10619126.exe Win32/DownloadAdmin.D application (unable to clean) 00000000000000000000000000000000 I
E:\Users\Icke\Downloads\gpx to kmz kml converter.exe MSIL/Solimba application (unable to clean) 00000000000000000000000000000000 I
Code:
ATTFilter Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.65.1.1000 Java 7 Update 9 Adobe Flash Player 11.5.502.110 Adobe Reader X (10.1.4) Mozilla Firefox (16.0.2) ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
21.11.2012, 16:06
| #13 |
| /// TB-Ausbilder | svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Bitte aktiviere die Benutzerkontensteuerung, wie es hier beschrieben ist. Schritt 2 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 3 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 4 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 5 Downloade dir bitte delfix auf deinen Desktop.
Schritt 6
Schritt 7 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
22.11.2012, 20:47
| #14 |
| /// TB-Ausbilder | svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu svchost.exe verursacht zeitweise 100% CPU-Auslastung + Adload.DA-Virus-Fund im Wartungscenter |
| 100%, adblock, adload.da-virus, administratorrechte, auslastung, bingbar, canon, failed, frage, hotspot, install.exe, installation, jdownloader, lenovo, microsoft office 2003, ntdll.dll, office 2007, plug-in, pwmtr64v.dll, required, russisch, saving, scan, server, software, svchost, svchost.exe, visual studio, wartungcenter, win32/adload.da-virus, windows, wlansvc, wrapper |
Textbox.
Linear-Darstellung
