|
Plagegeister aller Art und deren Bekämpfung: Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im RuhezustandWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.05.2014, 19:11 | #1 |
| Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand Hallo zusammen, nachdem ich den ganzen Tag zweifelhaft und erfolglos nach einer Lösung für mein Problem gesucht habe, versuche ich es nun auf diesem Wege. Seit einigen Tage beansprucht der Dienst "DsmSvc" (Anzeigename: Geräteinstallations-Manager, Pfad zur exe: C:\WINDOWS\system32\svchost.exe -k netsvcs) auf meinem Windows 8.1-System eine konstante Prozessorauslastung zwischen 20-30% (Screenshot im Anhang). Laut Process Explorer hängt dieses u.a. mit der Datei ntdll.dll zusammen (nach Makierung des Threads, Klick auf Module). Auch die Länge der Gmer.txt (im Anhang) scheint auf Probleme mit der Datei schließen zu lassen ... Ich habe meinen Rechner durch Avast, Spybot, Malwarebytes, Ad-Aware, MRT, TDSSKiller und Hitman Pro prüfen lassen. Dieses hat aber leider nichts ergeben. Aktuell kann ich den Dienst im Process Explorer manuell beenden und komme so wieder auf meine 4% Auslastung im Ruhezustand zurück, aber das kann nicht die Lösung sein. Wie kommt es zu dieser Auslastung durch den Dienst und wie kann ich es beheben? Ich bin gespannt auf Eure Antworten und danke schonmal im Voraus für Eure Mühen. Norbert defogger_disable.log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:38 on 04/05/2014 (User) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014 Ran by User (administrator) on THINKPAD_X1 on 04-05-2014 17:56:40 Running from C:\Users\User\Desktop Windows 8.1 Pro (Update 1) (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\Avast\AvastSvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apache Software Foundation) C:\SecureWAMP\Apache2\bin\httpd.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Apache Software Foundation) C:\SecureWAMP\Apache2\bin\httpd.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Ericsson AB) C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\WMCore.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\NalService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Google Inc.) C:\Users\User\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google Inc.) C:\Users\User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (www.bid-o-matic.org) C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (AVAST Software) C:\Program Files\Avast\AvastUI.exe (Deutsche Telekom AG) C:\Users\User\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] => [X] HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll [74288 2014-03-04] (Lenovo Corporation) HKLM\...\Run: [LenovoNal] => C:\Program Files\Lenovo\Lenovo Peer Connect\NalService.exe [19960 2013-10-18] (Lenovo) HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Avast\AvastUI.exe [3854640 2014-04-11] (AVAST Software) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-30] (Intel Corporation) HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1719456 2013-12-10] (SunplusIT, Inc.) HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-14] (Intel Corporation) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis) Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-16] (Google Inc.) HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\Run: [Google+ Auto Backup] => C:\Users\User\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3701064 2014-03-26] (Google Inc.) HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google) HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\Run: [MusicManager] => C:\Users\User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7382528 2014-03-03] (Google Inc.) HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\Run: [GoogleChromeAutoLaunch_BA09B07B8B80D23F626FFA7CBB47CC99] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.) HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\MountPoints2: {c0e0110d-8905-11e3-beca-b8763fa784a8} - "E:\start.exe" Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk ShortcutTarget: Biet-O-Matic.lnk -> C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk ShortcutTarget: Mediencenter.lnk -> C:\Users\User\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://127.0.0.1:8000/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM - DefaultScope {6DFBD600-698E-4452-994D-931E637AC187} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS SearchScopes: HKLM - {6DFBD600-698E-4452-994D-931E637AC187} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS SearchScopes: HKLM-x32 - {6DFBD600-698E-4452-994D-931E637AC187} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS SearchScopes: HKCU - DefaultScope {6DFBD600-698E-4452-994D-931E637AC187} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKCU - {6DFBD600-698E-4452-994D-931E637AC187} URL = BHO: Deaktivierungs-Add-on für Browser von Google Analytics - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll (Google, Inc.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Deaktivierungs-Add-on für Browser von Google Analytics - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel) FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel) FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flash Video Downloader - Full HD Download - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\artur.dubovoy@gmail.com [2014-04-28] FF Extension: Aptana Debugger - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\debugger@aptana.com [2014-02-13] FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\firebug@software.joehewitt.com.xpi [2014-02-13] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2013-12-04] FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2014-04-23] FF Extension: DownThemAll! - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-02-11] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Avast\WebRep\FF [2013-08-07] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-25] FF HKCU\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-03-12] Chrome: ======= CHR HomePage: CHR StartupUrls: "", "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D3440791-4A1F-11E2-BA13-028037EC0200}", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=48" CHR Extension: (BIODIGITAL HUMAN) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-05-04] CHR Extension: (Xmarks Bookmark Sync) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-05-04] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04] CHR Extension: (Schalten Sie das Licht) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-05-04] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-04] CHR Extension: (OneTab) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2014-05-04] CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-05-04] CHR Extension: (Spotify - Music for every moment) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-04] CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04] CHR Extension: (iLove Google Tasks (not by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\djagodlhefkdlmdhboaonegjldnomnnm [2014-05-04] CHR Extension: (Gmail offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-05-04] CHR Extension: (Google Kalender) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-05-04] CHR Extension: (Box - 10GB of FREE storage) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-05-04] CHR Extension: (ZenMate for Google Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-05-04] CHR Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2014-05-04] CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2014-05-04] CHR Extension: (ThinkVantage Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\geempcnjhccnoepfmahaeemnnfnignab [2014-05-04] CHR Extension: (avast! Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-04] CHR Extension: (Gantter for Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo [2014-05-04] CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-05-04] CHR Extension: (BeeLine Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifjafammaookpiajfbedmacfldaiamgg [2014-05-04] CHR Extension: (eBook Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiodggcinjkmjlciplimhpejdocioond [2014-05-04] CHR Extension: (Save to Pulse) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnghiiajfangdaolekmphkaohhcnklj [2014-05-04] CHR Extension: (Shareaholic für Google Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2014-05-04] CHR Extension: (Smooth Gestures) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2014-05-04] CHR Extension: (Google Maps) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-05-04] CHR Extension: (DSL speedtest) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibbfkdeofpfmkclkgjfnjppdblhpddj [2014-05-04] CHR Extension: (Google Mail-Checker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-05-04] CHR Extension: (Asana) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafkcmbfnknnkmbdbdhflbidiigecfln [2014-05-04] CHR Extension: (Better Google Tasks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhddnkmimnokfjdlogacnfjfclgcdme [2014-05-04] CHR Extension: (Export for Trello) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhdelomnagopgaealggpgojkhcafhnin [2014-05-04] CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-05-04] CHR Extension: (Facebook Notifications) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2014-05-04] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04] CHR Extension: (Live Sports) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2014-05-04] CHR Extension: (imo free video calls and text) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2014-05-04] CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2014-05-04] CHR Extension: (Page Monitor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-05-04] CHR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-05-04] CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\User\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-03-21] CHR HKLM-x32\...\Chrome\Extension: [geempcnjhccnoepfmahaeemnnfnignab] - C:\Program Files (x86)\Lenovo\Password Manager\chrome_npapi_extension.crx [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-11] ==================== Services (Whitelisted) ================= S4 AAV UpdateService; C:\Program Files (x86)\Steuer-Spar-Erklaerung Plus 2013\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 ApacheServer; C:\SecureWAMP\Apache2\bin\httpd.exe [20992 2012-11-05] (Apache Software Foundation) R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [50344 2014-04-11] (AVAST Software) S4 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2014-03-04] (Lenovo Corporation) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.) R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.) S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation) S4 LavasoftAdAwareService11; C:\Program Files\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] () S4 Lenovo QuickSnip Service; C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe [235488 2012-12-14] (LENOVO INCORPORATED.) S4 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-03-10] (Lenovo Group Limited) R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [576992 2012-12-14] (LENOVO INCORPORATED.) S4 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2014-03-04] (Lenovo Corporation) S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) S4 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21496 2013-10-18] (Lenovo) S4 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] () S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] () S4 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14255 2013-10-25] () S4 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59440 2013-12-16] (Lenovo Group Limited) S4 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [319024 2013-12-16] (Lenovo Group Limited) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\WMCore.exe [883472 2012-05-03] (Ericsson AB) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-02] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-11] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-11] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-11] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-11] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-11] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-11] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-11] () R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 cbfs3; C:\WINDOWS\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R3 DisplayLinkUsbIo_x64; C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-10-17] () R3 dlcdcncm6_x64; C:\Windows\system32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-07] (DisplayLink Corp.) R3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [203152 2013-10-07] (DisplayLink Corp.) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-10-27] (DT Soft Ltd) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] () S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation) R3 l36wgps; C:\Windows\system32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB) R3 l36wscard; C:\Windows\system32\DRIVERS\l36wscard.sys [61992 2011-08-17] (Ericsson AB) R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [27496 2012-07-30] (Lenovo) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-04] (Malwarebytes Corporation) R3 Mbm4bus; C:\Windows\System32\drivers\Mbm4bus.sys [159816 2011-08-22] (MCCI Corporation) R3 Mbm4mdfl; C:\Windows\system32\DRIVERS\Mbm4mdfl.sys [19528 2011-08-22] (MCCI Corporation) R3 Mbm4mdm; C:\Windows\system32\DRIVERS\Mbm4mdm.sys [179784 2011-08-22] (MCCI Corporation) R3 Mbm4mgmt; C:\Windows\system32\DRIVERS\Mbm4mgmt.sys [161864 2011-08-22] (MCCI Corporation) R3 Mbm4NNd5; C:\Windows\system32\DRIVERS\Mbm4NNd5.sys [33352 2011-08-22] (MCCI Corporation) R3 Mbm4NUn; C:\Windows\System32\drivers\Mbm4NUn.sys [194120 2011-08-22] (MCCI Corporation) S3 MbmLowExt; C:\Windows\System32\Drivers\MbmLowExt.sys [35840 2012-12-07] (Ericsson AB) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1514144 2013-12-10] (Sunplus) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-01-25] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-01-25] (Acronis International GmbH) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) U3 pxddakog; \??\C:\Users\User\AppData\Local\Temp\pxddakog.sys [X] ==================== NetSvcs (Whitelisted) =================== Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014 Ran by User at 2014-05-04 17:56:00 Running from C:\Users\User\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis) Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden Ad-Aware Antivirus (HKLM\...\{6A16ADA5-0B30-4893-84AB-961B1340D14A}_AdAwareUpdater) (Version: 11.1.5354.0 - Lavasoft) AdAwareInstaller (Version: 11.1.5354.0 - Lavasoft) Hidden AdAwareUpdater (Version: 11.1.5354.0 - Lavasoft) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Agent Ransack x64 (HKLM\...\{AC1F33CB-82C6-46AD-8A99-F445B0A02753}) (Version: 7.0.819.1 - Mythicsoft Ltd) Album Art Downloader XUI 1.01 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.01 - hxxp://sourceforge.net/projects/album-art) Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software) AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software) Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd) Deaktivierungs-Add-on für Browser von Google Analytics (HKLM\...\{9F540EA8-086E-4D53-B845-A06E6903DED6}) (Version: 0.9.6.0 - Google Inc.) digiKam 3.4.0 (HKLM-x32\...\digiKam) (Version: 3.4.0 - The digiKam team) Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) DisplayLink Core Software (HKLM\...\{404BDC67-C588-42E1-824A-2838571AEE6F}) (Version: 7.4.51572.0 - DisplayLink Corp.) DisplayLink Graphics (HKLM\...\{F8D0059A-CC6D-414F-A36F-FEDAE2588000}) (Version: 7.4.51587.0 - DisplayLink Corp.) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ExamDiff 1.9 (Build 1.9.0.2) (HKLM-x32\...\ExamDiff_is1) (Version: 1.9.0.2 - PrestoSoft LLC) Exifer (HKLM-x32\...\Exifer_is1) (Version: - Friedemann Schmidt) foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation) Freeplane (HKLM\...\{D3941722-C4DD-4509-88C4-0E87F675A859}_is1) (Version: 1.2.23 - Open source) GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team) Git version 1.8.5.2-preview20131230 (HKLM-x32\...\Git_is1) (Version: 1.8.5.2-preview20131230 - The Git Development Community) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.) Google Contact Sync (HKCU\...\8569f13e8439d3c0) (Version: 2.0.0.6 - Heartofangel.com) Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.) Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.) Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) InfoBibliothek 2 (HKLM-x32\...\{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}) (Version: 1.08.03.02 - Wolters Kluwer Deutschland GmbH) Integrated Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.7.31 - SunplusIT) Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41651) (Version: 3.8.0.41651.58 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel(R) PRO/Wireless Driver (Version: 16.01.3000.0512 - Intel Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{828af006-cb5e-4d60-957a-523098a1b0f8}) (Version: 16.1.3 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 16.01.3000.0254 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden KDiff3 (remove only) (HKLM-x32\...\KDiff3) (Version: - ) KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.10 - ) Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.05.0013 - Lenovo Group Limited) Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited) Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.1 - Lenovo) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - ) Lenovo QuickControl (HKLM-x32\...\{4855C42F-5197-4AAD-A50D-5066D2CC4647}) (Version: 2.00 - Lenovo Group Limited) Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.2.2.0 - Lenovo Corporation) Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.3.0.10 - Lenovo Group Limited) Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.0.0.16 - Lenovo Group Limited) Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.1.0.5 - Lenovo Group Limited) Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo) Lenovo USB 2.0 Ethernet Adapter (HKLM-x32\...\{29584513-DC7F-4EB9-8654-7C541DF0DDCE}) (Version: 1.02 - Lenovo) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Mediencenter 3.8.9799.6 (HKCU\...\Mediencenter) (Version: 3.8.9799.6 - Deutsche Telekom AG) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.145.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (Version: 2.3.145.0 - Microsoft Corporation) Hidden Mobile Broadband Drivers (HKLM-x32\...\{68D0E8C7-E4F8-424E-A6D6-97A06A323FFE}) (Version: 8.0.10.1 - Ericsson AB) Mobile Broadband Drivers (HKLM-x32\...\{EA9640BE-414E-4195-B53B-7905BF1A5A09}) (Version: 7.1.2.0 - Ericsson AB) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 29.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0 (x86 de)) (Version: 29.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich) MPC-HC 1.6.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.6.8.7417 - MPC-HC Team) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.) MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall) MySQL Connector C++ 1.1.3 (HKLM\...\{5C7A1ED6-DC5F-4017-B363-3E80644B4BD0}) (Version: 1.1.3 - Oracle and/or its affiliates) MySQL Connector J (HKLM-x32\...\{4C5FFB59-6222-45CA-9257-EFB93D5E1756}) (Version: 5.1.26 - Oracle Corporation) MySQL Connector Net 6.7.4 (HKLM-x32\...\{D6952EDA-6AC4-4480-A060-BD6025B15BAD}) (Version: 6.7.4 - Oracle) MySQL Connector/ODBC 5.2 (HKLM\...\{6F4E90AC-3B32-4631-A9E5-5CC0186CA97B}) (Version: 5.2.6 - Oracle Corporation) MySQL Documents 5.6 (HKLM-x32\...\{D5080D2C-37D0-4701-B74D-4A7449584E6D}) (Version: 5.6.14 - Oracle Corporation) MySQL Examples and Samples 5.6 (HKLM-x32\...\{44D03537-3061-490B-BF0C-DACA4DEE8797}) (Version: 5.6.14 - Oracle Corporation) MySQL Installer (HKLM-x32\...\{D8BAC677-5CCD-49FA-BF7D-21F65AB0EE0E}) (Version: 1.3.2.0 - Oracle Corporation) MySQL Notifier 1.1.4 (HKLM-x32\...\{D7C3E617-EB02-47B3-8D0E-BF3E00D873D5}) (Version: 1.1.4 - Oracle) MySQL Server 5.6 (HKLM\...\{23EEC459-9E65-4DCE-83B8-A1FDB44B9337}) (Version: 5.6.14 - Oracle Corporation) MySQL Utilities (HKLM-x32\...\{6A494EFD-CFC6-4534-9E14-26D3F7D888DE}) (Version: 1.3.4 - Oracle) MySQL Workbench 6.0 CE (HKLM-x32\...\{0B724473-51F5-49E8-958C-4BB3C0AAAF35}) (Version: 6.0.7 - Oracle Corporation) Node.js (HKLM\...\{5A050774-DD97-4FD5-A591-1D7A5BC80EB6}) (Version: 0.10.25 - Joyent, Inc. and other Node contributors) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team) On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.30.00 - ) OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation) Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA) Pencil (HKLM-x32\...\Pencil) (Version: - Evolus Co., Ltd.) Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Python 2.6 MySQL-python-1.2.4 (64-bit) (HKLM\...\MySQL-python-py2.6) (Version: - ) Python 2.6 pycrypto-2.6 (HKLM\...\pycrypto-py2.6) (Version: - ) Python 2.6.6 (64-bit) (HKLM\...\{6151cf20-0bd8-4023-a4a0-6a86dcfe58e6}) (Version: 2.6.6150 - Python Software Foundation) Python 2.7 MySQL-python-1.2.5 (HKLM-x32\...\MySQL-python-py2.7) (Version: - ) Python 2.7 pycrypto-2.6 (HKLM-x32\...\pycrypto-py2.7) (Version: - ) Python 2.7 pywin32-218 (HKLM\...\pywin32-py2.7) (Version: - ) Python 2.7.3 (64-bit) (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}) (Version: 2.7.3150 - Python Software Foundation) Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation) Reader for PC (HKLM-x32\...\{71FB3127-E6B2-4058-ACEE-99813554FAB6}) (Version: 2.2.00.11270 - Sony Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.) RICOH_Media_Driver_v2.25.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.25.18.01 - RICOH) Ruby 1.9.3-p484 (HKCU\...\{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1) (Version: 1.9.3-p484 - RubyInstaller Team) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) SecureWAMP Version 0.9 (HKLM-x32\...\SecureWAMP_is1) (Version: 0.9 - SRWare) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) SteuerBerater 2013-2014 (HKLM-x32\...\{AE03E8EC-4F04-46CA-BE9A-652D3ADCDDD4}) (Version: 1.00.9 - Akademische Arbeitsgemeinschaft) Steuer-Spar-Erklärung Plus 2013 (HKLM-x32\...\{D4A69FFE-B7F6-42B6-ACF3-3F238F9A26D8}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH) SteuerSparErklärung Plus 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.08.82 - Akademische Arbeitsgemeinschaft) SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9100 - Broadcom Corporation) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.9 - ) ThinkVantage Fingerprint Software (HKLM\...\{68D50088-CE92-4FF0-A220-D875E2E73151}) (Version: 6.0.0.8102 - Authentec Inc.) ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.50.7.0 - Lenovo Group Limited) VirtualDJ PRO Full (HKLM-x32\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows-Treiberpaket - Intel (ISCT) System (05/04/2012 1.0.7.0) (HKLM\...\C8CA88388A58C08FD1318BB111CC8BDC79A3B577) (Version: 05/04/2012 1.0.7.0 - Intel) Windows-Treiberpaket - Intel System (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel) Windows-Treiberpaket - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel) Windows-Treiberpaket - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel) Windows-Treiberpaket - Intel USB (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel) Windows-Treiberpaket - Lenovo 1.66.00.07 (08/15/2012 1.66.00.07) (HKLM\...\E56A6B34B44A7A597FFEBE0E14D81095E0FD4D73) (Version: 08/15/2012 1.66.00.07 - Lenovo) Windows-Treiberpaket - Synaptics (SmbDrv) System (10/17/2012 16.2.19.2) (HKLM\...\A77C050AE33CE8C74E71FDF8578DB13900B8A1F4) (Version: 10/17/2012 16.2.19.2 - Synaptics) Windows-Treiberpaket - Synaptics (SynTP) Mouse (10/17/2012 16.2.19.2) (HKLM\...\8305FD4F3A6C1E86A14473501EA23FDEB1382CB7) (Version: 10/17/2012 16.2.19.2 - Synaptics) Wuala (HKCU\...\Wuala) (Version: 1.0.444.0 - LaCie) Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2013-08-22 15:25 - 2014-01-28 23:26 - 00000848 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {00A26BF5-1C4E-4A9C-AD1B-7DA799057CD6} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-02-19] () Task: {03EA34FF-77D5-4D87-9AA6-A7FCD4E3046A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {05040E0F-4CB8-4E22-845B-7798C1A769AC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] () Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {17C1D7A6-41AB-467C-8D1D-0CF641A58ACB} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-02-19] (Lenovo) Task: {1EA2B1C3-C0FD-468A-923B-44926D048BC6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-19] (Lenovo) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {236838AF-387F-4264-A403-2E269F299619} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {26150182-E0D2-497F-9CE6-47C030318E31} - System32\Tasks\avast! Emergency Update => C:\Program Files\Avast\AvastEmUpdate.exe [2014-04-11] (AVAST Software) Task: {27EDFE9F-53CF-4A21-A143-13BF99A12BCF} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {38124D6E-2629-498F-AE4D-A0F9F0E6A46A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {39DF392E-27C1-47A6-83E6-70229406F612} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-272428205-3716622950-2856836198-1004UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-16] (Google Inc.) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3B797E74-4719-478E-88DE-D7D3DC506C40} - System32\Tasks\PMTask => C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe Task: {4277C1B5-2975-45BB-8CAB-9F5DD11C64EA} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] () Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4C947CA7-783B-4E0D-9FEE-31A8710F0492} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft) Task: {5E5CDFB6-D9F9-4575-9360-F01F21B28B85} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-31] (Microsoft Corporation) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {6F4A4356-9BBE-4ECA-A2FE-D64975599BD7} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {760F1DE7-7D13-4A35-B82C-F75589866CD8} - System32\Tasks\Lenovo\Lenovo-1186 => C:\ProgramData\Lenovo-1186.vbs [2013-05-24] () Task: {76AA3E8E-346C-42DB-A96A-58E83EAFAB52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-07] (Google Inc.) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7B0759BA-24B7-4275-A02C-C7990288F7BE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated) Task: {7DC2BE24-C40B-4BC6-AA7E-547F6C20CE10} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft Corporation) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8A762F45-E492-428C-84DB-16E04CA5B08D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-09-04] (Microsoft Corporation) Task: {8C756C7D-0D35-44A8-AF1C-C91F2408FAF2} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] () Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {B704EBC2-8F46-4CCD-BCC3-91C26B06175A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-272428205-3716622950-2856836198-1004Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-16] (Google Inc.) Task: {C7195611-6795-4336-BFC0-2DCE43BBA84A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-09-04] (Microsoft) Task: {C853B160-EDBA-41DA-AE1B-F09B6E9D6C85} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DA65A0D0-73FD-4D14-9166-682D2E0172CD} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-09-04] (Microsoft Corporation) Task: {DBC0AB1A-9E09-44C4-BFB8-5FFCFDCE5397} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {DE8419B9-B5A7-46F4-B90D-3C386868BBC4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-07] (Google Inc.) Task: {DFDDB27B-1C9A-4788-BFB0-3477D7B5BDF2} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {E7E4EB5C-BA89-42A7-A77A-9AFECD38C1CC} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)" Task: {E95123F5-4AB1-44D6-8D32-196796102A8C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-09-04] (Microsoft Corporation) Task: {EB95FBBD-9AB5-45C7-A2EE-37D4A1702822} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo) Task: {F9272B95-FB39-45F8-AF2F-46F33E563F52} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-29] (Synaptics Incorporated) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-272428205-3716622950-2856836198-1004Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-272428205-3716622950-2856836198-1004UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-09 11:23 - 2014-03-07 07:44 - 00117248 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.dll 2013-12-16 11:54 - 2013-12-16 11:54 - 00049368 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btwleapi.dll 2013-10-01 11:32 - 2013-10-01 11:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll 2014-02-07 18:15 - 2013-12-27 23:35 - 00721571 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll 2012-08-05 04:15 - 2012-08-05 04:15 - 00176640 _____ () C:\Program Files (x86)\KDiff3\diff_ext_for_kdiff3_64.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 02141040 _____ () C:\Program Files\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareShellExtension.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00685904 _____ () C:\Program Files\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 02595144 _____ () C:\Program Files\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll 2014-01-23 16:29 - 2014-01-23 16:29 - 00123776 _____ () C:\Program Files\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll 2014-01-23 16:30 - 2014-01-23 16:30 - 00024440 _____ () C:\Program Files\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll 2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2014-04-09 11:23 - 2014-03-07 07:44 - 00117248 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2014-05-04 10:28 - 2014-05-04 10:28 - 02252800 _____ () C:\Program Files\Avast\defs\14050400\algo.dll 2014-01-28 23:40 - 2012-11-05 03:21 - 00109056 _____ () C:\SecureWAMP\Apache2\bin\pcre.dll 2014-02-25 20:40 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-02-25 20:40 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-02-25 20:40 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-02-25 20:40 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-02-25 20:40 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2013-10-07 11:02 - 2011-07-13 11:10 - 00065576 ____R () C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\MBMDebug.dll 2014-03-26 18:02 - 2014-03-26 18:02 - 03305472 _____ () C:\Users\User\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll 2014-05-04 17:35 - 2014-05-04 17:35 - 00098816 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\win32api.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00110080 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\pywintypes27.dll 2014-05-04 17:35 - 2014-05-04 17:35 - 00364544 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\pythoncom27.dll 2014-05-04 17:35 - 2014-05-04 17:35 - 00044032 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\_socket.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 01157120 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\_ssl.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00320512 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\win32com.shell.shell.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00712192 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\_hashlib.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 01175040 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\wx._core_.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00805888 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\wx._gdi_.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00811008 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\wx._windows_.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 01062400 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\wx._controls_.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00735232 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\wx._misc_.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00128512 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\_elementtree.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00127488 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\pyexpat.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00557056 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\pysqlite2._sqlite.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00087040 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\_ctypes.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00119808 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\win32file.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00108544 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\win32security.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00018432 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\win32event.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00038912 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\win32inet.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00122368 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\wx._wizard.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00070656 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\wx._html2.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00026624 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\_multiprocessing.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00010240 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\select.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00024064 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\win32pipe.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00686080 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\unicodedata.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00025600 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\win32pdh.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00525640 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\windows._lib_cacheinvalidation.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00011264 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\win32crypt.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00035840 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\win32process.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00017408 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\win32profile.pyd 2014-05-04 17:35 - 2014-05-04 17:35 - 00022528 _____ () C:\Users\User\AppData\Local\Temp\_MEI80082\win32ts.pyd 2013-12-10 23:06 - 2013-12-10 23:06 - 10683392 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll 2013-12-10 23:06 - 2013-12-10 23:06 - 07741952 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\QtGui4.dll 2013-12-10 23:06 - 2013-12-10 23:06 - 01681408 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll 2013-12-10 23:06 - 2013-12-10 23:06 - 02248192 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\QtCore4.dll 2014-03-03 20:13 - 2014-03-03 20:13 - 00117248 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\libaacdec.dll 2014-03-03 20:13 - 2014-03-03 20:13 - 00231936 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll 2014-03-03 20:14 - 2014-03-03 20:14 - 00253440 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\libid3tag.dll 2014-03-03 20:13 - 2014-03-03 20:13 - 00344064 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll 2013-12-10 23:06 - 2013-12-10 23:06 - 00026624 _____ () C:\Users\User\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll 2013-10-20 22:28 - 2013-10-20 22:28 - 19336120 _____ () C:\Program Files\Avast\libcef.dll 2014-04-29 00:43 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll 2014-04-29 00:43 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll 2014-04-29 00:43 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll 2014-04-29 00:43 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll 2014-04-29 00:43 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll 2014-04-29 00:43 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll 2014-04-30 10:39 - 2014-04-30 10:39 - 03845232 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-08-08 00:00 - 2013-05-13 15:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-02-04 19:25 - 2014-02-04 19:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll 2014-02-04 19:28 - 2014-02-04 19:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2014-04-29 00:43 - 2014-04-24 02:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll 2011-07-18 23:07 - 2011-07-18 23:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll 2011-09-21 22:46 - 2011-09-21 22:46 - 01673728 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll 2013-10-01 12:00 - 2013-10-01 12:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\User\SkyDrive:ms-properties AlternateDataStreams: C:\Users\User\Documents\Amazon Downloader Logs:doo_pyOm24dT AlternateDataStreams: C:\Users\User\Documents\Assessment Center:doo_pyOm24dT AlternateDataStreams: C:\Users\User\Documents\Backup:doo_pyOm24dT AlternateDataStreams: C:\Users\User\Documents\Bluetooth-Exchange-Ordner:doo_pyOm24dT AlternateDataStreams: C:\Users\User\Documents\Chrome Bookmarks:doo_pyOm24dT AlternateDataStreams: C:\Users\User\Documents\Entwicklung:doo_pyOm24dT AlternateDataStreams: C:\Users\User\Documents\Finanzen:doo_pyOm24dT AlternateDataStreams: C:\Users\User\Documents\Gründung:doo_pyOm24dT AlternateDataStreams: C:\Users\User\Documents\Karriere:doo_pyOm24dT AlternateDataStreams: C:\Users\User\Documents\My Books:doo_pyOm24dT AlternateDataStreams: C:\Users\User\Documents\Steuerfälle:doo_pyOm24dT AlternateDataStreams: C:\Users\User\Documents\Thinkpad:doo_pyOm24dT AlternateDataStreams: C:\Users\User\Documents\VirtualDJ:doo_pyOm24dT ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78721183.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78721183.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/04/2014 05:54:49 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000011aa ID des fehlerhaften Prozesses: 0x187c Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0 Pfad der fehlerhaften Anwendung: Gmer-19357.exe1 Pfad des fehlerhaften Moduls: Gmer-19357.exe2 Berichtskennung: Gmer-19357.exe3 Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5 Error: (05/04/2014 05:49:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: THINKPAD_X1) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (05/04/2014 05:49:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: THINKPAD_X1) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (05/04/2014 05:34:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: THINKPAD_X1) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (05/04/2014 05:34:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: THINKPAD_X1) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (05/04/2014 05:34:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: THINKPAD_X1) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (05/04/2014 05:34:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: THINKPAD_X1) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (05/04/2014 05:34:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: THINKPAD_X1) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (05/04/2014 05:34:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: THINKPAD_X1) Description: Bei der Aktivierung der App „LenovoCorporation.LenovoSettings_4642shxvsv8s2!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (05/04/2014 05:34:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: THINKPAD_X1) Description: Bei der Aktivierung der App „LenovoCorporation.LenovoSettings_4642shxvsv8s2!App“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. System errors: ============= Error: (05/04/2014 05:44:51 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "pcicsa.sys" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (05/04/2014 05:28:49 PM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "THINKPAD_X1" auf Transport "NetBT_Tcpip_{7983155F-EC97-4F57-98CD-E0C40D80AEEF}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (05/04/2014 05:07:09 PM) (Source: disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (05/04/2014 05:07:09 PM) (Source: disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden. Error: (05/04/2014 05:06:57 PM) (Source: disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden. Error: (05/04/2014 05:06:57 PM) (Source: disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (05/04/2014 05:06:56 PM) (Source: disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (05/04/2014 05:06:56 PM) (Source: disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden. Error: (05/04/2014 05:06:56 PM) (Source: disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden. Error: (05/04/2014 05:06:56 PM) (Source: disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Microsoft Office Sessions: ========================= Error: (05/04/2014 05:54:49 PM) (Source: Application Error)(User: ) Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa187c01cf67b1263b32ffC:\Users\User\Desktop\Gmer-19357.exeC:\Users\User\Desktop\Gmer-19357.exe6be7ae50-d3a4-11e3-bf16-b8763fa784a8 Error: (05/04/2014 05:49:35 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: THINKPAD_X1) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284 Error: (05/04/2014 05:49:35 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: THINKPAD_X1) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284 Error: (05/04/2014 05:34:57 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: THINKPAD_X1) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284 Error: (05/04/2014 05:34:51 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: THINKPAD_X1) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284 Error: (05/04/2014 05:34:50 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: THINKPAD_X1) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284 Error: (05/04/2014 05:34:50 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: THINKPAD_X1) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284 Error: (05/04/2014 05:34:50 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: THINKPAD_X1) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284 Error: (05/04/2014 05:34:50 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: THINKPAD_X1) Description: LenovoCorporation.LenovoSettings_4642shxvsv8s2!App-2147009284 Error: (05/04/2014 05:34:50 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: THINKPAD_X1) Description: LenovoCorporation.LenovoSettings_4642shxvsv8s2!App-2147009284 CodeIntegrity Errors: =================================== Date: 2014-05-04 11:10:17.224 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-30 09:20:41.427 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-30 09:20:35.177 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-28 18:15:37.084 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-28 09:32:18.834 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-25 18:50:29.592 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-25 09:49:15.866 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-24 18:59:52.163 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-24 15:10:01.390 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-24 09:29:19.945 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 8010.86 MB Available physical RAM: 4885.55 MB Total Pagefile: 16202.86 MB Available Pagefile: 12842.37 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:209.94 GB) (Free:68.33 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (Backup) (Fixed) (Total:1397.26 GB) (Free:59.09 GB) NTFS Drive i: (My Passport) (Fixed) (Total:931.48 GB) (Free:302.96 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 224 GB) (Disk ID: EE7E26AF) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 0002CBBC) Partition 1: (Not Active) - (Size=-698722394112) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 00042ADA) Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
04.05.2014, 19:51 | #2 |
/// the machine /// TB-Ausbilder | Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand hi,
__________________ProcessExplorer als Ersatz für den Windows Taskmanager installieren Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden. Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt. Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).
__________________ |
05.05.2014, 08:55 | #3 |
| Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand Vielen Dank für die Antwort. Wie gesagt, ist der Unruhestifter der Dienst "DsmSvc", der Teil des Prozesses "svchost.exe" ist und scheinbar eng mit der Datei "ntdll.dll" in Zusammenhang steht. Im folgenden der Stack des Unruhestifter-Threads und ein Screenshots vom svchost im Process Explorer. Ich hoffe, dass diese Infos weiterhelfen.
__________________Stack for thread 5568 (DsmSvc) Code:
ATTFilter ntoskrnl.exe!KeSynchronizeExecution+0x2246 ntoskrnl.exe!KeRemoveQueueEx+0x108e ntoskrnl.exe!KeRemoveQueueEx+0xae9 ntoskrnl.exe!KeWaitForSingleObject+0x22a ntoskrnl.exe!KeSetBasePriorityThread+0x4ec ntoskrnl.exe!KeRemoveQueueEx+0x281d ntoskrnl.exe!KeSynchronizeExecution+0x4133 devrtl.DLL!NdxTableFirstObject+0x8c devrtl.DLL!NdxTableFirstObject+0x2d DeviceMetadataRetrievalClient.dll!DllGetClassObject+0x2636 DeviceMetadataRetrievalClient.dll!DllGetClassObject+0x2ece DeviceMetadataRetrievalClient.dll!DllGetClassObject+0xbc2 DeviceMetadataRetrievalClient.dll!DllGetClassObject+0x14272 DeviceMetadataRetrievalClient.dll!DllGetClassObject+0x100b1 DeviceMetadataRetrievalClient.dll!DllGetClassObject+0x10c3a combase.dll!StringFromCLSID+0x3ba5 combase.dll!StringFromCLSID+0x140f combase.dll!StringFromCLSID+0x3c9b combase.dll!StringFromCLSID+0x3932 combase.dll!StringFromCLSID+0x35b7 combase.dll!StringFromCLSID+0x38bf combase.dll!StringFromCLSID+0x39ca combase.dll!StringFromCLSID+0x140f combase.dll!StringFromCLSID+0x21e5 combase.dll!StringFromCLSID+0x140f combase.dll!StringFromCLSID+0x2053 combase.dll!CoUnmarshalInterface+0x1782 combase.dll!CoUnmarshalInterface+0x1de0 devicesetupmanager.dll!ServiceMain+0x294f devicesetupmanager.dll!ServiceMain+0x1a01 devicesetupmanager.dll+0x13ffd devicesetupmanager.dll+0x130f7 devicesetupmanager.dll!ServiceMain+0x7ed1 devicesetupmanager.dll+0x99f9 devicesetupmanager.dll+0x9973 ntdll.dll!RtlMultiByteToUnicodeN+0x3abf ntdll.dll!RtlMultiByteToUnicodeN+0x250a KERNEL32.DLL!BaseThreadInitThunk+0xd ntdll.dll!RtlUserThreadStart+0x1d |
05.05.2014, 16:52 | #4 |
/// the machine /// TB-Ausbilder | Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand Deinstalliere alles an Security Software, und entscheide dich für eines! Man nutz keine 2 AV Programme. Deinstalliere testweise bitte Acronis. Der Dienst wird von Datensicherungs-Tools benutzt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.05.2014, 10:18 | #5 |
| Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand Hallo Schrauber, ich nutze normalerweise nur Avast als Anti-Viren-, Spybot als Anit-Spyware- und Acronis als Backup-Programm. Die sollten sich eigentlich nicht gegenseitig behindern. Die anderen hatte ich aktuell nur zusätzlich draufgespielt, weil ich die Hoffnung hatte, dass Sie vielleicht etwas bezüglich meines Problems finden. Ich habe jetzt aber wie gefordert sämtliche derartigen Programme deinstalliert. Leider scheint es jedoch daran nicht gelegen zu haben. Nach wie vor beansprucht der Service "DsmSvc" konstant 23-25% an CPU-Auslastung (siehe Screenshot). Noch Ideen woran könnte es liegen? Oder ist die Beanspruchung durch diesen Prozess bei Windows 8.1 sogar vielleicht normal? Kann mir dann aber nicht wirklich erklären was dieser Dienst macht, wenn er durchgehen soviel Rechenleistung einfordert. Grüße, Norbert |
09.05.2014, 08:42 | #6 |
/// the machine /// TB-Ausbilder | Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand Nee normal ist das nicht. How to perform a clean boot in Windows Mach bitte mal nen Clean Boot, dann einzeln wieder Dienste aktivieren bis Du weißt welcher Dienst/welches Programm dafür verantwortlich ist.
__________________ --> Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand |
09.05.2014, 20:42 | #7 |
| Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand Hallo Schrauber, danke für Deine Antwort. Ich habe jetzt den Clean Boot gemacht, leider hatte dieser keine Auswirkungen (siehe Screenshots). Nach wie vor handelt es sich bei dem Unruhestifter um den Dienst "DsmSvc" (Anzeigename: Geräteinstallations-Manager, Pfad zur exe: C:\WINDOWS\system32\svchost.exe -k netsvcs). Trotz Clean Boot bleibt die gleiche konstante Auslastung bestehen, Non-Microsoft-Dienste scheinen also nicht der Grund zu sein. Weitere Ideen? Viele Grüße Norbert |
10.05.2014, 17:44 | #8 |
/// the machine /// TB-Ausbilder | Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand Windows Taste drücken, CMD eintippen. Wenn CMD erscheint, Rechtsklick als Admin Ausführen. Schreibe in das CMD Fenster: sc config DsmSvc start= demand und drücke Enter. CMD schliessen und rebooten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
11.05.2014, 11:31 | #9 |
| Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand Hallo Schrauber, auch das hat leider nichts genutzt. Der Dienst stand auch schon vorher auf Manuell und muss scheinbar direkt beim Start von einem anderen Dienst angestoßen werden (siehe Screenshot). Die Frage ist warum der Dienst von sich aus soviele Ressourcen beansprucht? Grüße Norbert |
12.05.2014, 11:01 | #10 |
/// the machine /// TB-Ausbilder | Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand Bitte poste nochmal ein frisches FRST log, mal schauen was alles an Software läuft.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.05.2014, 23:53 | #11 |
| Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand So, habe jetzt nochmal ein FRST log nach einem Clean Boot gemacht. Vielleicht gibt das ja Hinweise... Grüße Norbert FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014 Ran by User (administrator) on THINKPAD_X1 on 16-05-2014 00:42:24 Running from C:\Users\User\Desktop\Trojanerboard Platform: Windows 8.1 Pro (Update 1) (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (AVAST Software) C:\Program Files\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\LibStartStub.dll [74288 2014-03-04] (Lenovo Corporation) HKLM\...\Run: [LenovoNal] => C:\Program Files\Lenovo\Lenovo Peer Connect\NalService.exe [19960 2013-10-18] (Lenovo) HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [519408 2013-07-18] (Acronis) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-30] (Intel Corporation) HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1719456 2013-12-10] (SunplusIT, Inc.) HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-14] (Intel Corporation) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Avast\AvastUI.exe [3873704 2014-05-08] (AVAST Software) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7843744 2014-02-04] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1104616 2013-10-10] (Acronis International GmbH) Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-16] (Google Inc.) HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\Run: [Google+ Auto Backup] => C:\Users\User\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3701064 2014-03-26] (Google Inc.) HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google) HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\Run: [MusicManager] => C:\Users\User\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-04-24] (Google Inc.) HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\Run: [GoogleChromeAutoLaunch_BA09B07B8B80D23F626FFA7CBB47CC99] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-08] (Google Inc.) HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3485728 2013-09-11] (Hewlett-Packard Co.) HKU\S-1-5-21-272428205-3716622950-2856836198-1004\...\MountPoints2: {c0e0110d-8905-11e3-beca-b8763fa784a8} - "E:\start.exe" Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk ShortcutTarget: Biet-O-Matic.lnk -> C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk ShortcutTarget: Mediencenter.lnk -> C:\Users\User\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\younited.lnk ShortcutTarget: younited.lnk -> C:\Users\User\AppData\Local\F-Secure\younited\Application\younited.exe (F-Secure Corporation) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://127.0.0.1:8000/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM - DefaultScope {6DFBD600-698E-4452-994D-931E637AC187} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS SearchScopes: HKLM - {6DFBD600-698E-4452-994D-931E637AC187} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS SearchScopes: HKLM-x32 - {6DFBD600-698E-4452-994D-931E637AC187} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALCJS SearchScopes: HKCU - DefaultScope {6DFBD600-698E-4452-994D-931E637AC187} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKCU - {6DFBD600-698E-4452-994D-931E637AC187} URL = BHO: Deaktivierungs-Add-on für Browser von Google Analytics - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files\Google\Google Analytics Opt-Out\gaoptout_x64.dll (Google, Inc.) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Deaktivierungs-Add-on für Browser von Google Analytics - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChange\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDFXChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel) FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flash Video Downloader - Full HD Download - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\artur.dubovoy@gmail.com [2014-05-09] FF Extension: Aptana Debugger - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\debugger@aptana.com [2014-02-13] FF Extension: Page Speed - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-05-07] FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\firebug@software.joehewitt.com.xpi [2014-02-13] FF Extension: YSlow - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\yslow@yahoo-inc.com.xpi [2014-05-07] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2013-12-04] FF Extension: Biet-O-Matic Firefox Erweiterung - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2014-04-23] FF Extension: DownThemAll! - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\59trajgo.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-02-11] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-25] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Avast\WebRep\FF [2014-05-08] FF HKCU\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-03-12] Chrome: ======= CHR HomePage: CHR StartupUrls: "", "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={D3440791-4A1F-11E2-BA13-028037EC0200}", "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=48" CHR Extension: (BIODIGITAL HUMAN) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-05-04] CHR Extension: (Xmarks Bookmark Sync) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-05-04] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04] CHR Extension: (Turn Off the Lights) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-05-04] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-04] CHR Extension: (OneTab) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2014-05-04] CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-05-04] CHR Extension: (Spotify - Music for every moment) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-05-04] CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04] CHR Extension: (iLove Google Tasks (not by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\djagodlhefkdlmdhboaonegjldnomnnm [2014-05-04] CHR Extension: (Gmail offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-05-04] CHR Extension: (Google Kalender) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-05-04] CHR Extension: (Box - 10GB of FREE storage) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-05-04] CHR Extension: (ZenMate for Google Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-05-04] CHR Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2014-05-04] CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2014-05-04] CHR Extension: (ThinkVantage Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\geempcnjhccnoepfmahaeemnnfnignab [2014-05-04] CHR Extension: (avast! Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-08] CHR Extension: (Gantter for Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo [2014-05-04] CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-05-04] CHR Extension: (BeeLine Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifjafammaookpiajfbedmacfldaiamgg [2014-05-04] CHR Extension: (eBook Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiodggcinjkmjlciplimhpejdocioond [2014-05-04] CHR Extension: (Save to Pulse) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnghiiajfangdaolekmphkaohhcnklj [2014-05-04] CHR Extension: (Shareaholic für Google Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep [2014-05-04] CHR Extension: (Smooth Gestures) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2014-05-04] CHR Extension: (Google Maps) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-05-04] CHR Extension: (DSL speedtest) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibbfkdeofpfmkclkgjfnjppdblhpddj [2014-05-04] CHR Extension: (Google Mail-Checker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-05-04] CHR Extension: (Asana) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafkcmbfnknnkmbdbdhflbidiigecfln [2014-05-04] CHR Extension: (Better Google Tasks) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhddnkmimnokfjdlogacnfjfclgcdme [2014-05-04] CHR Extension: (Export for Trello) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhdelomnagopgaealggpgojkhcafhnin [2014-05-04] CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-05-04] CHR Extension: (Facebook Notifications) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2014-05-04] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04] CHR Extension: (Live Sports) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2014-05-04] CHR Extension: (imo free video calls and text) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2014-05-04] CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2014-05-04] CHR Extension: (Page Monitor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-05-04] CHR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-05-04] CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\User\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-03-21] CHR HKLM-x32\...\Chrome\Extension: [geempcnjhccnoepfmahaeemnnfnignab] - C:\Program Files (x86)\Lenovo\Password Manager\chrome_npapi_extension.crx [2014-03-27] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-08] ==================== Services (Whitelisted) ================= S4 AAV UpdateService; C:\Program Files (x86)\Steuer-Spar-Erklaerung Plus 2013\AAVUpdateManager\aavus.exe [128296 2008-10-24] () S4 ApacheServer; C:\SecureWAMP\Apache2\bin\httpd.exe [20992 2012-11-05] (Apache Software Foundation) R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [50344 2014-05-08] (AVAST Software) S4 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [573488 2014-03-04] (Lenovo Corporation) S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.) S4 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.) S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation) S4 Lenovo QuickSnip Service; C:\Program Files\lenovo\QuickSnipService\QuickSnipService.exe [235488 2012-12-14] (LENOVO INCORPORATED.) S4 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2085184 2014-03-10] (Lenovo Group Limited) S4 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [576992 2012-12-14] (LENOVO INCORPORATED.) S4 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [702512 2014-03-04] (Lenovo Corporation) S4 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) S4 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21496 2013-10-18] (Lenovo) S4 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [468288 2013-12-11] () S4 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] () R2 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14255 2013-10-25] () S4 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [59440 2013-12-16] (Lenovo Group Limited) S4 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [319024 2013-12-16] (Lenovo Group Limited) S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) S4 WMCoreService; C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\WMCore.exe [883472 2012-05-03] (Ericsson AB) S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-02] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-08] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-08] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-08] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-08] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-08] () R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 cbfs3; C:\WINDOWS\system32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R3 DisplayLinkUsbIo_x64; C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.48800.0.sys [44944 2013-10-17] () R3 dlcdcncm6_x64; C:\Windows\system32\DRIVERS\dlcdcncm6_x64.sys [80688 2013-10-07] (DisplayLink Corp.) R3 dlusbaudio; C:\Windows\system32\DRIVERS\dlusbaudio_x64.sys [203152 2013-10-07] (DisplayLink Corp.) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-10-27] (DT Soft Ltd) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] () S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation) R3 l36wgps; C:\Windows\system32\DRIVERS\l36wgps64.sys [102440 2012-01-13] (Ericsson AB) R3 l36wscard; C:\Windows\system32\DRIVERS\l36wscard.sys [61992 2011-08-17] (Ericsson AB) R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [27496 2012-07-30] (Lenovo) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-04] (Malwarebytes Corporation) R3 Mbm4bus; C:\Windows\System32\drivers\Mbm4bus.sys [159816 2011-08-22] (MCCI Corporation) R3 Mbm4mdfl; C:\Windows\system32\DRIVERS\Mbm4mdfl.sys [19528 2011-08-22] (MCCI Corporation) R3 Mbm4mdm; C:\Windows\system32\DRIVERS\Mbm4mdm.sys [179784 2011-08-22] (MCCI Corporation) R3 Mbm4mgmt; C:\Windows\system32\DRIVERS\Mbm4mgmt.sys [161864 2011-08-22] (MCCI Corporation) R3 Mbm4NNd5; C:\Windows\system32\DRIVERS\Mbm4NNd5.sys [33352 2011-08-22] (MCCI Corporation) R3 Mbm4NUn; C:\Windows\System32\drivers\Mbm4NUn.sys [194120 2011-08-22] (MCCI Corporation) S3 MbmLowExt; C:\Windows\System32\Drivers\MbmLowExt.sys [35840 2012-12-07] (Ericsson AB) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) S3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1514144 2013-12-10] (Sunplus) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-05-09] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-05-09] (Acronis International GmbH) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-16 00:06 - 2014-05-16 00:06 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-05-16 00:00 - 2014-05-16 00:00 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 2014-05-15 21:10 - 2014-05-15 21:11 - 04540729 _____ () C:\Users\User\Downloads\Dokumente_Schenkwerk.zip 2014-05-14 22:39 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-05-14 22:39 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-05-14 22:39 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-05-14 22:39 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-05-14 22:39 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2014-05-14 22:39 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-05-14 22:39 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2014-05-14 22:39 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2014-05-14 22:39 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-05-14 22:39 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2014-05-14 22:39 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2014-05-14 22:39 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-05-14 22:39 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-05-14 22:39 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-05-14 22:39 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-14 22:39 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-05-14 22:39 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-05-14 22:39 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-05-14 22:39 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-05-14 22:39 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-05-14 22:39 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-05-14 22:39 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-05-14 22:39 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-05-14 22:39 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-05-14 22:39 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-05-14 22:39 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-05-14 22:39 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-05-14 22:39 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-05-14 22:39 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-05-14 22:39 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-05-14 22:39 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-05-14 22:39 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-05-14 22:39 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-05-14 17:23 - 2014-05-14 17:23 - 00000000 ____D () C:\Users\User\Downloads\mailchimp-2.0.7.tar 2014-05-14 17:22 - 2014-05-14 17:22 - 00041581 _____ () C:\Users\User\Downloads\mailchimp-2.0.7.tar.gz 2014-05-14 15:30 - 2014-05-14 15:51 - 00000000 ____D () C:\Users\User\Downloads\mcapi2-python-examples-master 2014-05-14 15:29 - 2014-05-14 15:29 - 00034137 _____ () C:\Users\User\Downloads\mcapi2-python-examples-master.zip 2014-05-14 11:09 - 2014-05-14 11:09 - 00064556 _____ () C:\Users\User\Downloads\mcapi-simple-subscribe.zip 2014-05-13 11:47 - 2014-05-13 11:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\F-Secure 2014-05-13 11:47 - 2014-05-13 11:47 - 00000000 ____D () C:\ProgramData\F-Secure 2014-05-13 11:46 - 2014-05-16 00:13 - 00000000 ____D () C:\Users\User\younited 2014-05-13 11:46 - 2014-05-13 11:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\younited 2014-05-13 11:46 - 2014-05-13 11:46 - 00000000 ____D () C:\Users\User\AppData\Local\F-Secure 2014-05-13 11:45 - 2014-05-13 11:45 - 29075280 _____ (F-Secure Corporation) C:\Users\User\Downloads\younited.exe 2014-05-13 09:47 - 2014-05-13 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer 2014-05-13 09:47 - 2014-05-13 09:47 - 00000000 ____D () C:\Program Files\PDFXChange 2014-05-13 09:46 - 2014-05-13 09:46 - 16587248 _____ (Tracker Software Products Ltd ) C:\Users\User\Downloads\PDFX142Vwer.exe 2014-05-12 13:00 - 2014-05-12 13:00 - 00007715 _____ () C:\Users\User\AppData\Local\recently-used.xbel 2014-05-10 22:23 - 2014-05-13 09:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-09 20:33 - 2014-05-09 20:50 - 00000000 ____D () C:\Users\User\Desktop\Tippspiel 2014-05-09 12:43 - 2014-05-09 12:43 - 00001074 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk 2014-05-09 12:43 - 2014-05-09 12:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\inkscape 2014-05-09 12:40 - 2014-05-09 12:44 - 00000000 ____D () C:\Program Files (x86)\Inkscape 2014-05-09 12:22 - 2014-05-09 12:23 - 34702513 _____ (inkscape.org) C:\Users\User\Downloads\inkscape-0.48.4-1-win32.exe 2014-05-09 11:51 - 2014-05-09 11:51 - 00000000 ____D () C:\Users\User\Downloads\cs_manager 2014-05-09 11:50 - 2014-05-09 11:50 - 00788430 _____ () C:\Users\User\Downloads\cs_manager.zip 2014-05-09 11:50 - 2014-05-09 11:50 - 00000810 _____ () C:\Users\User\Downloads\_Gruppe_.svg 2014-05-09 00:56 - 2014-05-09 00:57 - 00000000 ____D () C:\ProgramData\Acronis 2014-05-09 00:56 - 2014-05-09 00:56 - 01464096 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tdrpman.sys 2014-05-09 00:56 - 2014-05-09 00:56 - 01120032 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib.sys 2014-05-09 00:56 - 2014-05-09 00:56 - 00367200 _____ (Acronis) C:\WINDOWS\system32\Drivers\afcdp.sys 2014-05-09 00:56 - 2014-05-09 00:56 - 00269600 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\snapman.sys 2014-05-09 00:56 - 2014-05-09 00:56 - 00198432 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib_mounter.sys 2014-05-09 00:56 - 2014-05-09 00:56 - 00116000 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv.sys 2014-05-09 00:56 - 2014-05-09 00:56 - 00001228 _____ () C:\Users\Public\Desktop\Acronis True Image 2014.lnk 2014-05-09 00:56 - 2014-05-09 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis 2014-05-09 00:56 - 2014-05-09 00:56 - 00000000 ____D () C:\Program Files (x86)\Acronis 2014-05-09 00:01 - 2014-05-09 00:05 - 00000000 ____D () C:\Users\User\Desktop\Acronis True Image 2014 - 3PCs Family Pack (Download) 2014-05-08 19:49 - 2014-05-08 19:49 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-05-08 19:49 - 2014-05-08 19:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-05-08 19:49 - 2014-05-08 19:49 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-05-08 19:49 - 2014-05-08 19:49 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-05-08 19:49 - 2014-05-08 19:49 - 00000000 ____D () C:\Program Files (x86)\Java 2014-05-08 19:33 - 2014-05-08 19:32 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-05-08 19:33 - 2014-05-08 19:32 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-05-08 19:33 - 2014-05-08 19:32 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-05-08 19:33 - 2014-05-08 19:32 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-05-08 19:32 - 2014-05-08 19:32 - 00000000 ____D () C:\Program Files\Java 2014-05-08 19:31 - 2014-05-08 19:32 - 29164456 _____ (Oracle Corporation) C:\Users\User\Downloads\jre-7u55-windows-i586.exe 2014-05-08 19:12 - 2014-05-08 19:13 - 39187992 _____ (Foxit Corporation ) C:\Users\User\Downloads\FoxitReader620.0429_enu_Setup.exe 2014-05-08 19:11 - 2014-05-08 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-05-08 19:11 - 2014-05-08 19:11 - 00000000 ____D () C:\Program Files\7-Zip 2014-05-08 15:34 - 2014-05-08 15:41 - 00002255 _____ () C:\Users\User\.kdiff3rc 2014-05-08 15:33 - 2014-05-08 15:33 - 00000000 ____D () C:\Program Files\KDiff3 2014-05-08 15:31 - 2014-05-08 15:32 - 10126581 _____ () C:\Users\User\Downloads\KDiff3-64bit-Setup_0.9.97.exe 2014-05-08 11:27 - 2014-05-15 19:37 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys 2014-05-08 11:27 - 2014-05-08 11:27 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-05-08 11:27 - 2014-05-08 11:27 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-05-08 11:25 - 2014-05-12 12:41 - 00004152 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-05-08 11:24 - 2014-05-08 11:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software 2014-05-08 11:23 - 2014-05-15 19:37 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-05-08 11:23 - 2014-05-15 19:37 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-05-08 11:23 - 2014-05-08 11:27 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1400175448546 2014-05-08 11:23 - 2014-05-08 11:27 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1400175448546 2014-05-08 11:23 - 2014-05-08 11:27 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-05-08 11:23 - 2014-05-08 11:27 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-05-08 11:23 - 2014-05-08 11:27 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2014-05-08 11:23 - 2014-05-08 11:27 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-05-08 11:23 - 2014-05-08 11:27 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-05-08 11:23 - 2014-05-08 11:23 - 00409832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1399541033 2014-05-08 11:23 - 2014-05-08 11:23 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-05-08 11:23 - 2014-05-08 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-05-08 11:23 - 2014-05-08 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-05-08 11:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2014-05-08 11:22 - 2014-05-16 00:34 - 00000000 ____D () C:\Program Files\Avast 2014-05-07 22:11 - 2014-05-07 22:11 - 00000085 _____ () C:\WINDOWS\wininit.ini 2014-05-07 21:01 - 2014-05-07 21:01 - 00001228 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\I.R.I.S. Resource Center.lnk 2014-05-07 18:24 - 2014-05-07 18:24 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-05-07 18:23 - 2014-05-14 18:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate 2014-05-07 18:23 - 2014-05-07 18:23 - 00003626 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8620 2014-05-07 18:23 - 2014-05-07 18:23 - 00000984 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk 2014-05-07 18:23 - 2014-05-07 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-05-07 18:23 - 2013-09-11 08:07 - 00762400 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM7012.dll 2014-05-07 18:22 - 2014-05-07 18:23 - 00000000 ____D () C:\Program Files (x86)\HP 2014-05-07 18:22 - 2014-05-07 18:22 - 00000000 ____D () C:\ProgramData\HP 2014-05-07 18:21 - 2014-05-07 18:21 - 00000057 _____ () C:\ProgramData\Ament.ini 2014-05-07 18:21 - 2014-05-07 18:21 - 00000000 ____D () C:\Program Files\HP 2014-05-07 18:20 - 2014-05-11 23:35 - 00000000 ____D () C:\Users\User\AppData\Local\HP 2014-05-07 13:26 - 2014-05-07 13:26 - 04908421 _____ () C:\Users\User\Downloads\page-speed.xpi 2014-05-06 17:28 - 2014-05-06 17:28 - 00000000 ____D () C:\schenkwerk 2014-05-05 15:44 - 2014-05-05 15:44 - 00055668 _____ () C:\Users\User\Downloads\pip-Win_1.6 (1).exe 2014-05-05 03:22 - 2014-05-05 03:22 - 00000000 ____D () C:\WINDOWS\Microsoft Antimalware 2014-05-04 20:13 - 2014-05-16 00:42 - 00000000 ____D () C:\Users\User\Desktop\Trojanerboard 2014-05-04 17:52 - 2014-05-16 00:42 - 00000000 ____D () C:\FRST 2014-05-04 17:49 - 2014-05-04 17:49 - 00000000 _____ () C:\Users\User\defogger_reenable 2014-05-04 16:35 - 2014-05-04 16:35 - 00870424 _____ (Microsoft Corporation) C:\Users\User\Downloads\mssstool64.exe 2014-05-04 16:22 - 2014-05-04 16:22 - 01313617 _____ () C:\Users\User\Downloads\adwcleaner.exe 2014-05-04 15:57 - 2014-05-04 16:07 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-05-04 15:51 - 2014-05-04 15:51 - 26747104 _____ (Microsoft Corporation) C:\Users\User\Downloads\Windows-KB890830-x64-V5.11.exe 2014-05-04 15:46 - 2014-05-04 15:51 - 00000000 ____D () C:\Users\User\Downloads\TDSSKiller 2014-05-04 15:46 - 2014-05-04 15:46 - 04143997 _____ () C:\Users\User\Downloads\tdsskiller (1).zip 2014-05-04 15:45 - 2014-05-04 15:45 - 04143997 _____ () C:\Users\User\Downloads\tdsskiller.zip 2014-05-04 15:45 - 2014-05-04 15:45 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe 2014-05-04 12:47 - 2014-05-04 12:47 - 20089041 _____ () C:\Users\User\Downloads\nirsoft_package_1.18.56.zip 2014-05-04 12:16 - 2014-05-04 12:16 - 00000000 ____D () C:\Users\User\Documents\ProcAlyzer Dumps 2014-05-04 12:11 - 2014-05-04 12:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\LavasoftStatistics 2014-05-04 11:45 - 2014-05-04 11:45 - 01727624 _____ () C:\Users\User\Downloads\Adaware_Installer_11.1.5354.exe 2014-05-04 11:45 - 2014-05-04 11:45 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-04 11:00 - 2014-05-04 11:01 - 00000000 ____D () C:\Program Files (x86)\Integrated Camera 2014-04-30 18:23 - 2014-04-30 18:23 - 00000000 ____D () C:\Python 2014-04-30 18:21 - 2014-04-30 18:21 - 00055668 _____ () C:\Users\User\Downloads\pip-Win_1.6.exe 2014-04-30 18:11 - 2014-05-05 15:04 - 00000000 ____D () C:\Python27 2014-04-30 17:23 - 2014-04-30 17:23 - 00445199 _____ () C:\Users\User\Downloads\pip-1.4.1 (1).tar.gz 2014-04-30 17:05 - 2014-04-30 17:05 - 07327755 _____ () C:\Users\User\Downloads\pywin32-218.win-amd64-py2.7.exe 2014-04-30 17:05 - 2012-10-27 16:34 - 00008704 _____ () C:\WINDOWS\system32\pythoncomloader27.dll 2014-04-30 17:05 - 2012-10-27 16:29 - 00503808 _____ () C:\WINDOWS\system32\pythoncom27.dll 2014-04-30 17:05 - 2012-10-27 16:27 - 00137728 _____ () C:\WINDOWS\system32\pywintypes27.dll 2014-04-30 17:01 - 2014-04-30 17:01 - 00000951 _____ () C:\Users\User\Downloads\README (1).txt 2014-04-30 16:57 - 2014-04-30 16:57 - 00000951 _____ () C:\Users\User\Downloads\README.txt 2014-04-30 16:22 - 2014-04-30 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7 2014-04-29 20:52 - 2014-04-29 20:52 - 00844148 _____ () C:\WINDOWS\system32\setuptools-3.4.4.zip 2014-04-29 19:44 - 2014-04-29 19:44 - 00844148 _____ () C:\Users\User\setuptools-3.4.4.zip 2014-04-29 19:25 - 2014-04-29 19:25 - 00000000 ____D () C:\Users\User\Downloads\pip-1.4.1.tar 2014-04-29 18:50 - 2014-04-29 18:51 - 00844148 _____ () C:\Users\User\Downloads\setuptools-3.4.4.zip 2014-04-29 17:35 - 2014-04-29 17:35 - 16420864 _____ () C:\Users\User\Downloads\python-2.7.3.amd64.msi 2014-04-29 01:05 - 2014-05-11 12:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\MusicBee 2014-04-29 01:05 - 2014-04-29 01:05 - 00001030 _____ () C:\Users\Lenovo\Desktop\MusicBee.lnk 2014-04-29 01:05 - 2014-04-29 01:05 - 00001030 _____ () C:\Users\Guest\Desktop\MusicBee.lnk 2014-04-29 01:05 - 2014-04-29 01:05 - 00001030 _____ () C:\Users\Administrator\Desktop\MusicBee.lnk 2014-04-29 01:05 - 2014-04-29 01:05 - 00000000 ____D () C:\Users\User\Downloads\MusicBeeSetup_2_3 2014-04-29 01:05 - 2014-04-29 01:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee 2014-04-29 01:05 - 2014-04-29 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee 2014-04-29 01:05 - 2014-04-29 01:05 - 00000000 ____D () C:\Program Files (x86)\MusicBee 2014-04-29 01:04 - 2014-04-29 01:05 - 15842223 _____ () C:\Users\User\Downloads\MusicBeeSetup_2_3.zip 2014-04-29 00:31 - 2014-04-29 00:31 - 00344414 _____ () C:\Users\User\Downloads\foo_simplaylist_manager.zip 2014-04-29 00:31 - 2014-04-29 00:31 - 00000000 ____D () C:\Users\User\Downloads\foo_simplaylist_manager 2014-04-29 00:24 - 2014-04-29 00:24 - 00106257 _____ () C:\Users\User\Downloads\foo_playcount.fb2k-component 2014-04-29 00:22 - 2014-04-29 00:22 - 00000000 ____D () C:\Users\User\Downloads\foo_quicktag 2014-04-29 00:21 - 2014-04-29 00:21 - 00100155 _____ () C:\Users\User\Downloads\foo_quicktag.zip 2014-04-28 01:04 - 2014-04-28 01:05 - 00000000 ____D () C:\Users\User\Downloads\foo_ui_columns-0.3.8.8 2014-04-28 01:04 - 2014-04-28 01:04 - 00568086 _____ () C:\Users\User\Downloads\foo_ui_columns-0.3.8.8.7z 2014-04-28 00:23 - 2014-04-28 00:23 - 00323403 _____ (Holger Stenger) C:\Users\User\Downloads\foo_comserver2-0.7-setup (1).exe 2014-04-28 00:07 - 2014-04-28 00:07 - 00323403 _____ (Holger Stenger) C:\Users\User\Downloads\foo_comserver2-0.7-setup.exe 2014-04-28 00:06 - 2014-04-28 00:06 - 00000000 ____D () C:\Users\User\AppData\Local\AlbumArtDownloader 2014-04-28 00:05 - 2014-04-28 00:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Album Art Downloader 2014-04-28 00:05 - 2014-04-28 00:05 - 00000000 ____D () C:\Program Files\AlbumArtDownloader 2014-04-28 00:03 - 2014-04-28 00:03 - 00896213 _____ () C:\Users\User\Downloads\AlbumArtDownloaderXUI-1.01.exe 2014-04-27 23:55 - 2014-05-07 10:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\foobar2000 2014-04-27 23:55 - 2014-04-28 00:09 - 00000000 ____D () C:\Program Files (x86)\foobar2000 2014-04-27 23:55 - 2014-04-27 23:55 - 00001136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk 2014-04-27 23:54 - 2014-04-27 23:54 - 03767984 _____ (foobar2000.org) C:\Users\User\Downloads\foobar2000_v1.3.2.exe 2014-04-27 22:03 - 2014-05-11 12:51 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mp3tag 2014-04-25 12:02 - 2014-05-16 00:36 - 00000000 ___RD () C:\Users\User\Mediencenter 2014-04-25 12:00 - 2014-04-25 12:00 - 00001198 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediencenter.lnk 2014-04-25 12:00 - 2014-04-25 12:00 - 00000000 ____D () C:\Users\User\AppData\Local\Telekom 2014-04-25 11:59 - 2014-04-25 11:59 - 02573688 _____ () C:\Users\User\Downloads\mediencenter_pc_sync.exe 2014-04-25 11:59 - 2014-04-25 11:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Telekom 2014-04-23 19:35 - 2014-04-23 19:35 - 00000000 ____D () C:\Users\User\AppData\Local\.distlib 2014-04-23 19:22 - 2014-04-23 19:22 - 01563245 _____ () C:\Users\User\Downloads\get-pip.py 2014-04-23 16:02 - 2014-04-23 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag 2014-04-23 16:02 - 2014-04-23 16:02 - 00000000 ____D () C:\Program Files (x86)\Mp3tag 2014-04-23 15:55 - 2014-04-23 15:56 - 02638704 _____ () C:\Users\User\Downloads\mp3tagv259asetup.exe 2014-04-23 15:37 - 2014-04-23 15:37 - 00000000 ____D () C:\Users\User\Downloads\django-zurb-foundation-5.1.1.tar 2014-04-23 15:32 - 2014-04-23 15:32 - 00148360 _____ () C:\Users\User\Downloads\foundation-latest.zip 2014-04-23 15:25 - 2014-04-23 15:25 - 00299362 _____ () C:\Users\User\Downloads\django-zurb-foundation-5.1.1.tar.gz 2014-04-23 14:42 - 2014-04-23 14:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager 2014-04-23 14:41 - 2014-04-23 14:41 - 00884672 _____ (Google Inc.) C:\Users\User\Downloads\musicmanagerinstaller.exe 2014-04-23 01:01 - 2014-04-23 01:01 - 00001048 _____ () C:\Users\User\Desktop\Biet-O-Matic.lnk 2014-04-23 00:59 - 2014-04-23 01:01 - 00000000 ____D () C:\Program Files (x86)\Biet-O-Matic 2014-04-23 00:59 - 2014-04-23 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic 2014-04-23 00:59 - 2003-01-07 02:22 - 00015873 _____ () C:\WINDOWS\SysWOW64\Inetde.dll 2014-04-23 00:59 - 2000-12-05 23:00 - 00109248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Mswinsck.ocx 2014-04-23 00:59 - 2000-10-01 23:00 - 00125712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vb6de.dll 2014-04-23 00:59 - 2000-05-22 15:58 - 00115920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinet.ocx 2014-04-23 00:59 - 2000-05-21 23:00 - 01066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Mscomctl.ocx 2014-04-23 00:59 - 2000-04-03 19:06 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winskde.dll 2014-04-23 00:59 - 2000-04-03 19:05 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msstdfmt.dll 2014-04-23 00:59 - 1999-07-14 13:07 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdftde.dll 2014-04-23 00:59 - 1998-07-05 23:00 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Mscmcde.dll 2014-04-23 00:59 - 1998-07-05 23:00 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Tabctde.dll 2014-04-23 00:59 - 1998-06-23 23:00 - 00209192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Tabctl32.ocx 2014-04-23 00:57 - 2014-04-23 00:57 - 04653537 _____ () C:\Users\User\Downloads\BOM21412_setup.exe 2014-04-21 17:49 - 2014-04-21 17:49 - 00000000 ____D () C:\Users\User\Downloads\Django-1.4.5.tar 2014-04-21 17:47 - 2014-04-21 17:47 - 07735582 _____ () C:\Users\User\Downloads\Django-1.4.5.tar.gz 2014-04-21 17:19 - 2014-04-21 17:19 - 00000000 ____D () C:\Users\User\Downloads\__MACOSX 2014-04-21 17:18 - 2014-04-21 17:18 - 00846200 _____ () C:\Users\User\Downloads\Git_Cheat_Sheet_all.zip 2014-04-21 12:28 - 2014-04-21 12:28 - 00000000 ____D () C:\Users\User\Downloads\Django-1.6.2.tar 2014-04-21 12:13 - 2014-04-21 12:13 - 06615116 _____ () C:\Users\User\Downloads\Django-1.6.2.tar.gz 2014-04-21 00:28 - 2014-04-21 00:28 - 00972594 _____ () C:\Users\User\Downloads\pycrypto-2.6.win32-py2.7.exe 2014-04-21 00:21 - 2014-04-21 00:21 - 00000000 ____D () C:\Users\User\Downloads\pycrypto-2.6.1.tar 2014-04-21 00:20 - 2014-04-21 00:20 - 00446240 _____ () C:\Users\User\Downloads\pycrypto-2.6.1.tar.gz 2014-04-21 00:11 - 2014-04-21 00:11 - 00987143 _____ () C:\Users\User\Downloads\MySQL-python-1.2.5.win32-py2.7.exe 2014-04-20 18:23 - 2014-04-21 00:31 - 00000000 ____D () C:\Program Files (x86)\Python27 2014-04-20 18:18 - 2014-04-20 18:22 - 15867904 _____ () C:\Users\User\Downloads\python-2.7.3.msi 2014-04-19 00:04 - 2014-04-19 00:04 - 00000000 ____D () C:\ProgramData\McAfee 2014-04-18 21:09 - 2014-05-04 11:54 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-04-18 21:09 - 2014-04-18 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-18 21:07 - 2014-04-18 21:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004 (2).exe 2014-04-18 21:06 - 2014-04-18 21:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-04-18 21:05 - 2014-04-18 21:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-18 21:02 - 2014-04-18 21:02 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\SpyHunter-Installer (3).exe 2014-04-18 21:02 - 2014-04-18 21:02 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\SpyHunter-Installer (2).exe 2014-04-18 21:02 - 2014-04-18 21:02 - 00707664 _____ (iS3, Inc.) C:\Users\User\Downloads\SZSetup_AID10121_AV (2).exe 2014-04-18 21:01 - 2014-04-18 21:01 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\SpyHunter-Installer (1).exe 2014-04-18 21:01 - 2014-04-18 21:01 - 00707664 _____ (iS3, Inc.) C:\Users\User\Downloads\SZSetup_AID10121_AV (1).exe 2014-04-18 19:38 - 2014-04-18 19:38 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\SpyHunter-Installer.exe 2014-04-18 19:38 - 2014-04-18 19:38 - 00707664 _____ (iS3, Inc.) C:\Users\User\Downloads\SZSetup_AID10121_AV.exe ==================== One Month Modified Files and Folders ======= 2014-05-16 00:42 - 2014-05-04 20:13 - 00000000 ____D () C:\Users\User\Desktop\Trojanerboard 2014-05-16 00:42 - 2014-05-04 17:52 - 00000000 ____D () C:\FRST 2014-05-16 00:41 - 2013-10-17 22:30 - 00000000 __RDO () C:\Users\User\SkyDrive 2014-05-16 00:41 - 2013-10-17 22:19 - 01477454 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-16 00:41 - 2013-10-17 22:13 - 00043257 _____ () C:\WINDOWS\system32\lvcoinst.log 2014-05-16 00:41 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-16 00:41 - 2013-08-07 23:14 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-16 00:41 - 2013-05-24 16:03 - 00904634 _____ () C:\WINDOWS\system32\perfh007.dat 2014-05-16 00:41 - 2013-05-24 16:03 - 00194308 _____ () C:\WINDOWS\system32\perfc007.dat 2014-05-16 00:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-05-16 00:40 - 2013-08-07 23:33 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-272428205-3716622950-2856836198-1004 2014-05-16 00:36 - 2014-04-25 12:02 - 00000000 ___RD () C:\Users\User\Mediencenter 2014-05-16 00:36 - 2013-08-08 00:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2014-05-16 00:35 - 2013-12-31 00:59 - 00000000 ___RD () C:\Users\User\Google Drive Business 2014-05-16 00:35 - 2013-08-22 16:44 - 00369904 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-05-16 00:34 - 2014-05-08 11:22 - 00000000 ____D () C:\Program Files\Avast 2014-05-16 00:33 - 2013-08-26 22:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\KeePass 2014-05-16 00:25 - 2014-03-26 23:35 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-05-16 00:20 - 2013-12-16 19:55 - 00001152 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-272428205-3716622950-2856836198-1004UA.job 2014-05-16 00:13 - 2014-05-13 11:46 - 00000000 ____D () C:\Users\User\younited 2014-05-16 00:06 - 2014-05-16 00:06 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-05-16 00:00 - 2014-05-16 00:00 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 2014-05-16 00:00 - 2013-08-08 00:56 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-05-15 23:46 - 2013-08-07 23:14 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-15 21:11 - 2014-05-15 21:10 - 04540729 _____ () C:\Users\User\Downloads\Dokumente_Schenkwerk.zip 2014-05-15 20:20 - 2013-12-16 19:55 - 00001100 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-272428205-3716622950-2856836198-1004Core.job 2014-05-15 19:41 - 2013-09-30 06:04 - 01974020 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-05-15 19:37 - 2014-05-08 11:27 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys 2014-05-15 19:37 - 2014-05-08 11:23 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2014-05-15 19:37 - 2014-05-08 11:23 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-05-15 13:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-05-15 10:32 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates 2014-05-15 10:31 - 2014-02-06 18:30 - 00000000 ____D () C:\Users\User\AppData\Local\Aptana Studio 3 2014-05-15 09:53 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-05-15 09:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-05-15 09:46 - 2013-10-17 22:15 - 00000000 ____D () C:\Users\User 2014-05-15 09:46 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-05-15 09:46 - 2013-08-08 00:16 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-05-15 09:46 - 2013-08-07 22:56 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-05-14 18:49 - 2014-05-07 18:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\HpUpdate 2014-05-14 17:23 - 2014-05-14 17:23 - 00000000 ____D () C:\Users\User\Downloads\mailchimp-2.0.7.tar 2014-05-14 17:22 - 2014-05-14 17:22 - 00041581 _____ () C:\Users\User\Downloads\mailchimp-2.0.7.tar.gz 2014-05-14 15:51 - 2014-05-14 15:30 - 00000000 ____D () C:\Users\User\Downloads\mcapi2-python-examples-master 2014-05-14 15:29 - 2014-05-14 15:29 - 00034137 _____ () C:\Users\User\Downloads\mcapi2-python-examples-master.zip 2014-05-14 11:09 - 2014-05-14 11:09 - 00064556 _____ () C:\Users\User\Downloads\mcapi-simple-subscribe.zip 2014-05-13 20:25 - 2014-03-26 23:35 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-05-13 14:18 - 2013-10-25 15:35 - 00963584 ___SH () C:\Users\User\Desktop\Thumbs.db 2014-05-13 11:47 - 2014-05-13 11:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\F-Secure 2014-05-13 11:47 - 2014-05-13 11:47 - 00000000 ____D () C:\ProgramData\F-Secure 2014-05-13 11:46 - 2014-05-13 11:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\younited 2014-05-13 11:46 - 2014-05-13 11:46 - 00000000 ____D () C:\Users\User\AppData\Local\F-Secure 2014-05-13 11:46 - 2013-08-07 22:13 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-13 11:45 - 2014-05-13 11:45 - 29075280 _____ (F-Secure Corporation) C:\Users\User\Downloads\younited.exe 2014-05-13 10:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-05-13 09:51 - 2014-05-10 22:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-13 09:47 - 2014-05-13 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer 2014-05-13 09:47 - 2014-05-13 09:47 - 00000000 ____D () C:\Program Files\PDFXChange 2014-05-13 09:46 - 2014-05-13 09:46 - 16587248 _____ (Tracker Software Products Ltd ) C:\Users\User\Downloads\PDFX142Vwer.exe 2014-05-12 13:00 - 2014-05-12 13:00 - 00007715 _____ () C:\Users\User\AppData\Local\recently-used.xbel 2014-05-12 12:41 - 2014-05-08 11:25 - 00004152 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-05-11 23:35 - 2014-05-07 18:20 - 00000000 ____D () C:\Users\User\AppData\Local\HP 2014-05-11 12:51 - 2014-04-27 22:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mp3tag 2014-05-11 12:42 - 2014-04-29 01:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\MusicBee 2014-05-11 12:32 - 2014-03-21 12:14 - 00000000 ____D () C:\Program Files (x86)\wscc2.2.1.5 2014-05-11 12:24 - 2013-09-09 12:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-11 12:23 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-05-10 21:50 - 2013-09-10 11:36 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-05-09 20:50 - 2014-05-09 20:33 - 00000000 ____D () C:\Users\User\Desktop\Tippspiel 2014-05-09 20:45 - 2014-03-13 12:38 - 00000000 ____D () C:\Users\User\Documents\Ausbildung 2014-05-09 20:45 - 2014-01-12 17:37 - 00378880 ___SH () C:\Users\User\Downloads\Thumbs.db 2014-05-09 12:44 - 2014-05-09 12:40 - 00000000 ____D () C:\Program Files (x86)\Inkscape 2014-05-09 12:43 - 2014-05-09 12:43 - 00001074 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk 2014-05-09 12:43 - 2014-05-09 12:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\inkscape 2014-05-09 12:23 - 2014-05-09 12:22 - 34702513 _____ (inkscape.org) C:\Users\User\Downloads\inkscape-0.48.4-1-win32.exe 2014-05-09 11:51 - 2014-05-09 11:51 - 00000000 ____D () C:\Users\User\Downloads\cs_manager 2014-05-09 11:50 - 2014-05-09 11:50 - 00788430 _____ () C:\Users\User\Downloads\cs_manager.zip 2014-05-09 11:50 - 2014-05-09 11:50 - 00000810 _____ () C:\Users\User\Downloads\_Gruppe_.svg 2014-05-09 09:48 - 2014-03-23 01:44 - 00361530 _____ () C:\WINDOWS\PFRO.log 2014-05-09 00:57 - 2014-05-09 00:56 - 00000000 ____D () C:\ProgramData\Acronis 2014-05-09 00:56 - 2014-05-09 00:56 - 01464096 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tdrpman.sys 2014-05-09 00:56 - 2014-05-09 00:56 - 01120032 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib.sys 2014-05-09 00:56 - 2014-05-09 00:56 - 00367200 _____ (Acronis) C:\WINDOWS\system32\Drivers\afcdp.sys 2014-05-09 00:56 - 2014-05-09 00:56 - 00269600 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\snapman.sys 2014-05-09 00:56 - 2014-05-09 00:56 - 00198432 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\tib_mounter.sys 2014-05-09 00:56 - 2014-05-09 00:56 - 00116000 _____ (Acronis International GmbH) C:\WINDOWS\system32\Drivers\fltsrv.sys 2014-05-09 00:56 - 2014-05-09 00:56 - 00001228 _____ () C:\Users\Public\Desktop\Acronis True Image 2014.lnk 2014-05-09 00:56 - 2014-05-09 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis 2014-05-09 00:56 - 2014-05-09 00:56 - 00000000 ____D () C:\Program Files (x86)\Acronis 2014-05-09 00:05 - 2014-05-09 00:01 - 00000000 ____D () C:\Users\User\Desktop\Acronis True Image 2014 - 3PCs Family Pack (Download) 2014-05-08 22:33 - 2014-03-21 12:16 - 00007669 _____ () C:\WINDOWS\setupact.log 2014-05-08 19:50 - 2013-11-10 16:17 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-08 19:49 - 2014-05-08 19:49 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-05-08 19:49 - 2014-05-08 19:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-05-08 19:49 - 2014-05-08 19:49 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-05-08 19:49 - 2014-05-08 19:49 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-05-08 19:49 - 2014-05-08 19:49 - 00000000 ____D () C:\Program Files (x86)\Java 2014-05-08 19:32 - 2014-05-08 19:33 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-05-08 19:32 - 2014-05-08 19:33 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-05-08 19:32 - 2014-05-08 19:33 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-05-08 19:32 - 2014-05-08 19:33 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2014-05-08 19:32 - 2014-05-08 19:32 - 00000000 ____D () C:\Program Files\Java 2014-05-08 19:32 - 2014-05-08 19:31 - 29164456 _____ (Oracle Corporation) C:\Users\User\Downloads\jre-7u55-windows-i586.exe 2014-05-08 19:13 - 2014-05-08 19:12 - 39187992 _____ (Foxit Corporation ) C:\Users\User\Downloads\FoxitReader620.0429_enu_Setup.exe 2014-05-08 19:11 - 2014-05-08 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-05-08 19:11 - 2014-05-08 19:11 - 00000000 ____D () C:\Program Files\7-Zip 2014-05-08 15:41 - 2014-05-08 15:34 - 00002255 _____ () C:\Users\User\.kdiff3rc 2014-05-08 15:33 - 2014-05-08 15:33 - 00000000 ____D () C:\Program Files\KDiff3 2014-05-08 15:32 - 2014-05-08 15:31 - 10126581 _____ () C:\Users\User\Downloads\KDiff3-64bit-Setup_0.9.97.exe 2014-05-08 11:27 - 2014-05-08 11:27 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-05-08 11:27 - 2014-05-08 11:27 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-05-08 11:27 - 2014-05-08 11:23 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1400175448546 2014-05-08 11:27 - 2014-05-08 11:23 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1400175448546 2014-05-08 11:27 - 2014-05-08 11:23 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-05-08 11:27 - 2014-05-08 11:23 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-05-08 11:27 - 2014-05-08 11:23 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2014-05-08 11:27 - 2014-05-08 11:23 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-05-08 11:27 - 2014-05-08 11:23 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-05-08 11:24 - 2014-05-08 11:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software 2014-05-08 11:23 - 2014-05-08 11:23 - 00409832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1399541033 2014-05-08 11:23 - 2014-05-08 11:23 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-05-08 11:23 - 2014-05-08 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-05-08 11:23 - 2014-05-08 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-05-08 11:23 - 2014-02-25 20:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-05-08 11:23 - 2014-02-25 20:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-05-08 11:21 - 2013-10-20 22:27 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-05-08 10:55 - 2014-03-13 10:27 - 00007598 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2014-05-07 22:11 - 2014-05-07 22:11 - 00000085 _____ () C:\WINDOWS\wininit.ini 2014-05-07 21:01 - 2014-05-07 21:01 - 00001228 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\I.R.I.S. Resource Center.lnk 2014-05-07 20:15 - 2013-12-16 19:55 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-272428205-3716622950-2856836198-1004UA 2014-05-07 20:15 - 2013-12-16 19:55 - 00003722 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-272428205-3716622950-2856836198-1004Core 2014-05-07 18:24 - 2014-05-07 18:24 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-05-07 18:23 - 2014-05-07 18:23 - 00003626 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8620 2014-05-07 18:23 - 2014-05-07 18:23 - 00000984 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk 2014-05-07 18:23 - 2014-05-07 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-05-07 18:23 - 2014-05-07 18:22 - 00000000 ____D () C:\Program Files (x86)\HP 2014-05-07 18:22 - 2014-05-07 18:22 - 00000000 ____D () C:\ProgramData\HP 2014-05-07 18:21 - 2014-05-07 18:21 - 00000057 _____ () C:\ProgramData\Ament.ini 2014-05-07 18:21 - 2014-05-07 18:21 - 00000000 ____D () C:\Program Files\HP 2014-05-07 13:26 - 2014-05-07 13:26 - 04908421 _____ () C:\Users\User\Downloads\page-speed.xpi 2014-05-07 12:07 - 2014-02-05 15:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\npm-cache 2014-05-07 12:07 - 2014-02-05 15:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\npm 2014-05-07 10:26 - 2014-04-27 23:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\foobar2000 2014-05-06 17:28 - 2014-05-06 17:28 - 00000000 ____D () C:\schenkwerk 2014-05-06 06:40 - 2014-05-14 22:39 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-05-06 05:25 - 2014-05-14 22:39 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-05-06 05:00 - 2014-05-14 22:39 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-14 22:39 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-05-06 00:47 - 2013-08-08 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-05-06 00:41 - 2013-08-07 23:14 - 00004108 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-06 00:41 - 2013-08-07 23:14 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-05 15:44 - 2014-05-05 15:44 - 00055668 _____ () C:\Users\User\Downloads\pip-Win_1.6 (1).exe 2014-05-05 15:04 - 2014-04-30 18:11 - 00000000 ____D () C:\Python27 2014-05-05 03:22 - 2014-05-05 03:22 - 00000000 ____D () C:\WINDOWS\Microsoft Antimalware 2014-05-04 17:49 - 2014-05-04 17:49 - 00000000 _____ () C:\Users\User\defogger_reenable 2014-05-04 17:32 - 2013-08-07 22:19 - 00002982 _____ () C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements 2014-05-04 17:31 - 2013-08-14 08:17 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe 2014-05-04 17:31 - 2013-08-14 08:17 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe 2014-05-04 17:31 - 2013-08-14 08:17 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe 2014-05-04 17:31 - 2013-08-14 08:17 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe 2014-05-04 17:31 - 2013-08-14 08:17 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe 2014-05-04 17:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp 2014-05-04 17:16 - 2014-03-22 00:12 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Spotify 2014-05-04 16:40 - 2014-02-12 21:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent 2014-05-04 16:35 - 2014-05-04 16:35 - 00870424 _____ (Microsoft Corporation) C:\Users\User\Downloads\mssstool64.exe 2014-05-04 16:22 - 2014-05-04 16:22 - 01313617 _____ () C:\Users\User\Downloads\adwcleaner.exe 2014-05-04 16:07 - 2014-05-04 15:57 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-05-04 15:51 - 2014-05-04 15:51 - 26747104 _____ (Microsoft Corporation) C:\Users\User\Downloads\Windows-KB890830-x64-V5.11.exe 2014-05-04 15:51 - 2014-05-04 15:46 - 00000000 ____D () C:\Users\User\Downloads\TDSSKiller 2014-05-04 15:46 - 2014-05-04 15:46 - 04143997 _____ () C:\Users\User\Downloads\tdsskiller (1).zip 2014-05-04 15:45 - 2014-05-04 15:45 - 04143997 _____ () C:\Users\User\Downloads\tdsskiller.zip 2014-05-04 15:45 - 2014-05-04 15:45 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe 2014-05-04 14:26 - 2013-08-08 00:01 - 00002960 _____ () C:\WINDOWS\System32\Tasks\PMTask 2014-05-04 14:21 - 2013-07-01 10:59 - 00000000 ____D () C:\Users\User\Documents\Backup 2014-05-04 14:18 - 2013-05-24 06:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo 2014-05-04 14:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Registration 2014-05-04 12:47 - 2014-05-04 12:47 - 20089041 _____ () C:\Users\User\Downloads\nirsoft_package_1.18.56.zip 2014-05-04 12:16 - 2014-05-04 12:16 - 00000000 ____D () C:\Users\User\Documents\ProcAlyzer Dumps 2014-05-04 12:11 - 2014-05-04 12:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\LavasoftStatistics 2014-05-04 11:54 - 2014-04-18 21:09 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-05-04 11:45 - 2014-05-04 11:45 - 01727624 _____ () C:\Users\User\Downloads\Adaware_Installer_11.1.5354.exe 2014-05-04 11:45 - 2014-05-04 11:45 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-05-04 11:01 - 2014-05-04 11:00 - 00000000 ____D () C:\Program Files (x86)\Integrated Camera 2014-05-01 22:30 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-05-01 22:30 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-30 18:23 - 2014-04-30 18:23 - 00000000 ____D () C:\Python 2014-04-30 18:21 - 2014-04-30 18:21 - 00055668 _____ () C:\Users\User\Downloads\pip-Win_1.6.exe 2014-04-30 18:11 - 2014-04-30 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7 2014-04-30 17:23 - 2014-04-30 17:23 - 00445199 _____ () C:\Users\User\Downloads\pip-1.4.1 (1).tar.gz 2014-04-30 17:05 - 2014-04-30 17:05 - 07327755 _____ () C:\Users\User\Downloads\pywin32-218.win-amd64-py2.7.exe 2014-04-30 17:01 - 2014-04-30 17:01 - 00000951 _____ () C:\Users\User\Downloads\README (1).txt 2014-04-30 16:57 - 2014-04-30 16:57 - 00000951 _____ () C:\Users\User\Downloads\README.txt 2014-04-30 15:16 - 2013-09-09 12:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla 2014-04-30 14:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp 2014-04-29 20:52 - 2014-04-29 20:52 - 00844148 _____ () C:\WINDOWS\system32\setuptools-3.4.4.zip 2014-04-29 19:44 - 2014-04-29 19:44 - 00844148 _____ () C:\Users\User\setuptools-3.4.4.zip 2014-04-29 19:25 - 2014-04-29 19:25 - 00000000 ____D () C:\Users\User\Downloads\pip-1.4.1.tar 2014-04-29 18:51 - 2014-04-29 18:50 - 00844148 _____ () C:\Users\User\Downloads\setuptools-3.4.4.zip 2014-04-29 17:35 - 2014-04-29 17:35 - 16420864 _____ () C:\Users\User\Downloads\python-2.7.3.amd64.msi 2014-04-29 01:05 - 2014-04-29 01:05 - 00001030 _____ () C:\Users\Lenovo\Desktop\MusicBee.lnk 2014-04-29 01:05 - 2014-04-29 01:05 - 00001030 _____ () C:\Users\Guest\Desktop\MusicBee.lnk 2014-04-29 01:05 - 2014-04-29 01:05 - 00001030 _____ () C:\Users\Administrator\Desktop\MusicBee.lnk 2014-04-29 01:05 - 2014-04-29 01:05 - 00000000 ____D () C:\Users\User\Downloads\MusicBeeSetup_2_3 2014-04-29 01:05 - 2014-04-29 01:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee 2014-04-29 01:05 - 2014-04-29 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee 2014-04-29 01:05 - 2014-04-29 01:05 - 00000000 ____D () C:\Program Files (x86)\MusicBee 2014-04-29 01:05 - 2014-04-29 01:04 - 15842223 _____ () C:\Users\User\Downloads\MusicBeeSetup_2_3.zip 2014-04-29 00:31 - 2014-04-29 00:31 - 00344414 _____ () C:\Users\User\Downloads\foo_simplaylist_manager.zip 2014-04-29 00:31 - 2014-04-29 00:31 - 00000000 ____D () C:\Users\User\Downloads\foo_simplaylist_manager 2014-04-29 00:24 - 2014-04-29 00:24 - 00106257 _____ () C:\Users\User\Downloads\foo_playcount.fb2k-component 2014-04-29 00:22 - 2014-04-29 00:22 - 00000000 ____D () C:\Users\User\Downloads\foo_quicktag 2014-04-29 00:21 - 2014-04-29 00:21 - 00100155 _____ () C:\Users\User\Downloads\foo_quicktag.zip 2014-04-28 01:05 - 2014-04-28 01:04 - 00000000 ____D () C:\Users\User\Downloads\foo_ui_columns-0.3.8.8 2014-04-28 01:04 - 2014-04-28 01:04 - 00568086 _____ () C:\Users\User\Downloads\foo_ui_columns-0.3.8.8.7z 2014-04-28 00:23 - 2014-04-28 00:23 - 00323403 _____ (Holger Stenger) C:\Users\User\Downloads\foo_comserver2-0.7-setup (1).exe 2014-04-28 00:09 - 2014-04-27 23:55 - 00000000 ____D () C:\Program Files (x86)\foobar2000 2014-04-28 00:07 - 2014-04-28 00:07 - 00323403 _____ (Holger Stenger) C:\Users\User\Downloads\foo_comserver2-0.7-setup.exe 2014-04-28 00:06 - 2014-04-28 00:06 - 00000000 ____D () C:\Users\User\AppData\Local\AlbumArtDownloader 2014-04-28 00:06 - 2014-04-28 00:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Album Art Downloader 2014-04-28 00:05 - 2014-04-28 00:05 - 00000000 ____D () C:\Program Files\AlbumArtDownloader 2014-04-28 00:03 - 2014-04-28 00:03 - 00896213 _____ () C:\Users\User\Downloads\AlbumArtDownloaderXUI-1.01.exe 2014-04-27 23:55 - 2014-04-27 23:55 - 00001136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk 2014-04-27 23:54 - 2014-04-27 23:54 - 03767984 _____ (foobar2000.org) C:\Users\User\Downloads\foobar2000_v1.3.2.exe 2014-04-27 18:31 - 2011-09-27 21:37 - 00000000 ____D () C:\Users\User\Documents\Steuerfälle 2014-04-25 12:00 - 2014-04-25 12:00 - 00001198 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediencenter.lnk 2014-04-25 12:00 - 2014-04-25 12:00 - 00000000 ____D () C:\Users\User\AppData\Local\Telekom 2014-04-25 11:59 - 2014-04-25 11:59 - 02573688 _____ () C:\Users\User\Downloads\mediencenter_pc_sync.exe 2014-04-25 11:59 - 2014-04-25 11:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Telekom 2014-04-24 19:41 - 2013-08-26 22:42 - 00000000 ___RD () C:\Users\User\Dropbox 2014-04-24 19:41 - 2013-08-26 22:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox 2014-04-23 19:35 - 2014-04-23 19:35 - 00000000 ____D () C:\Users\User\AppData\Local\.distlib 2014-04-23 19:22 - 2014-04-23 19:22 - 01563245 _____ () C:\Users\User\Downloads\get-pip.py 2014-04-23 16:02 - 2014-04-23 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag 2014-04-23 16:02 - 2014-04-23 16:02 - 00000000 ____D () C:\Program Files (x86)\Mp3tag 2014-04-23 15:56 - 2014-04-23 15:55 - 02638704 _____ () C:\Users\User\Downloads\mp3tagv259asetup.exe 2014-04-23 15:37 - 2014-04-23 15:37 - 00000000 ____D () C:\Users\User\Downloads\django-zurb-foundation-5.1.1.tar 2014-04-23 15:32 - 2014-04-23 15:32 - 00148360 _____ () C:\Users\User\Downloads\foundation-latest.zip 2014-04-23 15:25 - 2014-04-23 15:25 - 00299362 _____ () C:\Users\User\Downloads\django-zurb-foundation-5.1.1.tar.gz 2014-04-23 14:42 - 2014-04-23 14:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager 2014-04-23 14:42 - 2013-08-07 23:14 - 00000000 ____D () C:\Users\User\AppData\Local\Google 2014-04-23 14:41 - 2014-04-23 14:41 - 00884672 _____ (Google Inc.) C:\Users\User\Downloads\musicmanagerinstaller.exe 2014-04-23 01:01 - 2014-04-23 01:01 - 00001048 _____ () C:\Users\User\Desktop\Biet-O-Matic.lnk 2014-04-23 01:01 - 2014-04-23 00:59 - 00000000 ____D () C:\Program Files (x86)\Biet-O-Matic 2014-04-23 00:59 - 2014-04-23 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic 2014-04-23 00:57 - 2014-04-23 00:57 - 04653537 _____ () C:\Users\User\Downloads\BOM21412_setup.exe 2014-04-22 17:31 - 2013-08-27 15:36 - 00000000 ____D () C:\Users\User\Entwicklung 2014-04-22 11:03 - 2014-03-12 22:41 - 00000146 _____ () C:\WINDOWS\launchpw.cmd 2014-04-22 11:02 - 2014-03-12 22:40 - 00001577 _____ () C:\WINDOWS\Delfg.cmd 2014-04-22 11:02 - 2014-03-12 22:40 - 00000006 _____ () C:\WINDOWS\systemtype.txt 2014-04-22 11:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Help 2014-04-22 11:02 - 2013-05-24 06:23 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools 2014-04-22 11:02 - 2013-05-24 06:23 - 00000000 ____D () C:\WINDOWS\Downloaded Installations 2014-04-22 11:02 - 2011-06-11 01:15 - 05522768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc100u.dll 2014-04-21 17:49 - 2014-04-21 17:49 - 00000000 ____D () C:\Users\User\Downloads\Django-1.4.5.tar 2014-04-21 17:47 - 2014-04-21 17:47 - 07735582 _____ () C:\Users\User\Downloads\Django-1.4.5.tar.gz 2014-04-21 17:19 - 2014-04-21 17:19 - 00000000 ____D () C:\Users\User\Downloads\__MACOSX 2014-04-21 17:18 - 2014-04-21 17:18 - 00846200 _____ () C:\Users\User\Downloads\Git_Cheat_Sheet_all.zip 2014-04-21 12:28 - 2014-04-21 12:28 - 00000000 ____D () C:\Users\User\Downloads\Django-1.6.2.tar 2014-04-21 12:13 - 2014-04-21 12:13 - 06615116 _____ () C:\Users\User\Downloads\Django-1.6.2.tar.gz 2014-04-21 00:31 - 2014-04-20 18:23 - 00000000 ____D () C:\Program Files (x86)\Python27 2014-04-21 00:28 - 2014-04-21 00:28 - 00972594 _____ () C:\Users\User\Downloads\pycrypto-2.6.win32-py2.7.exe 2014-04-21 00:21 - 2014-04-21 00:21 - 00000000 ____D () C:\Users\User\Downloads\pycrypto-2.6.1.tar 2014-04-21 00:20 - 2014-04-21 00:20 - 00446240 _____ () C:\Users\User\Downloads\pycrypto-2.6.1.tar.gz 2014-04-21 00:11 - 2014-04-21 00:11 - 00987143 _____ () C:\Users\User\Downloads\MySQL-python-1.2.5.win32-py2.7.exe 2014-04-20 18:22 - 2014-04-20 18:18 - 15867904 _____ () C:\Users\User\Downloads\python-2.7.3.msi 2014-04-19 00:30 - 2013-08-07 22:27 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe 2014-04-19 00:04 - 2014-04-19 00:04 - 00000000 ____D () C:\ProgramData\McAfee 2014-04-18 21:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\addins 2014-04-18 21:09 - 2014-04-18 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-18 21:07 - 2014-04-18 21:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004 (2).exe 2014-04-18 21:06 - 2014-04-18 21:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004 (1).exe 2014-04-18 21:06 - 2014-04-18 21:05 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-18 21:02 - 2014-04-18 21:02 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\SpyHunter-Installer (3).exe 2014-04-18 21:02 - 2014-04-18 21:02 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\SpyHunter-Installer (2).exe 2014-04-18 21:02 - 2014-04-18 21:02 - 00707664 _____ (iS3, Inc.) C:\Users\User\Downloads\SZSetup_AID10121_AV (2).exe 2014-04-18 21:01 - 2014-04-18 21:01 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\SpyHunter-Installer (1).exe 2014-04-18 21:01 - 2014-04-18 21:01 - 00707664 _____ (iS3, Inc.) C:\Users\User\Downloads\SZSetup_AID10121_AV (1).exe 2014-04-18 19:38 - 2014-04-18 19:38 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\SpyHunter-Installer.exe 2014-04-18 19:38 - 2014-04-18 19:38 - 00707664 _____ (iS3, Inc.) C:\Users\User\Downloads\SZSetup_AID10121_AV.exe Files to move or delete: ==================== C:\ProgramData\Lenovo-1186.vbs Some content of TEMP: ==================== C:\Users\Guest\AppData\Local\Temp\ICReinstall_ZipSetup.exe C:\Users\User\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe C:\Users\User\AppData\Local\Temp\Foxit Updater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-15 19:58 ==================== End Of Log ============================ --- --- --- |
16.05.2014, 12:58 | #12 | |
/// the machine /// TB-Ausbilder | Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im RuhezustandZitat:
Also selbst bei Clean Boot ist die Auslastung immer noch da?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
18.05.2014, 13:50 | #13 |
| Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand hxxp://127.0.0.1:8000 ist der lokale Server zum Testen von erstellten Webseiten. Dieser wird aber nicht beim Hochfahren gestartet. Auch beim Clean Boot bleibt die Auslastung des Dienstes "DsmSvC" konstant auf gleicher Höhe. Viele Grüße Norbert |
19.05.2014, 09:34 | #14 |
/// the machine /// TB-Ausbilder | Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand Mach mal nen Refresh von 8.1 oder 8, wenn Du auf 8.1 nen Update gemacht hast.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.05.2014, 10:33 | #15 |
| Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand Ich hatte gehofft, dass ich einen Refresh oder ähnliches vermeiden könnte. Aktuell habe ich nicht die Zeit und Nerven dazu alle Programme neu zu installieren, werde das dann aber wohl bei nächster Gelegenheit irgendwann tun müssen. Aktuell werde ich den Dienst "DsmSvc" einfach deaktivieren und hoffen, dass mir dieses nicht anderweitige Probleme verursacht. Momentan scheint aber alles auch ohne diesen reibungslos zu laufen. Trotzdem noch vielen Dank für Deine Hilfe. Grüße Norbert |
Themen zu Windows 8.1: Dienst "Geräteinstallations-Manager" (DsmSvc) beansprucht 20-30% CPU-Auslastung im Ruhezustand |
ad-aware, antivirus, anzeigename, browser, downloader, error, excel, exe, fcupdateservice.exe, feedback, firefox, flash player, google, google analytics, homepage, hängt, lightning, mozilla, popup, problem, proxy, pwmtr64v.dll, realtek, registry, remotecomputer, scan, security, software, speedtest, svchost.exe, system, taskmanager, windows |