| |
| |||||||
Log-Analyse und Auswertung: ThinkPad plötzlich extrem langsam geworden - Ursachen unbekanntWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.06.2013, 10:37
| #1 |
 |  ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt Hallo, ich habe den Lenovo ThinkPad E530 (ca. 8 Monate alt). - Prozessor: Intel (R) Core (TM) i5-3210M CPU @ 2.50GHz 2.50GHz - Arbeitsspeicher: 16 GB - WIN 7 (64bit), Service Pack 1 Der Laptop lief bis vor ein paar Tagen super. WIN Firewall, Spybot und AVG Virenscanner waren immer aktiv. Nachdem ich Back-up machen wollte (externe Festplatte), ist der Laptop auf einmal extrem langsam geworden. Z.B. beim Surfen (Firefox), Emails öffnen (Thunderbird), Dokumente öffnen/schließen, Explorer usw. Es gibt aber auch wieder Phasen wo der PC normal funktioniert. Manchmal stockt der Rechner auch ein bis zwei Sekunden. Habe mir viele Foren durchgelesen und folgendes gemacht: 1. Festplatte gesäubert/bereinigt 2. AVG Virenscanner ersetzt durch Antivirus (kompletten Scan durchgeführt, kein Fund bis auf ein verstecktes Objekt) 3. Spybot kompletter Scan 4. CCleaner (Cleaner und Registry verwendet und alles bereinigt) 5. Alle Festplatten defragmentiert Dennoch ist der Laptop immer noch phasenweise wirklich langsam und stockt. Hat sich also nichts verändert. Woran kann das liegen? Ich wäre für eure Hilfe sehr dankbar, da der PC mein Arbeitsgerät ist. LG, Daniel PS: Hier die Log files: OTL OTL logfile created on: 22.06.2013 22:17:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16618) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,60 Gb Total Physical Memory | 13,27 Gb Available Physical Memory | 85,07% Memory free 31,21 Gb Paging File | 28,73 Gb Available in Paging File | 92,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 235,91 Gb Total Space | 153,83 Gb Free Space | 65,21% Space Free | Partition Type: NTFS Drive E: | 210,81 Gb Total Space | 140,18 Gb Free Space | 66,50% Space Free | Partition Type: NTFS Drive Q: | 17,58 Gb Total Space | 4,82 Gb Free Space | 27,43% Space Free | Partition Type: NTFS Computer Name: DANIEL-THINK | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.22 22:15:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Downloads\OTL.exe PRC - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.12 14:59:15 | 000,155,488 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe PRC - [2012.06.01 20:49:06 | 000,179,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe PRC - [2012.06.01 20:49:00 | 000,290,160 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe PRC - [2012.06.01 20:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2012.06.01 20:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2012.05.15 23:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE PRC - [2012.04.23 15:03:52 | 000,046,816 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe PRC - [2012.04.13 18:06:42 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.03.27 08:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.03.27 08:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2012.03.27 08:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.03.27 08:01:56 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2012.03.07 00:49:18 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.03.07 00:49:16 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.03.07 00:49:08 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.03.07 00:49:04 | 000,163,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2012.01.25 09:44:56 | 000,567,360 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2012.01.17 08:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe PRC - [2011.12.29 12:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011.07.12 09:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2011.01.07 12:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe PRC - [2010.08.31 14:56:16 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.02.10 09:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.01.10 12:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.07.12 14:59:16 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll MOD - [2012.07.12 14:59:16 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll MOD - [2012.07.12 14:59:16 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll MOD - [2012.07.12 14:59:15 | 000,891,392 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll MOD - [2012.07.12 14:59:15 | 000,339,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll MOD - [2012.07.12 14:59:15 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll MOD - [2012.07.12 14:59:15 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll MOD - [2012.07.12 14:59:15 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ServiceManagerStarter.dll MOD - [2012.07.12 14:59:15 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll MOD - [2012.07.12 14:59:15 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll MOD - [2012.07.12 14:59:14 | 002,281,984 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll MOD - [2012.07.12 14:59:14 | 000,446,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\DeviceProfile.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.06.08 17:07:16 | 000,201,376 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:64bit: - [2012.04.11 09:27:06 | 000,047,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2011.12.28 22:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.12 15:20:55 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.26 17:53:36 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.11 15:30:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.08.27 13:32:34 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Daniel\AppData\Local\Temp\7zS5A00\hpslpsvc64.dll -- (HPSLPSVC) SRV - [2012.06.25 08:19:50 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.06.01 20:49:06 | 000,179,568 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM) SRV - [2012.06.01 20:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2012.06.01 20:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2012.05.29 15:27:14 | 000,144,992 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc) SRV - [2012.05.15 23:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc) SRV - [2012.05.15 23:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2012.04.23 15:03:52 | 000,046,816 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe -- (Intel(R) SRV - [2012.03.27 08:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.03.27 08:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012.03.27 08:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012.03.07 00:49:18 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.03.07 00:49:16 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.03.07 00:49:08 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.03.07 00:49:04 | 000,163,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012.02.26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.02.26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.02.26 05:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.02.26 05:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.01.17 16:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.01.17 08:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService) SRV - [2012.01.09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.12.29 12:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2011.07.12 09:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011.07.12 09:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.07.12 09:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.01.07 12:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService) SRV - [2010.08.31 14:56:16 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.10 09:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008.01.10 12:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.10 12:02:21 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013.03.06 16:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 16:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.02 16:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.11.01 22:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012.08.30 21:14:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.15 15:52:37 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.23 22:48:02 | 000,148,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2012.06.25 08:19:38 | 014,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.06.21 04:46:46 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.06.19 21:32:20 | 000,431,928 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.06.19 21:32:20 | 000,027,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel) DRV:64bit: - [2012.06.14 17:25:26 | 001,608,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2012.05.15 23:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2012.04.13 18:06:42 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.04.13 18:06:42 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.04.13 18:06:42 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.04.11 09:27:04 | 000,042,280 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2012.03.28 13:16:48 | 000,216,704 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2012.03.21 11:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012.02.20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.02.13 09:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012.02.13 08:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2012.01.09 12:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.01.09 12:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.12.28 22:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2011.12.26 11:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011.12.23 14:37:12 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.12.20 17:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.12.20 17:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.12.08 23:06:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.12.08 23:06:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.12.07 18:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd) DRV:64bit: - [2011.11.10 11:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.27 04:27:52 | 000,259,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.29 12:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.03.26 16:07:06 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.ftp: "46.20.119.251" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "46.20.119.251" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "46.20.119.251" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "46.20.119.251" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 23:21:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 23:21:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.16 14:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2013.06.22 21:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\a5h4ukrt.default\extensions [2013.05.29 11:42:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\a5h4ukrt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.02.10 10:55:07 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\a5h4ukrt.default\extensions\stealthyextension@gmail.com.xpi [2013.06.22 21:53:44 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\a5h4ukrt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.03.23 19:56:30 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\a5h4ukrt.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013.05.08 23:20:46 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\a5h4ukrt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.26 17:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.05.26 17:53:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2012.10.04 18:00:33 | 000,444,411 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15262 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe (Intel Corporation) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FEEB0D7-0DEA-4DF0-8037-2793A895C2E9}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F798EB68-4EAA-4C4B-9EA3-441D270B44AB}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk Q:\ O33 - MountPoints2\{115083b4-e68d-11e1-8f3e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{115083b4-e68d-11e1-8f3e-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011.12.15 05:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{2d87b759-0e2a-11e2-984b-685d43f55b03}\Shell - "" = AutoRun O33 - MountPoints2\{2d87b759-0e2a-11e2-984b-685d43f55b03}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.21 08:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2013.06.20 11:26:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Avira [2013.06.20 11:24:18 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.20 11:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.06.20 11:22:32 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.06.20 11:22:32 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.06.20 11:22:32 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.06.20 11:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.06.20 11:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.06.20 10:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.06.20 10:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.06.02 10:37:40 | 000,000,000 | ---D | C] -- C:\Output [2013.06.02 10:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 To MP3 Converter [2013.06.02 10:22:59 | 000,000,000 | ---D | C] -- C:\MP4ToMP3Converter [2013.05.26 17:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.22 22:17:41 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.22 22:17:41 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.22 22:14:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.22 22:14:35 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.22 22:14:35 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.22 22:14:35 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.22 22:14:35 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.22 22:11:19 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.06.22 22:09:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.22 22:09:43 | 3975,614,462 | -HS- | M] () -- C:\hiberfil.sys [2013.06.22 22:08:10 | 000,000,020 | ---- | M] () -- C:\Users\Daniel\defogger_reenable [2013.06.22 22:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.22 14:40:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.22 14:40:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.21 15:45:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.06.20 13:05:27 | 000,023,232 | ---- | M] () -- C:\Users\Daniel\Documents\cc_20130620_130518.reg [2013.06.20 11:24:04 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.20 11:22:40 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.20 11:01:59 | 000,112,730 | ---- | M] () -- C:\Users\Daniel\Documents\cc_20130620_110146.reg [2013.06.20 10:58:47 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.22 22:08:06 | 000,000,020 | ---- | C] () -- C:\Users\Daniel\defogger_reenable [2013.06.22 14:40:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.22 14:40:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.20 13:05:23 | 000,023,232 | ---- | C] () -- C:\Users\Daniel\Documents\cc_20130620_130518.reg [2013.06.20 11:22:40 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.20 11:01:53 | 000,112,730 | ---- | C] () -- C:\Users\Daniel\Documents\cc_20130620_110146.reg [2013.06.20 10:58:47 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.10 12:13:40 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2012.10.24 10:05:51 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.10.24 10:03:49 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.10.04 17:53:54 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.10.04 15:37:10 | 000,009,959 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\AbsoluteReminder.xml [2012.10.04 15:36:38 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012.08.15 06:04:00 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.08.15 06:03:58 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.08.15 06:03:56 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.08.15 06:03:55 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.08 11:26:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Audacity [2012.11.23 13:21:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canon [2012.12.27 11:22:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ChessBase [2013.05.08 11:56:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DMCache [2013.03.07 16:21:34 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\elsterformular [2012.10.04 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FileOpen [2012.10.04 15:40:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech [2012.10.04 17:37:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Lenovo [2013.01.07 18:26:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Lingo4u [2012.10.04 15:46:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LSC [2012.10.04 18:34:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Nitro PDF [2013.02.28 23:16:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Notepad++ [2012.10.04 15:48:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PwrMgr [2012.10.16 21:16:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird [2012.10.04 17:29:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Extra: OTL Extras logfile created on: 22.06.2013 22:17:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16618) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,60 Gb Total Physical Memory | 13,27 Gb Available Physical Memory | 85,07% Memory free 31,21 Gb Paging File | 28,73 Gb Available in Paging File | 92,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 235,91 Gb Total Space | 153,83 Gb Free Space | 65,21% Space Free | Partition Type: NTFS Drive E: | 210,81 Gb Total Space | 140,18 Gb Free Space | 66,50% Space Free | Partition Type: NTFS Drive Q: | 17,58 Gb Total Space | 4,82 Gb Free Space | 27,43% Space Free | Partition Type: NTFS Computer Name: Daniel-THINK | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02306830-1C76-4779-AE34-3F8A9C1D0505}" = rport=137 | protocol=17 | dir=out | app=system | "{0991D40D-34B9-4C3D-92C8-B1FEF9CAE18C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{0CDE7048-DAF4-49C7-B09D-3A712B04BD53}" = rport=139 | protocol=6 | dir=out | app=system | "{15D4FD1E-4616-41AB-A768-22F742ABEDA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{264ADCAA-C58C-471A-BDC0-C8CBF391B57C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{26A23069-60A8-4B9D-BDCF-E32A91F3C427}" = rport=138 | protocol=17 | dir=out | app=system | "{5B928FBB-BA1E-4B1E-9209-8C841F3A6958}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{644661F8-6607-4A99-AC92-6B8394057077}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6A62B521-C777-49FC-9CAF-740ECEB721D8}" = lport=138 | protocol=17 | dir=in | app=system | "{9806B4E7-16F2-492D-B455-63467F0957D0}" = rport=445 | protocol=6 | dir=out | app=system | "{A016709D-8AA8-4398-9925-8743B3B3A672}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A5E267DA-08AF-4EF6-B579-11DCF55C3487}" = lport=445 | protocol=6 | dir=in | app=system | "{CBA6D5FD-0476-49A6-B9D5-35A93D5CF435}" = lport=139 | protocol=6 | dir=in | app=system | "{DB5E9C2A-11E5-48BB-A1AC-0D995B39C62B}" = lport=137 | protocol=17 | dir=in | app=system | "{EE3EA639-273B-4B62-A7F9-43A53E76E63D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F45455F-53AD-4A0D-81A6-71B20CD7233E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{19C52551-80B5-46E5-883E-948920D54DA0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{2520E4D8-4A11-496F-B903-E3DA75515D2F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2699893C-2152-4C4D-8C65-9C5AD26DA5A1}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{2FA87385-66A4-472C-8F4F-5F0252D464DE}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{51E6E418-F7EC-444D-934E-D280C1D34702}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{59866A63-D26E-477C-ADB8-40A5D5EBA82F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5C01926A-2FB2-4774-AD10-2CBC6762D788}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{605488A9-5A0D-483F-A4D4-70A32D01DA18}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{76A63905-E8B9-4BB8-B71D-F1D629C2388B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7BF85E2A-718C-4C34-BC5B-F5A028E6F462}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9B437A01-9638-431E-9DB6-CA669E3CBEFC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9D326026-0562-4B50-9BFC-D3D4A1E4340F}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | "{AA03BE3C-34B3-4778-8B8F-821B1CAB2835}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B0AFD8DB-7A88-4728-8272-2017007CA685}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B96AAD79-0558-4408-8DBC-36FC95E643F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BCE91EA4-787B-4641-8C56-55BBAFA32EDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C0E5F8F2-4C13-42F1-9EBB-A50AD76F86D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C74921D5-D691-42D9-9B5E-571CB3D6C435}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{CDB3FC8C-6043-4014-AC0E-5A23A0B51C58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D45F0B2F-DC2C-4535-A2B2-5DC91CE1A70F}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{D95E727F-95DF-401B-A2ED-2B0C9FC3E1AA}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{D98F169F-37D8-41B5-B2B7-102470C9BDD1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E3788A55-D85B-4C24-AF25-95E2F6E48C11}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F546E7CE-9C0A-4A20-A183-40BC1CFF8544}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FEC56BB1-6ECC-40B9-985A-D5C9B5CB2D7C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "TCP Query User{14744E25-2223-4487-9E83-04C79CE3C305}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{5BBA2407-644C-47DE-98D9-896143F7FC2E}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe | "TCP Query User{AFE712F0-2B48-45C2-A519-D86A696EB3DD}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe | "UDP Query User{4CF2FBBE-D96F-498C-9C2E-5B3F06E7D816}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{5E94E9E3-EF8E-461C-8115-ECDD1AAF1215}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe | "UDP Query User{C4B1AA08-CC3C-4A2B-A212-DE29C3B7E887}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series" = Canon MG6200 series MP Drivers "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot Shield "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center "{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BF601122-9F0A-41A9-BA06-3158D9FB4B80}" = Lenovo SimpleTap "{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}" = Lenovo Solution Center "{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi-Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "64A62163FE43328D13305746CB8BCC93F2DF6545" = Windows-Treiberpaket - Intel (iaStor) hdc (11/29/2011 11.0.0.1032) "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "Defraggler" = Defraggler "FD2ED46D31CE7DF190049D079E92DE03D347A634" = Windows-Treiberpaket - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21) "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center "OnScreenDisplay" = Anzeige am Bildschirm "Power Management Driver" = Lenovo Power Management Driver "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = ThinkPad UltraNav Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25 "{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 "{5B5DEF99-85E9-423D-A1A3-B83202697B09}" = Lenovo Solutions for Small Business Customizations "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}" = Intel(R) Update Manager "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A6D86CD-B004-46b7-8951-7BB75A776F8C}" = Lenovo Solutions for Small Business "{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5 "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent "{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.18 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager "{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe "{DF1EB918-CCDB-495D-9E5B-973F38BF33DA}" = Schriften von Ellen G. White "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EDF3EEF2-F0B9-440B-B8B9-A61F2DA8C78A}" = fortePivot "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information "{FF162784-CFFE-4193-AE24-7FC476812ABE}" = OneKey Recovery Pro "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 2.0.2 "Avira AntiVir Desktop" = Avira Free Antivirus "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "ElsterFormular" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "Fastboot" = RapidBoot HDD Accelerator "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "Intel AppUp(SM) center 33057" = Intel AppUp(SM) center "LingoDict_is1" = LingoDict 2.1.1 "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 5.0" = Canon MP Navigator EX 5.0 "MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4 "Root_Deploy_0" = Root CA sta-net "SopCast" = SopCast 3.5.0 "SugarSync" = SugarSync Manager "VLC media player" = VLC media player 2.0.3 "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.06.2013 06:34:37 | Computer Name = Daniel-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 21.06.2013 06:34:37 | Computer Name = Daniel-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8814 Error - 21.06.2013 06:34:37 | Computer Name = Daniel-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8814 Error - 22.06.2013 02:48:28 | Computer Name = Daniel-THINK | Source = WinMgmt | ID = 10 Description = Error - 22.06.2013 07:22:46 | Computer Name = Daniel-THINK | Source = WinMgmt | ID = 10 Description = Error - 22.06.2013 14:25:52 | Computer Name = Daniel-THINK | Source = WinMgmt | ID = 10 Description = Error - 22.06.2013 14:46:57 | Computer Name = Daniel-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 22.06.2013 14:46:57 | Computer Name = Daniel-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15709 Error - 22.06.2013 14:46:57 | Computer Name = Daniel-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15709 Error - 22.06.2013 16:10:17 | Computer Name = Daniel-THINK | Source = WinMgmt | ID = 10 Description = [ Lenovo-Lenovo Patch Utility/Admin Events ] Error - 27.05.2013 03:57:56 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = no manifest found on server in auto mode return code:17 Error - 28.05.2013 02:07:48 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. Error - 28.05.2013 02:07:57 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 1 Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpuupdates/x64//BATTERY.MANIFEST.XML". Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. Error - 28.05.2013 02:07:57 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = manifest file was not found on server Error - 28.05.2013 02:07:57 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = no manifest found on server in auto mode return code:17 Error - 28.05.2013 11:57:51 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. Error - 28.05.2013 11:57:57 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 1 Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpuupdates/x64//BATTERY.MANIFEST.XML". Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. Error - 28.05.2013 11:57:57 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = manifest file was not found on server Error - 28.05.2013 11:57:57 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = no manifest found on server in auto mode return code:17 Error - 30.05.2013 03:00:26 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. [ System Events ] Error - 22.06.2013 02:50:40 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 22.06.2013 07:22:42 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde mit folgendem Fehler beendet: %%-2147196306 Error - 22.06.2013 07:22:47 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht. Error - 22.06.2013 07:24:57 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 22.06.2013 07:24:57 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 22.06.2013 08:39:43 | Computer Name = Daniel-THINK | Source = DCOM | ID = 10010 Description = Error - 22.06.2013 14:28:11 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 22.06.2013 14:28:11 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 22.06.2013 16:12:39 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 22.06.2013 16:12:39 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > Gmer: GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-23 10:32:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.MC10 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\kwloapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2124] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 000000006e951b41 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2124] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 000000006e951be8 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2124] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 000000006e951c20 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2124] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 000000006e951cd2 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2124] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 000000006e951cf2 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000746411a8 2 bytes [64, 74] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000746413a8 2 bytes [64, 74] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000074641422 2 bytes [64, 74] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000074641498 2 bytes [64, 74] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 000000006e951b41 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 000000006e951be8 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 000000006e951c20 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 000000006e951cd2 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 000000006e951cf2 2 bytes [95, 6E] .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2476] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2476] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[3716] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[3716] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43f55b03 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43f55b03 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
|
23.06.2013, 16:27
| #2 |
| /// the machine /// TB-Ausbilder    | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
23.06.2013, 18:49
| #3 |
| | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt Hey,
__________________danke für die Antwort! Hier die Daten, die du brauchst... LG, Daniel FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by Daniel (administrator) on 23-06-2013 19:44:04
Running from C:\Users\Daniel\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [11407120 2012-03-27] (Intel Corporation)
HKLM\...\Run: [TpShocks] TpShocks.exe [222720 2012-08-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2881336 2012-06-19] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2076272 2012-11-02] (Microsoft Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [196608 2004-04-17] (InstallShield Software Corporation)
MountPoints2: {115083b4-e68d-11e1-8f3e-806e6f6e6963} - Q:\LenovoQDrive.exe
MountPoints2: {2d87b759-0e2a-11e2-984b-685d43f55b03} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [133400 2012-03-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-13] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [5941344 2012-05-15] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60 [4243168 2012-04-23] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-04-04] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [155960 2012-05-15] (Lenovo)
HKU\Default\...\RunOnce: [] [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [155960 2012-05-15] (Lenovo)
HKU\Default User\...\RunOnce: [] [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-08-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-08-30] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default
FF user.js: detected! => C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\user.js
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "ftp", "46.20.119.251"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "46.20.119.251"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "46.20.119.251"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "46.20.119.251"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: stealthyextension - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 HPSLPSVC; C:\Users\Daniel\AppData\Local\Temp\7zS5A00\hpslpsvc64.dll [1039360 2012-08-27] (Hewlett-Packard Co.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-07] ()
R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [46816 2012-04-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608 2012-03-07] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2012-02-06] (Lenovo Group Limited)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-02-20] (Intel Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-26] (Lenovo Group Limited)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-03-10] (Duplex Secure Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-23 19:43 - 2013-06-23 19:43 - 00000000 ____D C:\FRST
2013-06-23 19:42 - 2013-06-23 19:42 - 01931364 ____A (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2013-06-23 19:26 - 2013-06-23 19:26 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-23 11:17 - 2013-06-23 11:17 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Avira
2013-06-23 11:11 - 2013-06-23 11:11 - 00002040 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-23 11:11 - 2013-06-23 11:11 - 00000000 ____D C:\ProgramData\Avira
2013-06-23 11:11 - 2013-06-23 11:11 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-23 11:11 - 2013-03-06 16:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-23 11:11 - 2013-02-26 16:56 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-23 11:11 - 2013-02-26 16:56 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-23 10:50 - 2013-06-23 10:50 - 00725840 ____A C:\Windows\Minidump\062313-18127-01.dmp
2013-06-23 10:32 - 2013-06-23 10:32 - 00007788 ____A C:\Users\Daniel\Desktop\Gmer.log
2013-06-23 10:05 - 2013-06-22 22:08 - 00000584 ____A C:\Users\Daniel\Desktop\defogger_disable.log
2013-06-22 23:31 - 2013-06-23 10:50 - 1081222749 ____A C:\Windows\MEMORY.DMP
2013-06-22 23:31 - 2013-06-22 23:31 - 00291208 ____A C:\Windows\Minidump\062213-22292-01.dmp
2013-06-22 22:56 - 2013-06-22 22:56 - 00377856 ____A C:\Users\Daniel\Desktop\gmer_2.1.19163.exe
2013-06-22 22:26 - 2013-06-22 22:33 - 00104650 ____A C:\Users\Daniel\Desktop\OTL.Txt
2013-06-22 22:26 - 2013-06-22 22:31 - 00069354 ____A C:\Users\Daniel\Desktop\Extras.Txt
2013-06-22 22:24 - 2013-06-22 22:24 - 00069360 ____A C:\Users\Daniel\Downloads\Extras.Txt
2013-06-22 22:23 - 2013-06-22 22:23 - 00104656 ____A C:\Users\Daniel\Downloads\OTL.Txt
2013-06-22 22:15 - 2013-06-22 22:15 - 00602112 ____A (OldTimer Tools) C:\Users\Daniel\Downloads\OTL.exe
2013-06-22 22:08 - 2013-06-22 22:08 - 00000584 ____A C:\Users\Daniel\Downloads\defogger_disable.log
2013-06-22 22:08 - 2013-06-22 22:08 - 00000020 ____A C:\Users\Daniel\defogger_reenable
2013-06-22 22:04 - 2013-06-22 22:04 - 00050477 ____A C:\Users\Daniel\Downloads\Defogger.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-22 14:40 - 2013-06-22 14:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 14:40 - 2013-06-22 14:40 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-22 14:40 - 2013-06-22 14:40 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-22 14:40 - 2013-06-22 14:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-22 14:40 - 2013-06-22 14:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-22 14:40 - 2013-06-22 14:40 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-22 14:40 - 2013-06-22 14:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-22 14:40 - 2013-06-22 14:40 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-22 14:40 - 2013-06-22 14:40 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-22 14:40 - 2013-06-22 14:40 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-22 14:39 - 2013-06-22 14:46 - 00009534 ____A C:\Windows\IE10_main.log
2013-06-21 08:21 - 2013-06-21 08:21 - 00000000 ____D C:\Program Files\Defraggler
2013-06-21 08:07 - 2013-06-21 08:07 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-21 08:07 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-21 08:07 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-21 08:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-21 08:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-20 22:19 - 2013-06-23 19:25 - 00190366 ____A C:\Windows\PFRO.log
2013-06-20 22:19 - 2013-06-23 19:25 - 00000504 ____A C:\Windows\setupact.log
2013-06-20 22:19 - 2013-06-20 22:19 - 00000000 ____A C:\Windows\setuperr.log
2013-06-20 13:05 - 2013-06-20 13:05 - 00023232 ____A C:\Users\Daniel\Documents\cc_20130620_130518.reg
2013-06-20 11:35 - 2013-06-20 11:35 - 03839648 ____A (Piriform Ltd) C:\Users\Daniel\Downloads\dfsetup214.exe
2013-06-20 11:07 - 2013-06-20 11:08 - 102323272 ____A C:\Users\Daniel\Downloads\avira_free3640_antivirus_de.exe
2013-06-20 11:01 - 2013-06-20 11:01 - 00112730 ____A C:\Users\Daniel\Documents\cc_20130620_110146.reg
2013-06-20 10:58 - 2013-06-20 10:58 - 00000832 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-20 10:58 - 2013-06-20 10:58 - 00000000 ____D C:\Program Files\CCleaner
2013-06-20 10:57 - 2013-06-20 10:57 - 03340088 ____A (Piriform Ltd) C:\Users\Daniel\Downloads\ccsetup402_slim.exe
2013-06-12 07:33 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 07:33 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 07:33 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 07:33 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 07:33 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 07:33 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 07:33 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 07:33 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 07:33 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 07:33 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 07:33 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 07:33 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 07:33 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 07:33 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 07:33 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 07:33 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 07:33 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 07:33 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 07:33 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-02 10:37 - 2013-06-02 10:56 - 00000000 ____D C:\Output
2013-06-02 10:22 - 2013-06-02 10:22 - 00000000 ____D C:\MP4ToMP3Converter
2013-05-26 17:53 - 2013-05-26 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-06-23 19:43 - 2013-06-23 19:43 - 00000000 ____D C:\FRST
2013-06-23 19:42 - 2013-06-23 19:42 - 01931364 ____A (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2013-06-23 19:32 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-23 19:32 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-23 19:30 - 2012-08-15 15:48 - 00654166 ____A C:\Windows\System32\perfh007.dat
2013-06-23 19:30 - 2012-08-15 15:48 - 00130006 ____A C:\Windows\System32\perfc007.dat
2013-06-23 19:30 - 2009-07-14 07:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-23 19:26 - 2013-06-23 19:26 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-23 19:26 - 2012-08-15 06:03 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-06-23 19:25 - 2013-06-20 22:19 - 00190366 ____A C:\Windows\PFRO.log
2013-06-23 19:25 - 2013-06-20 22:19 - 00000504 ____A C:\Windows\setupact.log
2013-06-23 19:25 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-23 14:27 - 2012-08-15 06:01 - 01833550 ____A C:\Windows\WindowsUpdate.log
2013-06-23 14:08 - 2012-10-20 22:41 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-23 13:18 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-23 13:14 - 2012-10-17 22:32 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-06-23 11:17 - 2013-06-23 11:17 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Avira
2013-06-23 11:11 - 2013-06-23 11:11 - 00002040 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-23 11:11 - 2013-06-23 11:11 - 00000000 ____D C:\ProgramData\Avira
2013-06-23 11:11 - 2013-06-23 11:11 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-23 10:50 - 2013-06-23 10:50 - 00725840 ____A C:\Windows\Minidump\062313-18127-01.dmp
2013-06-23 10:50 - 2013-06-22 23:31 - 1081222749 ____A C:\Windows\MEMORY.DMP
2013-06-23 10:50 - 2012-10-29 01:02 - 00000000 ____D C:\Windows\Minidump
2013-06-23 10:32 - 2013-06-23 10:32 - 00007788 ____A C:\Users\Daniel\Desktop\Gmer.log
2013-06-22 23:31 - 2013-06-22 23:31 - 00291208 ____A C:\Windows\Minidump\062213-22292-01.dmp
2013-06-22 23:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-06-22 23:04 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-22 22:56 - 2013-06-22 22:56 - 00377856 ____A C:\Users\Daniel\Desktop\gmer_2.1.19163.exe
2013-06-22 22:33 - 2013-06-22 22:26 - 00104650 ____A C:\Users\Daniel\Desktop\OTL.Txt
2013-06-22 22:31 - 2013-06-22 22:26 - 00069354 ____A C:\Users\Daniel\Desktop\Extras.Txt
2013-06-22 22:24 - 2013-06-22 22:24 - 00069360 ____A C:\Users\Daniel\Downloads\Extras.Txt
2013-06-22 22:23 - 2013-06-22 22:23 - 00104656 ____A C:\Users\Daniel\Downloads\OTL.Txt
2013-06-22 22:15 - 2013-06-22 22:15 - 00602112 ____A (OldTimer Tools) C:\Users\Daniel\Downloads\OTL.exe
2013-06-22 22:08 - 2013-06-23 10:05 - 00000584 ____A C:\Users\Daniel\Desktop\defogger_disable.log
2013-06-22 22:08 - 2013-06-22 22:08 - 00000584 ____A C:\Users\Daniel\Downloads\defogger_disable.log
2013-06-22 22:08 - 2013-06-22 22:08 - 00000020 ____A C:\Users\Daniel\defogger_reenable
2013-06-22 22:08 - 2012-10-04 15:36 - 00000000 ___HD C:\users\Daniel
2013-06-22 22:04 - 2013-06-22 22:04 - 00050477 ____A C:\Users\Daniel\Downloads\Defogger.exe
2013-06-22 20:26 - 2011-02-24 19:03 - 00000000 ____D C:\Windows\Panther
2013-06-22 20:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-22 14:46 - 2013-06-22 14:39 - 00009534 ____A C:\Windows\IE10_main.log
2013-06-22 14:40 - 2013-06-22 14:40 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-22 14:40 - 2013-06-22 14:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 14:40 - 2013-06-22 14:40 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-22 14:40 - 2013-06-22 14:40 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-22 14:40 - 2013-06-22 14:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-22 14:40 - 2013-06-22 14:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-22 14:40 - 2013-06-22 14:40 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-22 14:40 - 2013-06-22 14:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-22 14:40 - 2013-06-22 14:40 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-22 14:40 - 2013-06-22 14:40 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-22 14:40 - 2013-06-22 14:40 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-21 20:33 - 2012-11-05 14:14 - 00014489 ____A C:\Users\Daniel\Desktop\contacts.xlsx
2013-06-21 15:45 - 2012-08-15 06:03 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-06-21 08:21 - 2013-06-21 08:21 - 00000000 ____D C:\Program Files\Defraggler
2013-06-21 08:07 - 2013-06-21 08:07 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-21 08:07 - 2013-03-26 16:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-20 22:19 - 2013-06-20 22:19 - 00000000 ____A C:\Windows\setuperr.log
2013-06-20 13:05 - 2013-06-20 13:05 - 00023232 ____A C:\Users\Daniel\Documents\cc_20130620_130518.reg
2013-06-20 13:02 - 2012-10-04 17:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-20 11:35 - 2013-06-20 11:35 - 03839648 ____A (Piriform Ltd) C:\Users\Daniel\Downloads\dfsetup214.exe
2013-06-20 11:16 - 2012-10-04 17:20 - 00000000 ____D C:\ProgramData\MFAData
2013-06-20 11:08 - 2013-06-20 11:07 - 102323272 ____A C:\Users\Daniel\Downloads\avira_free3640_antivirus_de.exe
2013-06-20 11:01 - 2013-06-20 11:01 - 00112730 ____A C:\Users\Daniel\Documents\cc_20130620_110146.reg
2013-06-20 10:58 - 2013-06-20 10:58 - 00000832 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-20 10:58 - 2013-06-20 10:58 - 00000000 ____D C:\Program Files\CCleaner
2013-06-20 10:57 - 2013-06-20 10:57 - 03340088 ____A (Piriform Ltd) C:\Users\Daniel\Downloads\ccsetup402_slim.exe
2013-06-19 12:11 - 2012-10-17 22:41 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2013-06-12 21:48 - 2012-12-20 14:15 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2012-12-20 14:15 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-21 08:07 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-21 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-21 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-21 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 20:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 15:20 - 2012-10-20 22:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 15:20 - 2012-10-20 22:41 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 07:37 - 2012-10-04 17:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 07:35 - 2012-10-05 10:26 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 18:33 - 2012-10-30 19:09 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\dvdcss
2013-06-11 13:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-02 11:01 - 2012-10-26 17:37 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-06-02 10:56 - 2013-06-02 10:37 - 00000000 ____D C:\Output
2013-06-02 10:22 - 2013-06-02 10:22 - 00000000 ____D C:\MP4ToMP3Converter
2013-06-02 10:21 - 2013-04-17 14:27 - 00128400 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-05-28 15:49 - 2012-10-04 17:24 - 00000000 ____D C:\Users\Daniel\AppData\Local\Microsoft Help
2013-05-27 09:56 - 2012-10-16 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-26 17:53 - 2013-05-26 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 16:54
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2013
Ran by Daniel at 2013-06-23 19:45:23
Running from C:\Users\Daniel\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Anzeige am Bildschirm (Version: 6.72.00)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0.2 (x32 Version: 2.0.2)
Avira Free Antivirus (x32 Version: 13.0.0.3640)
Bonjour (Version: 3.0.0.10)
Burn.Now 4.5 (x32 Version: 4.5.0)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MG6200 series MP Drivers
Canon MP Navigator EX 5.0 (x32)
CCleaner (Version: 4.02)
Conexant HD Audio (Version: 8.54.42.0)
Corel Burn.Now Lenovo Edition (x32 Version: 4.5.0)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0)
Corel DVD MovieFactory Lenovo Edition (x32 Version: 7.0.0)
Corel WinDVD (x32 Version: 10.0.6.392)
Create Recovery Media (x32 Version: 1.20.0.00)
D3DX10 (x32 Version: 15.4.2368.0902)
Defraggler (Version: 2.14)
Direct DiscRecorder (x32 Version: 1.00.0000)
ElsterFormular (x32 Version: 14.0.0.10960)
Energie-Manager (x32 Version: 6.32)
Evernote v. 4.2.3 (x32 Version: 4.2.3.15)
fortePivot (x32 Version: 3.06)
Google Earth (x32 Version: 7.0.1.8244)
HP Deskjet 1000 J110 series Hilfe (x32 Version: 140.0.65.65)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (x32 Version: 1.2.1.18)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35342)
Intel(R) Management Engine Components (x32 Version: 8.0.4.1441)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2778)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.1.0.0096)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.1.1.0153)
Intel(R) Update Manager (x32 Version: 1.0.0.34813)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225)
Intel(R) WiDi (x32 Version: 3.0.12.0)
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi-Software (Version: 15.01.0000.0830)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
iTunes (Version: 11.0.3.42)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Patch Utility (x32 Version: 1.3.0.9)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo Power Management Driver (Version: 1.65.05.21)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo SimpleTap (Version: 3.2.0004.00)
Lenovo Solution Center (Version: 1.1.007.00)
Lenovo Solutions for Small Business (x32)
Lenovo Solutions for Small Business Customizations (x32 Version: 1.0.0006.00)
Lenovo System Update (x32 Version: 5.02.0011)
Lenovo User Guide (x32 Version: 1.0.0009.00)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
Lenovo Welcome (x32 Version: 3.1.0020.00)
LingoDict 2.1.1 (x32 Version: 2.1.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (x32 Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft-Maus- und Tastatur-Center (Version: 2.0.162.0)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
Mozilla Thunderbird 17.0.6 (x86 de) (x32 Version: 17.0.6)
MP4 To MP3 Converter V3.0.4 (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA Grafiktreiber 306.23 (Version: 306.23)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604)
NVIDIA Systemsteuerung 306.23 (Version: 306.23)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OneKey Recovery Pro (x32 Version: 4.50.0009.00)
PDF24 Creator 5.4.0 (x32)
RapidBoot HDD Accelerator (x32 Version: 1.00.0802)
RapidBoot Shield (Version: 1.23)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.29005)
Root CA sta-net (x32)
Schriften von Ellen G. White (x32 Version: 1.00.0000)
Skype™ 6.3 (x32 Version: 6.3.107)
SopCast 3.5.0 (x32 Version: 3.5.0)
Spybot - Search & Destroy (x32 Version: 1.6.2)
SugarSync Manager (x32 Version: 1.9.61.90905)
SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 (x32 Version: v2012.build.53)
ThinkPad UltraNav Driver (Version: 16.1.4.17)
ThinkVantage Communications Utility (Version: 3.0.34.0)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.77.0.8)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.3 (x32 Version: 2.0.3)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows-Treiberpaket - Intel (iaStor) hdc (11/29/2011 11.0.0.1032) (Version: 11/29/2011 11.0.0.1032)
Windows-Treiberpaket - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21) (Version: 01/11/2012 1.65.05.21)
==================== Restore Points =========================
21-06-2013 20:11:59 Windows Update
22-06-2013 06:52:00 Windows Update
22-06-2013 12:39:25 Windows Update
==================== Hosts content: ==========================
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# # # Start of entries inserted by Spybot - Search & Destroy
# This list is Copyright 2000-2008 Safer Networking Limited
# End of entries inserted by Spybot - Search & Destroy
# 127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
There are more than 1000 lines starting with "127.0.0.1"
==================== Scheduled Tasks (whitelisted) =============
Task: {127D0B23-E860-46AE-A67F-5165DF2710BB} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2012-05-16] ()
Task: {1389F5F2-C5A2-4A1B-AC76-C5A6E4CAF95D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2012-05-16] ()
Task: {1428EBD7-3F74-42FC-86B8-BFF0AC0395FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {2DF01DF3-6916-4612-ABE4-AA6BA1036D82} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe No File
Task: {30F8F1DC-BB81-4D48-ABB2-6140BF71AB97} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {31872A2A-1372-4CA0-8F3B-E62A3539FBE8} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe No File
Task: {4200F515-0C0A-4040-BF12-A589EBA5EB3F} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe No File
Task: {4B4F890D-B784-4540-B121-26FC08B3EBF7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {5573D960-BCCA-4549-9D8C-59CCEB34AC84} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Daniel-THINK.Daniel => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {5F3651DD-D599-4F4F-9F91-3FA58F5C637D} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {6463CD6B-8B9A-4A7F-9198-A19CC39D58A2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {69F654B4-47EF-41F0-BABD-5F33BF90F1D6} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-04-11] ()
Task: {76E2FD54-4D67-4FD6-83C6-E06592D5733F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {844DA253-825B-4BD6-9450-C1818D6B7454} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {C8988370-8C52-45EC-8228-A2D25DA503BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {C95E604D-A50D-467B-8689-6FEAD872E8AA} - System32\Tasks\PMTask => C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe [2012-05-15] (Lenovo Group Limited)
Task: {DD410C24-32BA-4A81-8FCE-A157F78FB402} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-05-16] (Lenovo)
Task: {E8D45D77-65B6-486C-9724-01C01E56FB41} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/23/2013 07:25:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/23/2013 10:50:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/23/2013 09:57:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/22/2013 11:31:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/22/2013 10:10:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/22/2013 08:46:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15709
Error: (06/22/2013 08:46:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15709
Error: (06/22/2013 08:46:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/22/2013 08:25:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/22/2013 01:22:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/23/2013 07:27:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/23/2013 07:27:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/23/2013 11:12:43 AM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (06/23/2013 10:52:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/23/2013 10:52:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/23/2013 10:50:13 AM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa800d341660, 0xfffff800048083d0)C:\Windows\MEMORY.DMP062313-18127-01
Error: (06/23/2013 10:13:24 AM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (06/23/2013 10:13:07 AM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (06/23/2013 10:12:51 AM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (06/23/2013 10:11:56 AM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 15977.92 MB
Available physical RAM: 13075.64 MB
Total Pagefile: 31954.03 MB
Available Pagefile: 28843.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Festplatte) (Fixed) (Total:235.91 GB) (Free:152.09 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (Daten) (Fixed) (Total:210.81 GB) (Free:140.18 GB) NTFS (Disk=0 Partition=4)
Drive q: (Recovery) (Fixed) (Total:17.58 GB) (Free:4.82 GB) NTFS (Disk=0 Partition=3)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: E7BB135C)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=236 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=211 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=18 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.06.2013, 20:42
| #4 | |
| /// the machine /// TB-Ausbilder | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekanntCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.06.2013, 08:21
| #5 |
| | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt Hallo , hier die Infos von Combo Fix... LG, Daniel Code:
ATTFilter ComboFix 13-06-22.01 - Daniel 24.06.2013 8:56.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.15978.13481 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Daniel\AppData\Local\Temp\7zS5A00\HPSLPSVC64.DLL
Q:\Autorun.inf
.
Infizierte Kopie von c:\windows\SysWow64\user32.dll wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll wurde wiederhergestellt
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-24 bis 2013-06-24 ))))))))))))))))))))))))))))))
.
.
2013-06-24 07:04 . 2013-06-24 07:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-24 07:04 . 2013-06-24 07:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-23 17:43 . 2013-06-23 17:43 -------- d-----w- C:\FRST
2013-06-23 17:26 . 2013-06-23 17:26 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-23 09:17 . 2013-06-23 09:17 -------- d-----w- c:\users\Daniel\AppData\Roaming\Avira
2013-06-23 09:11 . 2013-03-06 14:13 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-06-23 09:11 . 2013-02-26 14:56 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-06-23 09:11 . 2013-02-26 14:56 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-06-23 09:11 . 2013-06-23 09:11 -------- d-----w- c:\programdata\Avira
2013-06-23 09:11 . 2013-06-23 09:11 -------- d-----w- c:\program files (x86)\Avira
2013-06-21 06:21 . 2013-06-21 06:21 -------- d-----w- c:\program files\Defraggler
2013-06-21 06:07 . 2013-06-12 19:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-20 08:58 . 2013-06-20 08:58 -------- d-----w- c:\program files\CCleaner
2013-06-02 08:37 . 2013-06-02 08:56 -------- d-----w- C:\Output
2013-06-02 08:22 . 2013-06-02 08:22 -------- d-----w- C:\MP4ToMP3Converter
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 19:48 . 2012-12-20 12:15 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 19:48 . 2012-12-20 12:15 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 13:20 . 2012-10-20 20:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 13:20 . 2012-10-20 20:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 05:35 . 2012-10-05 08:26 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-10 07:40 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-16 09:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 09:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 09:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 09:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 09:00 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 09:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 08:10 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 09:00 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 09:00 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 08:59 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-04-13 291608]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-15 5941344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
"IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-04-23 55520]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-04-23 508256]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-04-04 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
2;2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 13:20]
.
2013-06-24 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2013-06-21 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2013-01-19 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-18 16:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ------w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ------w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ------w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ------w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-25 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-25 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-25 440128]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
"TpShocks"="TpShocks.exe" [2012-08-24 222720]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-06-01 290160]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.ftp - 46.20.119.251
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 46.20.119.251
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 46.20.119.251
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 46.20.119.251
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-07 09:31; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - user.js: extensions.autoDisableScopes - 10
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-24 09:12:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-24 07:12
.
Vor Suchlauf: 16 Verzeichnis(se), 162.667.118.592 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 161.998.745.600 Bytes frei
.
- - End Of File - - BC166B45C48EE1D6C1387183F266486A
D41D8CD98F00B204E9800998ECF8427E
|
|
24.06.2013, 10:57
| #6 |
| /// the machine /// TB-Ausbilder | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ --> ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt |
|
24.06.2013, 11:55
| #7 |
| | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt Danke für die Unterstützung bis hierher... Hier die Daten: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 24/06/2013 um 12:28:03 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Daniel - DANIEL-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Daniel\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\Partner
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\Software\InstallIQ
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16618
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\prefs.js
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.aniweather.timeShifted", 1540501);
*************************
AdwCleaner[S1].txt - [1724 octets] - [24/06/2013 12:28:04]
########## EOF - C:\AdwCleaner[S1].txt - [1784 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Daniel on 24.06.2013 at 12:35:42,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\APNSTUB.EXE-644857A5.pf
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{63E4AFC9-FE1E-45A3-995C-978AF1E6562E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{66FAFCF2-4318-44AC-BFD6-658731E3C8C1}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{789A5766-DC75-456C-8329-BB6B4F6EB927}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{B5CB8652-551D-438C-A793-748AD36497EB}
~~~ FireFox
Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\a5h4ukrt.default\minidumps [283 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.06.2013 at 12:41:58,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by Daniel (administrator) on 24-06-2013 12:49:27
Running from C:\Users\Daniel\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [11407120 2012-03-27] (Intel Corporation)
HKLM\...\Run: [TpShocks] TpShocks.exe [222720 2012-08-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2881336 2012-06-19] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2076272 2012-11-02] (Microsoft Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [196608 2004-04-17] (InstallShield Software Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [133400 2012-03-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-13] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [5941344 2012-05-15] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60 [4243168 2012-04-23] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-04-04] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [155960 2012-05-15] (Lenovo)
HKU\Default\...\RunOnce: [] [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [155960 2012-05-15] (Lenovo)
HKU\Default User\...\RunOnce: [] [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-08-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-08-30] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "ftp", "46.20.119.251"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "46.20.119.251"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "46.20.119.251"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "46.20.119.251"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: stealthyextension - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-07] ()
R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [46816 2012-04-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608 2012-03-07] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2012-02-06] (Lenovo Group Limited)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-02-20] (Intel Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-26] (Lenovo Group Limited)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-03-10] (Duplex Secure Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-24 12:41 - 2013-06-24 12:45 - 00001266 ____A C:\Users\Daniel\Desktop\JRT.txt
2013-06-24 12:35 - 2013-06-24 12:35 - 00000000 ____D C:\Windows\ERUNT
2013-06-24 12:34 - 2013-06-24 12:34 - 00000000 ____D C:\JRT
2013-06-24 12:32 - 2013-06-24 12:32 - 00001853 ____A C:\Users\Daniel\Desktop\AdwCleaner[S1].txt
2013-06-24 12:28 - 2013-06-24 12:28 - 00001853 ____A C:\AdwCleaner[S1].txt
2013-06-24 12:25 - 2013-06-24 12:25 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Daniel\Downloads\JRT.exe
2013-06-24 12:24 - 2013-06-24 12:24 - 00648201 ____A C:\Users\Daniel\Downloads\adwcleaner.exe
2013-06-24 09:12 - 2013-06-24 09:12 - 00025519 ____A C:\Users\Daniel\Desktop\ComboFix.txt
2013-06-23 23:08 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-23 23:08 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-23 23:08 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-23 23:08 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-23 23:08 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-23 23:08 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-23 23:08 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-23 23:08 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-23 23:07 - 2013-06-24 09:12 - 00000000 ___AD C:\Qoobox
2013-06-23 23:06 - 2013-06-24 09:10 - 00000000 ____D C:\Windows\erdnt
2013-06-23 22:52 - 2013-06-23 22:52 - 05082201 ____R (Swearware) C:\Users\Daniel\Downloads\ComboFix.exe
2013-06-23 19:45 - 2013-06-23 19:46 - 00020599 ____A C:\Users\Daniel\Downloads\Addition.txt
2013-06-23 19:43 - 2013-06-23 19:43 - 00000000 ____D C:\FRST
2013-06-23 19:42 - 2013-06-23 19:42 - 01931364 ____A (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2013-06-23 19:26 - 2013-06-23 19:26 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-23 11:17 - 2013-06-23 11:17 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Avira
2013-06-23 11:11 - 2013-06-23 11:11 - 00002040 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-23 11:11 - 2013-06-23 11:11 - 00000000 ____D C:\ProgramData\Avira
2013-06-23 11:11 - 2013-06-23 11:11 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-23 11:11 - 2013-03-06 16:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-23 11:11 - 2013-02-26 16:56 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-23 11:11 - 2013-02-26 16:56 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-23 10:50 - 2013-06-23 10:50 - 00725840 ____A C:\Windows\Minidump\062313-18127-01.dmp
2013-06-23 10:32 - 2013-06-23 10:32 - 00007788 ____A C:\Users\Daniel\Desktop\Gmer.log
2013-06-23 10:05 - 2013-06-22 22:08 - 00000584 ____A C:\Users\Daniel\Desktop\defogger_disable.log
2013-06-22 23:31 - 2013-06-23 10:50 - 1081222749 ____A C:\Windows\MEMORY.DMP
2013-06-22 23:31 - 2013-06-22 23:31 - 00291208 ____A C:\Windows\Minidump\062213-22292-01.dmp
2013-06-22 22:56 - 2013-06-22 22:56 - 00377856 ____A C:\Users\Daniel\Desktop\gmer_2.1.19163.exe
2013-06-22 22:26 - 2013-06-22 22:33 - 00104650 ____A C:\Users\Daniel\Desktop\OTL.Txt
2013-06-22 22:26 - 2013-06-22 22:31 - 00069354 ____A C:\Users\Daniel\Desktop\Extras.Txt
2013-06-22 22:24 - 2013-06-22 22:24 - 00069360 ____A C:\Users\Daniel\Downloads\Extras.Txt
2013-06-22 22:23 - 2013-06-22 22:23 - 00104656 ____A C:\Users\Daniel\Downloads\OTL.Txt
2013-06-22 22:15 - 2013-06-22 22:15 - 00602112 ____A (OldTimer Tools) C:\Users\Daniel\Downloads\OTL.exe
2013-06-22 22:08 - 2013-06-22 22:08 - 00000584 ____A C:\Users\Daniel\Downloads\defogger_disable.log
2013-06-22 22:08 - 2013-06-22 22:08 - 00000020 ____A C:\Users\Daniel\defogger_reenable
2013-06-22 22:04 - 2013-06-22 22:04 - 00050477 ____A C:\Users\Daniel\Downloads\Defogger.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-22 14:40 - 2013-06-22 14:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 14:40 - 2013-06-22 14:40 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-22 14:40 - 2013-06-22 14:40 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-22 14:40 - 2013-06-22 14:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-22 14:40 - 2013-06-22 14:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-22 14:40 - 2013-06-22 14:40 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-22 14:40 - 2013-06-22 14:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-22 14:40 - 2013-06-22 14:40 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-22 14:40 - 2013-06-22 14:40 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-22 14:40 - 2013-06-22 14:40 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-22 14:39 - 2013-06-22 14:46 - 00009534 ____A C:\Windows\IE10_main.log
2013-06-21 08:21 - 2013-06-21 08:21 - 00000000 ____D C:\Program Files\Defraggler
2013-06-21 08:07 - 2013-06-21 08:07 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-21 08:07 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-21 08:07 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-21 08:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-21 08:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-20 22:19 - 2013-06-24 12:31 - 00000896 ____A C:\Windows\setupact.log
2013-06-20 22:19 - 2013-06-24 09:05 - 00192066 ____A C:\Windows\PFRO.log
2013-06-20 22:19 - 2013-06-20 22:19 - 00000000 ____A C:\Windows\setuperr.log
2013-06-20 13:05 - 2013-06-20 13:05 - 00023232 ____A C:\Users\Daniel\Documents\cc_20130620_130518.reg
2013-06-20 11:35 - 2013-06-20 11:35 - 03839648 ____A (Piriform Ltd) C:\Users\Daniel\Downloads\dfsetup214.exe
2013-06-20 11:07 - 2013-06-20 11:08 - 102323272 ____A C:\Users\Daniel\Downloads\avira_free3640_antivirus_de.exe
2013-06-20 11:01 - 2013-06-20 11:01 - 00112730 ____A C:\Users\Daniel\Documents\cc_20130620_110146.reg
2013-06-20 10:58 - 2013-06-24 12:44 - 00001001 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-20 10:58 - 2013-06-20 10:58 - 00000000 ____D C:\Program Files\CCleaner
2013-06-20 10:57 - 2013-06-20 10:57 - 03340088 ____A (Piriform Ltd) C:\Users\Daniel\Downloads\ccsetup402_slim.exe
2013-06-12 07:33 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 07:33 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 07:33 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 07:33 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 07:33 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 07:33 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 07:33 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 07:33 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 07:33 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 07:33 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 07:33 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 07:33 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 07:33 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 07:33 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 07:33 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 07:33 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 07:33 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 07:33 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 07:33 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-02 10:37 - 2013-06-02 10:56 - 00000000 ____D C:\Output
2013-06-02 10:22 - 2013-06-02 10:22 - 00000000 ____D C:\MP4ToMP3Converter
2013-05-26 17:53 - 2013-05-26 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-06-24 12:45 - 2013-06-24 12:41 - 00001266 ____A C:\Users\Daniel\Desktop\JRT.txt
2013-06-24 12:44 - 2013-06-20 10:58 - 00001001 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-24 12:44 - 2012-12-08 23:47 - 00128400 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-06-24 12:39 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-24 12:39 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-24 12:36 - 2012-08-15 15:48 - 00654166 ____A C:\Windows\System32\perfh007.dat
2013-06-24 12:36 - 2012-08-15 15:48 - 00130006 ____A C:\Windows\System32\perfc007.dat
2013-06-24 12:36 - 2009-07-14 07:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-24 12:35 - 2013-06-24 12:35 - 00000000 ____D C:\Windows\ERUNT
2013-06-24 12:34 - 2013-06-24 12:34 - 00000000 ____D C:\JRT
2013-06-24 12:32 - 2013-06-24 12:32 - 00001853 ____A C:\Users\Daniel\Desktop\AdwCleaner[S1].txt
2013-06-24 12:32 - 2012-08-15 06:03 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-06-24 12:31 - 2013-06-20 22:19 - 00000896 ____A C:\Windows\setupact.log
2013-06-24 12:31 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-24 12:30 - 2012-08-15 06:01 - 01928954 ____A C:\Windows\WindowsUpdate.log
2013-06-24 12:28 - 2013-06-24 12:28 - 00001853 ____A C:\AdwCleaner[S1].txt
2013-06-24 12:25 - 2013-06-24 12:25 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Daniel\Downloads\JRT.exe
2013-06-24 12:24 - 2013-06-24 12:24 - 00648201 ____A C:\Users\Daniel\Downloads\adwcleaner.exe
2013-06-24 12:08 - 2012-10-20 22:41 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-24 10:08 - 2012-10-17 22:41 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2013-06-24 09:12 - 2013-06-24 09:12 - 00025519 ____A C:\Users\Daniel\Desktop\ComboFix.txt
2013-06-24 09:12 - 2013-06-23 23:07 - 00000000 ___AD C:\Qoobox
2013-06-24 09:12 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-24 09:10 - 2013-06-23 23:06 - 00000000 ____D C:\Windows\erdnt
2013-06-24 09:07 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-24 09:05 - 2013-06-20 22:19 - 00192066 ____A C:\Windows\PFRO.log
2013-06-23 22:52 - 2013-06-23 22:52 - 05082201 ____R (Swearware) C:\Users\Daniel\Downloads\ComboFix.exe
2013-06-23 21:07 - 2012-10-26 17:37 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-06-23 19:46 - 2013-06-23 19:45 - 00020599 ____A C:\Users\Daniel\Downloads\Addition.txt
2013-06-23 19:43 - 2013-06-23 19:43 - 00000000 ____D C:\FRST
2013-06-23 19:42 - 2013-06-23 19:42 - 01931364 ____A (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2013-06-23 19:26 - 2013-06-23 19:26 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-23 13:18 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-23 13:14 - 2012-10-17 22:32 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-06-23 11:17 - 2013-06-23 11:17 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Avira
2013-06-23 11:11 - 2013-06-23 11:11 - 00002040 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-23 11:11 - 2013-06-23 11:11 - 00000000 ____D C:\ProgramData\Avira
2013-06-23 11:11 - 2013-06-23 11:11 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-23 10:50 - 2013-06-23 10:50 - 00725840 ____A C:\Windows\Minidump\062313-18127-01.dmp
2013-06-23 10:50 - 2013-06-22 23:31 - 1081222749 ____A C:\Windows\MEMORY.DMP
2013-06-23 10:50 - 2012-10-29 01:02 - 00000000 ____D C:\Windows\Minidump
2013-06-23 10:32 - 2013-06-23 10:32 - 00007788 ____A C:\Users\Daniel\Desktop\Gmer.log
2013-06-22 23:31 - 2013-06-22 23:31 - 00291208 ____A C:\Windows\Minidump\062213-22292-01.dmp
2013-06-22 23:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-06-22 23:04 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-22 22:56 - 2013-06-22 22:56 - 00377856 ____A C:\Users\Daniel\Desktop\gmer_2.1.19163.exe
2013-06-22 22:33 - 2013-06-22 22:26 - 00104650 ____A C:\Users\Daniel\Desktop\OTL.Txt
2013-06-22 22:31 - 2013-06-22 22:26 - 00069354 ____A C:\Users\Daniel\Desktop\Extras.Txt
2013-06-22 22:24 - 2013-06-22 22:24 - 00069360 ____A C:\Users\Daniel\Downloads\Extras.Txt
2013-06-22 22:23 - 2013-06-22 22:23 - 00104656 ____A C:\Users\Daniel\Downloads\OTL.Txt
2013-06-22 22:15 - 2013-06-22 22:15 - 00602112 ____A (OldTimer Tools) C:\Users\Daniel\Downloads\OTL.exe
2013-06-22 22:08 - 2013-06-23 10:05 - 00000584 ____A C:\Users\Daniel\Desktop\defogger_disable.log
2013-06-22 22:08 - 2013-06-22 22:08 - 00000584 ____A C:\Users\Daniel\Downloads\defogger_disable.log
2013-06-22 22:08 - 2013-06-22 22:08 - 00000020 ____A C:\Users\Daniel\defogger_reenable
2013-06-22 22:08 - 2012-10-04 15:36 - 00000000 ___HD C:\users\Daniel
2013-06-22 22:04 - 2013-06-22 22:04 - 00050477 ____A C:\Users\Daniel\Downloads\Defogger.exe
2013-06-22 20:26 - 2011-02-24 19:03 - 00000000 ____D C:\Windows\Panther
2013-06-22 20:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-22 14:46 - 2013-06-22 14:39 - 00009534 ____A C:\Windows\IE10_main.log
2013-06-22 14:40 - 2013-06-22 14:40 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-22 14:40 - 2013-06-22 14:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 14:40 - 2013-06-22 14:40 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-22 14:40 - 2013-06-22 14:40 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-22 14:40 - 2013-06-22 14:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-22 14:40 - 2013-06-22 14:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-22 14:40 - 2013-06-22 14:40 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-22 14:40 - 2013-06-22 14:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-22 14:40 - 2013-06-22 14:40 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-22 14:40 - 2013-06-22 14:40 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-22 14:40 - 2013-06-22 14:40 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-21 20:33 - 2012-11-05 14:14 - 00014489 ____A C:\Users\Daniel\Desktop\contacts.xlsx
2013-06-21 15:45 - 2012-08-15 06:03 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-06-21 08:21 - 2013-06-21 08:21 - 00000000 ____D C:\Program Files\Defraggler
2013-06-21 08:07 - 2013-06-21 08:07 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-21 08:07 - 2013-03-26 16:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-20 22:19 - 2013-06-20 22:19 - 00000000 ____A C:\Windows\setuperr.log
2013-06-20 13:05 - 2013-06-20 13:05 - 00023232 ____A C:\Users\Daniel\Documents\cc_20130620_130518.reg
2013-06-20 13:02 - 2012-10-04 17:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-20 11:35 - 2013-06-20 11:35 - 03839648 ____A (Piriform Ltd) C:\Users\Daniel\Downloads\dfsetup214.exe
2013-06-20 11:16 - 2012-10-04 17:20 - 00000000 ____D C:\ProgramData\MFAData
2013-06-20 11:08 - 2013-06-20 11:07 - 102323272 ____A C:\Users\Daniel\Downloads\avira_free3640_antivirus_de.exe
2013-06-20 11:01 - 2013-06-20 11:01 - 00112730 ____A C:\Users\Daniel\Documents\cc_20130620_110146.reg
2013-06-20 10:58 - 2013-06-20 10:58 - 00000000 ____D C:\Program Files\CCleaner
2013-06-20 10:57 - 2013-06-20 10:57 - 03340088 ____A (Piriform Ltd) C:\Users\Daniel\Downloads\ccsetup402_slim.exe
2013-06-12 21:48 - 2012-12-20 14:15 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2012-12-20 14:15 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-21 08:07 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-21 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-21 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-21 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 20:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 15:20 - 2012-10-20 22:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 15:20 - 2012-10-20 22:41 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 07:37 - 2012-10-04 17:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 07:35 - 2012-10-05 10:26 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 18:33 - 2012-10-30 19:09 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\dvdcss
2013-06-11 13:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-02 10:56 - 2013-06-02 10:37 - 00000000 ____D C:\Output
2013-06-02 10:22 - 2013-06-02 10:22 - 00000000 ____D C:\MP4ToMP3Converter
2013-06-02 10:21 - 2013-04-17 14:27 - 00128400 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-05-28 15:49 - 2012-10-04 17:24 - 00000000 ____D C:\Users\Daniel\AppData\Local\Microsoft Help
2013-05-27 09:56 - 2012-10-16 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-26 17:53 - 2013-05-26 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 16:54
==================== End Of Log ============================
|
|
24.06.2013, 12:31
| #8 |
| /// the machine /// TB-Ausbilder | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekanntESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.06.2013, 16:27
| #9 |
| | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt Hallo, der Laptop läuft im Großen und Ganzen leider immer noch langsam... Es gibt aber auch kurze Phasen wo er normal läuft?! Hier die Daten: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=27759aed4f9e894489d3e610187ffffc
# engine=14143
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-24 03:11:33
# local_time=2013-06-24 05:11:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 30066 237509983 22854 0
# compatibility_mode=5893 16776574 100 94 22719623 123716543 0 0
# scanned=226112
# found=0
# cleaned=0
# scan_time=11920
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013
Ran by Daniel (administrator) on 24-06-2013 17:25:12
Running from C:\Users\Daniel\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [11407120 2012-03-27] (Intel Corporation)
HKLM\...\Run: [TpShocks] TpShocks.exe [222720 2012-08-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2881336 2012-06-19] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2076272 2012-11-02] (Microsoft Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [196608 2004-04-17] (InstallShield Software Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [133400 2012-03-07] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-13] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [5941344 2012-05-15] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60 [4243168 2012-04-23] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-04-04] (Avira Operations GmbH & Co. KG)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe /show [155960 2012-05-15] (Lenovo)
HKU\Default User\...\RunOnce: [] [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2011-12-15] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-08-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-08-30] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "ftp", "46.20.119.251"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "46.20.119.251"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "46.20.119.251"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "46.20.119.251"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: stealthyextension - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\a5h4ukrt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
R2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [201376 2012-06-08] (Conexant Systems Inc.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-07] ()
R2 Intel(R) Small Business Advantage; C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [46816 2012-04-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608 2012-03-07] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-04-11] ()
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1492280 2012-02-06] (Lenovo Group Limited)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows (R) Win 7 DDK provider)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11471872 2012-02-20] (Intel Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-26] (Lenovo Group Limited)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27448 2012-06-19] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-03-10] (Duplex Secure Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-24 13:48 - 2013-06-24 17:21 - 00890839 ____A C:\Users\Daniel\Downloads\SecurityCheck.exe
2013-06-24 13:47 - 2013-06-24 13:48 - 02347384 ____A (ESET) C:\Users\Daniel\Downloads\esetsmartinstaller_enu.exe
2013-06-24 12:35 - 2013-06-24 12:35 - 00000000 ____D C:\Windows\ERUNT
2013-06-24 12:34 - 2013-06-24 12:34 - 00000000 ____D C:\JRT
2013-06-24 12:28 - 2013-06-24 12:28 - 00001853 ____A C:\AdwCleaner[S1].txt
2013-06-24 12:25 - 2013-06-24 12:25 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Daniel\Downloads\JRT.exe
2013-06-24 12:24 - 2013-06-24 12:24 - 00648201 ____A C:\Users\Daniel\Downloads\adwcleaner.exe
2013-06-23 23:08 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-23 23:08 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-23 23:08 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-23 23:08 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-23 23:08 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-23 23:08 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-23 23:08 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-23 23:08 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-23 23:07 - 2013-06-24 09:12 - 00000000 ___AD C:\Qoobox
2013-06-23 23:06 - 2013-06-24 09:10 - 00000000 ____D C:\Windows\erdnt
2013-06-23 22:52 - 2013-06-23 22:52 - 05082201 ____R (Swearware) C:\Users\Daniel\Downloads\ComboFix.exe
2013-06-23 19:43 - 2013-06-23 19:43 - 00000000 ____D C:\FRST
2013-06-23 19:42 - 2013-06-23 19:42 - 01931364 ____A (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2013-06-23 19:26 - 2013-06-23 19:26 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-23 11:17 - 2013-06-23 11:17 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Avira
2013-06-23 11:11 - 2013-06-23 11:11 - 00002040 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-23 11:11 - 2013-06-23 11:11 - 00000000 ____D C:\ProgramData\Avira
2013-06-23 11:11 - 2013-06-23 11:11 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-23 11:11 - 2013-03-06 16:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-23 11:11 - 2013-02-26 16:56 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-23 11:11 - 2013-02-26 16:56 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-23 10:50 - 2013-06-23 10:50 - 00725840 ____A C:\Windows\Minidump\062313-18127-01.dmp
2013-06-22 23:31 - 2013-06-23 10:50 - 1081222749 ____A C:\Windows\MEMORY.DMP
2013-06-22 23:31 - 2013-06-22 23:31 - 00291208 ____A C:\Windows\Minidump\062213-22292-01.dmp
2013-06-22 22:56 - 2013-06-22 22:56 - 00377856 ____A C:\Users\Daniel\Downloads\gmer_2.1.19163.exe
2013-06-22 22:15 - 2013-06-22 22:15 - 00602112 ____A (OldTimer Tools) C:\Users\Daniel\Downloads\OTL.exe
2013-06-22 22:08 - 2013-06-22 22:08 - 00000020 ____A C:\Users\Daniel\defogger_reenable
2013-06-22 22:04 - 2013-06-22 22:04 - 00050477 ____A C:\Users\Daniel\Downloads\Defogger.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-22 14:40 - 2013-06-22 14:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 14:40 - 2013-06-22 14:40 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-22 14:40 - 2013-06-22 14:40 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-22 14:40 - 2013-06-22 14:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-22 14:40 - 2013-06-22 14:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-22 14:40 - 2013-06-22 14:40 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-22 14:40 - 2013-06-22 14:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-22 14:40 - 2013-06-22 14:40 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-22 14:40 - 2013-06-22 14:40 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-22 14:40 - 2013-06-22 14:40 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-22 14:39 - 2013-06-22 14:46 - 00009534 ____A C:\Windows\IE10_main.log
2013-06-21 08:21 - 2013-06-21 08:21 - 00000000 ____D C:\Program Files\Defraggler
2013-06-21 08:07 - 2013-06-21 08:07 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-21 08:07 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-21 08:07 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-21 08:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-21 08:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-20 22:19 - 2013-06-24 12:31 - 00000896 ____A C:\Windows\setupact.log
2013-06-20 22:19 - 2013-06-24 09:05 - 00192066 ____A C:\Windows\PFRO.log
2013-06-20 22:19 - 2013-06-20 22:19 - 00000000 ____A C:\Windows\setuperr.log
2013-06-20 13:05 - 2013-06-20 13:05 - 00023232 ____A C:\Users\Daniel\Documents\cc_20130620_130518.reg
2013-06-20 11:35 - 2013-06-20 11:35 - 03839648 ____A (Piriform Ltd) C:\Users\Daniel\Downloads\dfsetup214.exe
2013-06-20 11:07 - 2013-06-20 11:08 - 102323272 ____A C:\Users\Daniel\Downloads\avira_free3640_antivirus_de.exe
2013-06-20 11:01 - 2013-06-20 11:01 - 00112730 ____A C:\Users\Daniel\Documents\cc_20130620_110146.reg
2013-06-20 10:58 - 2013-06-24 12:44 - 00001001 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-20 10:58 - 2013-06-20 10:58 - 00000000 ____D C:\Program Files\CCleaner
2013-06-20 10:57 - 2013-06-20 10:57 - 03340088 ____A (Piriform Ltd) C:\Users\Daniel\Downloads\ccsetup402_slim.exe
2013-06-12 07:33 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 07:33 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 07:33 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 07:33 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 07:33 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 07:33 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 07:33 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 07:33 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 07:33 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 07:33 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 07:33 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 07:33 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 07:33 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 07:33 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 07:33 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 07:33 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 07:33 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 07:33 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 07:33 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-02 10:37 - 2013-06-02 10:56 - 00000000 ____D C:\Output
2013-06-02 10:22 - 2013-06-02 10:22 - 00000000 ____D C:\MP4ToMP3Converter
2013-05-26 17:53 - 2013-05-26 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-06-24 17:21 - 2013-06-24 13:48 - 00890839 ____A C:\Users\Daniel\Downloads\SecurityCheck.exe
2013-06-24 17:15 - 2012-08-15 15:48 - 00654166 ____A C:\Windows\System32\perfh007.dat
2013-06-24 17:15 - 2012-08-15 15:48 - 00130006 ____A C:\Windows\System32\perfc007.dat
2013-06-24 17:15 - 2009-07-14 07:13 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-24 17:08 - 2012-10-20 22:41 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-24 15:45 - 2012-08-15 06:03 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-06-24 15:34 - 2012-08-15 06:01 - 01938218 ____A C:\Windows\WindowsUpdate.log
2013-06-24 13:49 - 2012-11-05 14:14 - 00014496 ____A C:\Users\Daniel\Desktop\contacts.xlsx
2013-06-24 13:48 - 2013-06-24 13:47 - 02347384 ____A (ESET) C:\Users\Daniel\Downloads\esetsmartinstaller_enu.exe
2013-06-24 13:22 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-24 12:44 - 2013-06-20 10:58 - 00001001 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-24 12:44 - 2012-12-08 23:47 - 00128400 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2013-06-24 12:39 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-24 12:39 - 2009-07-14 06:45 - 00034432 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-24 12:35 - 2013-06-24 12:35 - 00000000 ____D C:\Windows\ERUNT
2013-06-24 12:34 - 2013-06-24 12:34 - 00000000 ____D C:\JRT
2013-06-24 12:32 - 2012-08-15 06:03 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-06-24 12:31 - 2013-06-20 22:19 - 00000896 ____A C:\Windows\setupact.log
2013-06-24 12:31 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-24 12:28 - 2013-06-24 12:28 - 00001853 ____A C:\AdwCleaner[S1].txt
2013-06-24 12:25 - 2013-06-24 12:25 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Daniel\Downloads\JRT.exe
2013-06-24 12:24 - 2013-06-24 12:24 - 00648201 ____A C:\Users\Daniel\Downloads\adwcleaner.exe
2013-06-24 10:08 - 2012-10-17 22:41 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2013-06-24 09:12 - 2013-06-23 23:07 - 00000000 ___AD C:\Qoobox
2013-06-24 09:12 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-06-24 09:10 - 2013-06-23 23:06 - 00000000 ____D C:\Windows\erdnt
2013-06-24 09:07 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-24 09:05 - 2013-06-20 22:19 - 00192066 ____A C:\Windows\PFRO.log
2013-06-23 22:52 - 2013-06-23 22:52 - 05082201 ____R (Swearware) C:\Users\Daniel\Downloads\ComboFix.exe
2013-06-23 21:07 - 2012-10-26 17:37 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-06-23 19:43 - 2013-06-23 19:43 - 00000000 ____D C:\FRST
2013-06-23 19:42 - 2013-06-23 19:42 - 01931364 ____A (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2013-06-23 19:26 - 2013-06-23 19:26 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-23 13:14 - 2012-10-17 22:32 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2013-06-23 11:17 - 2013-06-23 11:17 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Avira
2013-06-23 11:11 - 2013-06-23 11:11 - 00002040 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-23 11:11 - 2013-06-23 11:11 - 00000000 ____D C:\ProgramData\Avira
2013-06-23 11:11 - 2013-06-23 11:11 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-23 10:50 - 2013-06-23 10:50 - 00725840 ____A C:\Windows\Minidump\062313-18127-01.dmp
2013-06-23 10:50 - 2013-06-22 23:31 - 1081222749 ____A C:\Windows\MEMORY.DMP
2013-06-23 10:50 - 2012-10-29 01:02 - 00000000 ____D C:\Windows\Minidump
2013-06-22 23:31 - 2013-06-22 23:31 - 00291208 ____A C:\Windows\Minidump\062213-22292-01.dmp
2013-06-22 23:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-06-22 23:04 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-22 22:56 - 2013-06-22 22:56 - 00377856 ____A C:\Users\Daniel\Downloads\gmer_2.1.19163.exe
2013-06-22 22:15 - 2013-06-22 22:15 - 00602112 ____A (OldTimer Tools) C:\Users\Daniel\Downloads\OTL.exe
2013-06-22 22:08 - 2013-06-22 22:08 - 00000020 ____A C:\Users\Daniel\defogger_reenable
2013-06-22 22:08 - 2012-10-04 15:36 - 00000000 ___HD C:\users\Daniel
2013-06-22 22:04 - 2013-06-22 22:04 - 00050477 ____A C:\Users\Daniel\Downloads\Defogger.exe
2013-06-22 20:26 - 2011-02-24 19:03 - 00000000 ____D C:\Windows\Panther
2013-06-22 20:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-22 14:46 - 2013-06-22 14:39 - 00009534 ____A C:\Windows\IE10_main.log
2013-06-22 14:40 - 2013-06-22 14:40 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-22 14:40 - 2013-06-22 14:40 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 14:40 - 2013-06-22 14:40 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-22 14:40 - 2013-06-22 14:40 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-22 14:40 - 2013-06-22 14:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-22 14:40 - 2013-06-22 14:40 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-22 14:40 - 2013-06-22 14:40 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-22 14:40 - 2013-06-22 14:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-22 14:40 - 2013-06-22 14:40 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-22 14:40 - 2013-06-22 14:40 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-22 14:40 - 2013-06-22 14:40 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-22 14:40 - 2013-06-22 14:40 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-22 14:40 - 2013-06-22 14:40 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-21 08:21 - 2013-06-21 08:21 - 00000000 ____D C:\Program Files\Defraggler
2013-06-21 08:07 - 2013-06-21 08:07 - 00004944 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-21 08:07 - 2013-03-26 16:24 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-20 22:19 - 2013-06-20 22:19 - 00000000 ____A C:\Windows\setuperr.log
2013-06-20 13:05 - 2013-06-20 13:05 - 00023232 ____A C:\Users\Daniel\Documents\cc_20130620_130518.reg
2013-06-20 13:02 - 2012-10-04 17:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-20 11:35 - 2013-06-20 11:35 - 03839648 ____A (Piriform Ltd) C:\Users\Daniel\Downloads\dfsetup214.exe
2013-06-20 11:16 - 2012-10-04 17:20 - 00000000 ____D C:\ProgramData\MFAData
2013-06-20 11:08 - 2013-06-20 11:07 - 102323272 ____A C:\Users\Daniel\Downloads\avira_free3640_antivirus_de.exe
2013-06-20 11:01 - 2013-06-20 11:01 - 00112730 ____A C:\Users\Daniel\Documents\cc_20130620_110146.reg
2013-06-20 10:58 - 2013-06-20 10:58 - 00000000 ____D C:\Program Files\CCleaner
2013-06-20 10:57 - 2013-06-20 10:57 - 03340088 ____A (Piriform Ltd) C:\Users\Daniel\Downloads\ccsetup402_slim.exe
2013-06-12 21:48 - 2012-12-20 14:15 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2012-12-20 14:15 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-21 08:07 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-21 08:07 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-21 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-21 08:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 20:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 15:20 - 2012-10-20 22:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 15:20 - 2012-10-20 22:41 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 07:37 - 2012-10-04 17:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 07:35 - 2012-10-05 10:26 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 18:33 - 2012-10-30 19:09 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\dvdcss
2013-06-11 13:12 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-02 10:56 - 2013-06-02 10:37 - 00000000 ____D C:\Output
2013-06-02 10:22 - 2013-06-02 10:22 - 00000000 ____D C:\MP4ToMP3Converter
2013-06-02 10:21 - 2013-04-17 14:27 - 00128400 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-05-28 15:49 - 2012-10-04 17:24 - 00000000 ____D C:\Users\Daniel\AppData\Local\Microsoft Help
2013-05-27 09:56 - 2012-10-16 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-26 17:53 - 2013-05-26 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 16:54
==================== End Of Log ============================
|
|
24.06.2013, 16:34
| #10 |
| /// the machine /// TB-Ausbilder | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt Definier mal wann er langsam ist.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.06.2013, 16:52
| #11 |
| | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt Hey, immer dann wenn ich z.B. ein Fenster öffne/schließe (Explorer, vor allem Firefox, Thunderbird), Ordner öffne und manchmal auch wenn ich etwas schreibe... Also dann wenn der Rechner arbeiten muss. LG, Daniel |
|
24.06.2013, 18:31
| #12 |
| /// the machine /// TB-Ausbilder | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt Öffne mal den Taskmanager, was zu sehen was in den Momenten ausschlägt? Wenn nicht, antivirenprogramm deinstallieren, nochmal testen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.06.2013, 22:08
| #13 |
| | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt Hallo, der Taskmanager (Prozesse aller Benutzer) sagt folgendes: - firefox.exe *32, (Benutzer), ca. 300.000 K - svhost.exe, (System), zu 180.000 K (manchmal kommt svhost.exe auch 2mal vor, dann liegt das zweite aber deutlich niedriger bei ca. 30.000 K), Hostprozesse - TeaTimer.exe *32 (Benutzer), ca. 67.000 K, System settings protector Wenn ich den Virenscanner deinistalliere und dann mir den Task Manager anschaue, sieht es genau so aus und es stockt dann immer noch beim Öffnen/Schließen usw. LG, Daniel |
|
25.06.2013, 08:02
| #14 | |
| /// the machine /// TB-Ausbilder | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekanntZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.06.2013, 14:06
| #15 |
| | ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt Hey, ja genau meinte svchost.exe! Sind die Prozesse (und deren Leistung) okay? Wenn ja, was könnte man sonst noch machen? |
|
| Themen zu ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt |
| antivirus, avira, bho, bonjour, canon, desktop, error, excel, failed, festplatte, firefox, flash player, iexplore.exe, install.exe, kein fund, langsam, logfile, mozilla, mp3, nvpciflt.sys, pc normal, plug-in, prozessor, pwmtr64v.dll, realtek, registry, safer networking, scan, software, svchost.exe, symantec, visual studio, windows |
Linear-Darstellung
