Log-Analyse und Auswertung: System benötigt extrem viel Leistung im Normalbetrieb ?
| ![]() System benötigt extrem viel Leistung im Normalbetrieb ? Hallo an alle, mein Laptop benötigt in den letzten Wochen im Grundbetrieb (ohne geöffnete Programme am Desktop etc.) 3mal soviel Leistung wie vorher. Ich habe jetzt seit Montag einige Dinge durchgeführt, da ich aber selbst noch nichts finden konnte, wende ich mich deshalb an euch. Alleine durch das Laufen von Diensten im Normalbetrieb braucht der Laptop immens mehr Leistung und wird bei den sommerlichen Temperaturen im Moment sehr heiß, auf jeden Fall ist dies nicht normal. Die Auslastung bei der Anzeige am Desktop steht konstant auf 60 %, obwohl kein Desktopprogramm im Vordergrund genutzt wird, früher bewegte sich diese zwischen 10 und 20 %. Ich hatte mich bis jetzt ein wenig in Foren eingelesen, konnte aber noch nichts finden. Am Lüfter kann es auch nicht liegen, der wurde bereits gesäubert. Ich bekam bereits einen Tip mit Malwarebytes nach dem Problem zu suchen, Malwarebytes konnte aber vorgestern mit dem aktuellen Update leider nichts finden. Auch die Schritte dieser Anleitung http://www.trojaner-board.de/71631-p...samer-tun.html wurden bereits gestern durchgeführt, ohne Erfolg auf die Leistung, lediglich die freie Kapazität der Festplatte vergrößerte sich. Vll. könnt ihr mir ja was zu den Diensten und oder auffälligen Programmen aus den Logdateien sagen, da ich den Laptop demnächst wieder für kleinere Berechnungen bräuchte und ich denke, dass er da sofort zusammenbrechen wird. Wäre ein Virus der auf einmal extrem viel Leistung durch ein verstecktes Programm verbraucht möglich? Auf jeden Fall wäre eine Neuauflage des Systems aufgrund einiger Programme extrem zeitaufwendig, auch fehlt mir noch ein wenig das nötige Wissen. Eventuell ist vll. so noch etwas zu retten. Ich bedanke mich schonmal für eure Hilfe. Liebe Grüße Danni HJT: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:41:13, on 25.08.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\vsnpstd3.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\ICQ6.5\ICQ.exe C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\mobsync.exe C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\DanDScott\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O20 - AppInit_DLLs: acaptuser32.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Alps Application Launcher Service (ApRunSvc) - Unknown owner - C:\Program Files\Apoint2K\ApRunSvc.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe O23 - Service: SessionLauncher - Unknown owner - C:\Users\DANDSC~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe O23 - Service: Anzeige am Bildschirm (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13421 bytes Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4465 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 23.08.2010 17:46:41 mbam-log-2010-08-23 (17-46-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|) Durchsuchte Objekte: 431229 Laufzeit: 2 Stunde(n), 2 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL: Code:
ATTFilter OTL logfile created on: 25.08.2010 12:33:13 - Run 1 OTL by OldTimer - Version Folder = C:\Users\DanDScott\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 6,00 Gb Paging File | 3,00 Gb Available in Paging File | 54,00% Paging File free Paging file location(s): c:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,65 Gb Total Space | 70,10 Gb Free Space | 31,63% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Q: | 9,77 Gb Total Space | 3,22 Gb Free Space | 32,94% Space Free | Partition Type: NTFS Drive S: | 1,46 Gb Total Space | 0,68 Gb Free Space | 46,13% Space Free | Partition Type: NTFS Computer Name: DANDSCOTT-PC Current User Name: DanDScott Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\DanDScott\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\Programme\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.) PRC - c:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) PRC - C:\Programme\Lenovo\LenovoCare\LPMLCHK.EXE (Lenovo Group Limited) PRC - C:\Windows\System32\TpShocks.exe (Lenovo.) PRC - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) PRC - C:\Programme\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - c:\Programme\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\Windows\System32\TPHDEXLG.exe (Lenovo.) PRC - C:\Windows\System32\ibmpmsvc.exe (Lenovo) PRC - C:\Programme\Unlocker\UnlockerAssistant.exe () PRC - C:\Programme\Lenovo\ATK Hotkey\LFKA.exe (Lenovo) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ATK Hotkey\LControl.exe (ATK0101) PRC - C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe () PRC - C:\Programme\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe () PRC - C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Programme\Apoint2K\ApRunSvc.exe () PRC - C:\Programme\ANSYS Inc\Shared Files\Licensing\intel\ansyslmd.exe () PRC - C:\Programme\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio) PRC - C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe (Macrovision Corporation) PRC - C:\Windows\vsnpstd3.exe () PRC - C:\Programme\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation) PRC - C:\Programme\TechSmith\SnagIt 8\TscHelp.exe (TechSmith Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\DanDScott\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SessionLauncher) -- C:\Users\DANDSC~1\AppData\Local\Temp\DX9\SessionLauncher.exe File not found SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (TVT_UpdateMonitor) -- C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) SRV - (TPHDEXLGSVC) -- C:\Windows\System32\TPHDEXLG.exe (Lenovo.) SRV - (IBMPMSVC) -- C:\Windows\System32\ibmpmsvc.exe (Lenovo) SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions) SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions) SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions) SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (LFKAS) -- C:\Programme\Lenovo\ATK Hotkey\LFKAS.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Programme\Lenovo\ATK Hotkey\GFNEXSrv.exe () SRV - (ASLDRService) -- C:\Programme\Lenovo\ATK Hotkey\ASLDRSrv.exe () SRV - (JobManagerService110) -- C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe (Ansys, Inc) SRV - (ScriptHostService110) -- C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe (Ansys, Inc.) SRV - (ApRunSvc) -- C:\Programme\Apoint2K\ApRunSvc.exe () SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (ANSYS FLEXlm license manager) -- C:\Programme\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (tvtfilter) -- C:\Windows\System32\drivers\tvtfilter.sys (Lenovo) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS () DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (lnvogps) -- C:\Windows\System32\drivers\lnvogps.sys (Ericsson AB) DRV - (lnvomdm2) -- C:\Windows\System32\drivers\lnvomdm2.sys (MCCI Corporation) DRV - (lnvounic) Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM) -- C:\Windows\System32\drivers\lnvounic.sys (MCCI Corporation) DRV - (lnvomdm) -- C:\Windows\System32\drivers\lnvomdm.sys (MCCI Corporation) DRV - (lnvocard) -- C:\Windows\System32\drivers\lnvocard.sys (MCCI Corporation) DRV - (lnvobus) Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM) -- C:\Windows\System32\drivers\lnvobus.sys (MCCI Corporation) DRV - (lnvond5) Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS) -- C:\Windows\System32\drivers\lnvond5.sys (MCCI Corporation) DRV - (lnvomdfl2) -- C:\Windows\System32\drivers\lnvomdfl2.sys (MCCI Corporation) DRV - (lnvomdfl) -- C:\Windows\System32\drivers\lnvomdfl.sys (MCCI Corporation) DRV - (DCamUSBGene) -- C:\Windows\System32\drivers\USBSTK.sys () DRV - (Sony_EricssonWWSC) -- C:\Windows\System32\drivers\lnvoscard.sys (Sony Ericsson) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo) DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (IBMPMDRV) -- C:\Windows\System32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ASMMAP) -- C:\Programme\Lenovo\ATK Hotkey\ASMMAP.sys () DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio) DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio) DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio) DRV - (MTsensor) -- C:\Windows\System32\drivers\A0101V32.sys (ATK0100) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {FCF36B88-1BBA-487f-B64B-D2E8980A9293}:3.01 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}: FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.21 22:41:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.21 22:41:32 | 000,000,000 | ---D | M] [2009.02.13 14:16:48 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\mozilla\Extensions [2010.08.23 16:05:53 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\mozilla\Firefox\Profiles\r6l0j3si.Daniel\extensions [2009.06.26 17:43:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\DanDScott\AppData\Roaming\mozilla\Firefox\Profiles\r6l0j3si.Daniel\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.23 17:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DanDScott\AppData\Roaming\mozilla\Firefox\Profiles\r6l0j3si.Daniel\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.23 17:25:30 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\mozilla\Firefox\Profiles\ue27b1i4.default\extensions [2009.04.08 23:49:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\DanDScott\AppData\Roaming\mozilla\Firefox\Profiles\ue27b1i4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.23 17:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DanDScott\AppData\Roaming\mozilla\Firefox\Profiles\ue27b1i4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.16 19:42:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.14 19:33:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.16 19:42:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.09.21 12:04:02 | 000,718,208 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv415.dll [2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv522.dll [2009.12.02 10:31:53 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.02 10:31:53 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.12.02 10:31:53 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.02 10:31:53 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.02 10:31:53 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BTVLOGEX.DLL () O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Programme\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe () O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) O4 - HKLM..\Run: [LPMailChecker] C:\Programme\Lenovo\LenovoCare\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\DanDScott\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\DanDScott\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\DanDScott\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O32 - AutoRun File - [2008.06.03 00:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{205cd305-aaa1-11de-a819-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{205cd305-aaa1-11de-a819-028037ec0200}\Shell\AutoRun\command - "" = F:\Setup.bat -- File not found O33 - MountPoints2\{205cd306-aaa1-11de-a819-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{205cd306-aaa1-11de-a819-028037ec0200}\Shell\AutoRun\command - "" = G:\INTEL\startspk.exe -- File not found O33 - MountPoints2\{7f39bbd7-aadc-11dd-af7b-0023542fef68}\Shell - "" = AutoRun O33 - MountPoints2\{7f39bbd7-aadc-11dd-af7b-0023542fef68}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008.07.30 00:37:58 | 000,180,224 | -HS- | M] () O33 - MountPoints2\{8bd08aa4-4ac8-11de-a5ee-028037ec0200}\Shell\AutoRun\command - "" = H:\wd_windows_tools\WDSetup.exe -- File not found O33 - MountPoints2\{a488ecd8-aa96-11dd-a1c9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a488ecd8-aa96-11dd-a1c9-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008.07.21 18:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{b46518be-e6ff-11dd-8025-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{b46518be-e6ff-11dd-8025-028037ec0200}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.08.23 18:35:40 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2010.08.23 18:17:03 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.21 16:45:54 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll [2010.08.21 16:45:54 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll [2010.08.21 16:45:51 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2010.08.21 16:45:51 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2010.08.21 16:45:49 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5 [2010.08.21 16:45:24 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll [2010.08.21 16:45:24 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax [2010.08.21 16:45:24 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax [2010.08.21 16:45:24 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax [2010.08.21 16:45:24 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax [2010.08.21 16:45:24 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax [2010.08.21 16:45:24 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax [2010.08.21 16:45:24 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll [2010.08.21 16:45:23 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax [2010.08.21 16:45:23 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax [2010.08.21 16:45:23 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll [2010.08.21 16:45:23 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax [2010.08.16 19:42:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.08.16 19:42:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.08.16 19:42:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.08.11 17:47:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.11 17:47:37 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.11 17:47:37 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.11 17:47:37 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.11 17:47:37 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.11 17:47:37 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.11 17:47:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.11 17:47:37 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.11 17:47:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.11 17:47:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.11 17:47:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.11 17:47:37 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.11 17:47:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.11 17:47:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.11 17:47:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.11 17:47:34 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.11 17:47:29 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.11 17:47:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.11 17:47:03 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.11 17:47:03 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.02 15:06:03 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.07.14 18:25:45 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll [2010.07.14 18:21:46 | 000,112,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\acaptuser32.dll [2010.07.13 19:15:26 | 000,000,000 | ---D | C] -- C:\Windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP [2010.06.23 22:49:00 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.06.23 22:49:00 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.06.23 22:49:00 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.06.23 18:18:54 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.06.23 18:18:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.06.10 14:44:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.10 14:44:36 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.10 14:44:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.05.29 15:35:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2009.04.12 14:44:45 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2009.04.12 14:44:45 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2009.04.12 14:44:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2009.04.12 14:44:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [7 C:\Users\DanDScott\Desktop\*.tmp files -> C:\Users\DanDScott\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.08.25 12:30:54 | 003,670,016 | -HS- | M] () -- C:\Users\DanDScott\NTUSER.DAT [2010.08.25 12:24:00 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2010.08.25 11:39:56 | 000,002,531 | ---- | M] () -- C:\Users\DanDScott\Desktop\HiJackThis.lnk [2010.08.25 11:14:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.25 11:12:55 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.25 11:12:55 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.25 11:12:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.25 11:12:43 | 2109,018,112 | -HS- | M] () -- C:\hiberfil.sys [2010.08.25 11:09:47 | 000,524,288 | -HS- | M] () -- C:\Users\DanDScott\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.25 11:09:47 | 000,065,536 | -HS- | M] () -- C:\Users\DanDScott\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.08.25 11:07:36 | 002,434,413 | -H-- | M] () -- C:\Users\DanDScott\AppData\Local\IconCache.db [2010.08.24 11:40:40 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.24 11:40:39 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.24 11:40:39 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.24 11:40:39 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.24 11:40:39 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.24 01:42:04 | 000,226,304 | ---- | M] () -- C:\Users\DanDScott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.23 18:35:42 | 000,001,712 | ---- | M] () -- C:\Users\DanDScott\Desktop\Defraggler.lnk [2010.08.23 18:17:05 | 000,000,814 | ---- | M] () -- C:\Users\DanDScott\Desktop\CCleaner.lnk [2010.08.21 16:45:25 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2010.08.11 19:33:46 | 000,421,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.11 18:04:04 | 000,000,298 | ---- | M] () -- C:\Windows\win.ini [2010.08.11 12:42:40 | 171,767,250 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.07.17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.07.17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.07.17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.06.26 08:03:22 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.26 08:03:02 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.06.26 08:03:02 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.06.26 08:02:31 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.26 08:02:26 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.06.26 08:02:15 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.06.26 08:02:15 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.06.26 08:02:15 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.06.26 08:02:14 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.06.26 08:02:14 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.06.26 08:02:09 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.26 06:25:02 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.06.26 06:24:51 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.06.26 06:24:17 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.06.26 06:23:53 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.06.21 15:37:03 | 002,037,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.06.19 18:53:49 | 000,000,223 | ---- | M] () -- C:\Users\DanDScott\Documents\std.out [2010.06.18 19:31:29 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.06.10 15:58:11 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini [2010.06.08 19:35:04 | 003,548,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.06.08 19:35:03 | 003,600,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.06.02 11:52:48 | 000,004,096 | -H-- | M] () -- C:\Users\DanDScott\AppData\Local\keyfile3.drm [2010.05.27 22:08:17 | 000,081,920 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [7 C:\Users\DanDScott\Desktop\*.tmp files -> C:\Users\DanDScott\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.23 18:35:42 | 000,001,712 | ---- | C] () -- C:\Users\DanDScott\Desktop\Defraggler.lnk [2010.08.23 18:17:05 | 000,000,814 | ---- | C] () -- C:\Users\DanDScott\Desktop\CCleaner.lnk [2010.08.21 16:45:51 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.08.21 16:45:25 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2010.08.21 16:45:24 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax [2010.08.21 16:45:24 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax [2010.08.21 16:45:24 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax [2010.08.21 16:45:23 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax [2010.08.21 16:45:23 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax [2010.08.21 16:45:23 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax [2010.08.21 16:45:23 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax [2010.08.21 16:45:23 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax [2010.08.05 20:48:07 | 2109,018,112 | -HS- | C] () -- C:\hiberfil.sys [2010.08.02 15:06:04 | 000,002,531 | ---- | C] () -- C:\Users\DanDScott\Desktop\HiJackThis.lnk [2010.02.24 20:44:40 | 000,004,096 | -H-- | C] () -- C:\Users\DanDScott\AppData\Local\keyfile3.drm [2009.10.01 20:25:16 | 000,295,458 | ---- | C] () -- C:\Users\DanDScott\AppData\Local\ffmnff_nav.dat [2009.10.01 20:25:16 | 000,003,462 | ---- | C] () -- C:\Users\DanDScott\AppData\Local\ffmnff.dat [2009.10.01 20:25:16 | 000,001,689 | ---- | C] () -- C:\Users\DanDScott\AppData\Local\ffmnff_navps.dat [2009.09.27 20:02:26 | 000,000,093 | ---- | C] () -- C:\Users\DanDScott\AppData\Local\bocjwce.bat [2009.09.26 15:14:45 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.08.10 16:40:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.16 14:33:27 | 000,000,000 | ---- | C] () -- C:\Users\DanDScott\AppData\Local\rx_image32.Cache [2009.04.12 14:44:47 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2009.02.17 17:10:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.10 14:54:58 | 000,000,680 | ---- | C] () -- C:\Users\DanDScott\AppData\Local\d3d9caps.dat [2009.01.10 00:57:02 | 000,226,304 | ---- | C] () -- C:\Users\DanDScott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.04 20:03:41 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS [2008.11.04 20:03:24 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AABATT.dll [2008.11.04 19:59:25 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.11.04 19:59:25 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.11.04 19:59:25 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.11.04 19:59:25 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.11.04 19:59:25 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.11.04 19:59:25 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.11.04 19:57:00 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL [2008.11.04 19:57:00 | 000,000,256 | ---- | C] () -- C:\Windows\wininit.ini [2008.11.04 19:45:39 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008.11.04 19:45:39 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2008.11.04 19:41:09 | 000,522,256 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK1.sys [2008.11.04 19:41:09 | 000,299,920 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK0.sys [2008.11.04 19:41:09 | 000,173,584 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK.sys [2008.11.04 19:41:09 | 000,145,424 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK2.sys [2008.11.04 19:41:09 | 000,025,616 | ---- | C] () -- C:\Windows\System32\drivers\USBSTK3.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2009.01.12 21:38:11 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\Ansys [2009.09.26 20:11:14 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\DAEMON Tools Lite [2009.09.21 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\DassaultSystemes [2009.02.17 17:27:41 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\Dev-Cpp [2010.03.04 17:14:20 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\Ericsson [2010.01.24 19:43:09 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\Flatcast [2010.08.11 20:44:01 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\ICQ [2009.01.10 00:56:28 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\InterVideo [2009.02.17 16:59:49 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\IrfanView [2009.01.10 10:28:45 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\Lenovo [2009.01.11 18:32:29 | 000,000,000 | ---D | M] -- C:\Users\DanDScott\AppData\Roaming\PTC [2010.08.25 12:24:00 | 000,000,262 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job [2010.08.25 11:10:00 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras: Code:
ATTFilter OTL Extras logfile created on: 25.08.2010 12:33:16 - Run 1 OTL by OldTimer - Version Folder = C:\Users\DanDScott\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 6,00 Gb Paging File | 3,00 Gb Available in Paging File | 54,00% Paging File free Paging file location(s): c:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,65 Gb Total Space | 70,10 Gb Free Space | 31,63% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Q: | 9,77 Gb Total Space | 3,22 Gb Free Space | 32,94% Space Free | Partition Type: NTFS Drive S: | 1,46 Gb Total Space | 0,68 Gb Free Space | 46,13% Space Free | Partition Type: NTFS Computer Name: DANDSCOTT-PC Current User Name: DanDScott Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{5817E194-061A-4758-8BBB-0AA12939CE85}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{8E511967-950F-458F-807B-49D6E58917B8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{935E9B37-D102-4E0A-843D-F31C32092E4D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{975524DD-2C75-4B6D-A0F6-77B50C46DBB7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{1A279649-51AF-45BA-9377-016A3A697542}C:\program files\proewildfire 3.0\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\nms\nmsd.exe | "TCP Query User{4974271F-5036-4210-B277-5316010FE769}C:\program files\proewildfire 3.0\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\obj\pro_comm_msg.exe | "TCP Query User{57D6E44A-AA11-4B60-86F4-C7E425E9A435}C:\program files\proewildfire 3.0\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\obj\pro_comm_msg.exe | "TCP Query User{5AEE9703-244D-496D-AED0-FC9FE647E2C7}C:\program files\proewildfire 3.0\i486_nt\obj\ptcvconf.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\obj\ptcvconf.exe | "TCP Query User{5EB128E7-C597-47A4-BE4E-D1993DC64031}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{7C5E0699-D0B7-4439-814C-233CA1FC08C4}C:\program files\proewildfire 3.0\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\obj\xtop.exe | "TCP Query User{902EEA52-5E85-457C-A287-EC378FDC6214}C:\program files\ansys inc\v110\aisol\commonfiles\intel\ansyswbu.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v110\aisol\commonfiles\intel\ansyswbu.exe | "TCP Query User{A2AC93FF-3CD5-402C-8796-4A85AF976824}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{A9FCEABB-3885-4F26-A54F-5D33925B7A27}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{C70745A8-4030-4C64-A2FB-2F1B498174F6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{C7F7F9FE-B31E-42BB-A927-F8723DC36898}C:\program files\proewildfire 3.0\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\obj\xtop.exe | "TCP Query User{D54AA20A-3A69-42C2-B8C5-169FE60F199C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{E1007FF7-0A03-4D1A-9FEF-3E0D07206CE1}C:\program files\proewildfire 3.0\bin\proe.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 3.0\bin\proe.exe | "TCP Query User{E5E6CD1F-1A46-4BF9-AC99-CF45AD6DE4A8}C:\program files\ansys inc\shared files\licensing\intel\lmgrd.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\intel\lmgrd.exe | "TCP Query User{EB8F76C6-4D6C-4454-AFEE-F370746E3607}C:\program files\ansys inc\shared files\licensing\intel\ansyslmd.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\shared files\licensing\intel\ansyslmd.exe | "TCP Query User{FC94E83C-24E4-4AC6-BC0C-1AC3660A4D83}C:\program files\ansys inc\v110\commonfiles\tcl\bin\intel\wish.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v110\commonfiles\tcl\bin\intel\wish.exe | "TCP Query User{FF845411-54F0-408C-97DA-8060125B39E0}C:\program files\proewildfire 3.0\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\nms\nmsd.exe | "UDP Query User{0C231A6E-D80B-4038-A95C-4FA5C30ABC56}C:\program files\proewildfire 3.0\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\obj\xtop.exe | "UDP Query User{36603DEE-D776-4948-B26E-121227EAC9F3}C:\program files\proewildfire 3.0\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\nms\nmsd.exe | "UDP Query User{50DD94AC-0F0B-4092-8C19-077EC90E66F0}C:\program files\proewildfire 3.0\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\obj\pro_comm_msg.exe | "UDP Query User{532A3219-9A18-41A3-AB08-78FE7FEF57D6}C:\program files\ansys inc\shared files\licensing\intel\ansyslmd.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\intel\ansyslmd.exe | "UDP Query User{5C3DEA2A-0552-449C-B9CF-5873929EA3F2}C:\program files\proewildfire 3.0\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\obj\xtop.exe | "UDP Query User{699842CE-A4B8-4116-A139-0DFA19D9256C}C:\program files\proewildfire 3.0\bin\proe.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 3.0\bin\proe.exe | "UDP Query User{6FA89658-A94C-4B18-BF3E-9A58F357E80A}C:\program files\ansys inc\v110\commonfiles\tcl\bin\intel\wish.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v110\commonfiles\tcl\bin\intel\wish.exe | "UDP Query User{820B1F5F-523C-4372-ACDC-1E4044A7F02A}C:\program files\proewildfire 3.0\i486_nt\obj\ptcvconf.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\obj\ptcvconf.exe | "UDP Query User{8E354E21-A39B-4239-996C-456D08CE246C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{9E8E379A-241B-4D00-A895-138DD17E650A}C:\program files\ansys inc\shared files\licensing\intel\lmgrd.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\shared files\licensing\intel\lmgrd.exe | "UDP Query User{B33AD8FF-8B6E-413C-99E5-2BEB01B8E7D3}C:\program files\proewildfire 3.0\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\obj\pro_comm_msg.exe | "UDP Query User{B7F240FE-A7CA-4EA3-8242-20B4BDA48711}C:\program files\ansys inc\v110\aisol\commonfiles\intel\ansyswbu.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v110\aisol\commonfiles\intel\ansyswbu.exe | "UDP Query User{C9182712-8794-4448-A3FA-8C3BBB8C7B31}C:\program files\proewildfire 3.0\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 3.0\i486_nt\nms\nmsd.exe | "UDP Query User{DABC7350-9D75-423A-8BBD-B79C29E4C80C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{E05910F1-4774-400D-9155-3CD4E8CDB4BE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{E08C0B2C-6FEC-430A-A82D-2F6982E897F3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{EB507A59-4A89-445C-956B-207C6C53C36A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{055B9AD2-48E1-462E-9992-814123063C46}" = Lenovo_ATK_Package "{05860BD6-2B3C-4B16-A300-964403ACF13C}" = ThinkVantage GPS "{061A431C-86E7-4DB4-92B8-36DE783865CF}" = Integrated Camera "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message "{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar "{127F1FD7-43BB-4428-8B2A-70539F4B6F1F}" = ANSYS Products 11.0 SP1 "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject' "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{1B611B02-BCB6-4D2C-AD7C-F7370B272853}" = ANSYS Remote Solve Manager (RSM) 11.0 "{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21 "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista "{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel(R) PROSet/Wireless WiFi-Software "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition "{5523092E-13AA-4EED-8E18-255860F6D9DC}" = ThinkVantage Status Gadget "{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 "{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care "{64211D43-D195-413C-A7E7-666C10B53E1F}" = Ericsson Wireless Module Core "{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{93699C3E-005E-4294-87CA-F5B7DE2CD687}" = SnagIt 8 "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver "{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8 "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}_933" = Adobe Acrobat 9.3.3 - CPSID_83708 "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager "{DB34E5AF-6DC0-4C21-8A70-EAEA2CECE469}" = Mobile Broadband Connect "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center "{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility "414DA9DB2E84AAFAD2D2715FD9BABFAB2D209FFD" = Windows Driver Package - Lenovo 1.44 (05/14/2008 1.44) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "a-squared Free_is1" = a-squared Free 4.0 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "bocjwce" = Favorit "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Defraggler" = Defraggler "Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista "E01421337C9E830E94F08C6ADCF7E2659CD6B066" = Windows Driver Package - Intel (NETw5v32) net (11/17/2008 "Flatcast_is1" = Flatcast Viewer Plugin "FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7 "GPL Ghostscript 8.64" = GPL Ghostscript 8.64 "HDMI" = Intel(R) Graphics Media Accelerator Driver "IrfanView" = IrfanView (remove only) "IsoBuster_is1" = IsoBuster 2.5.5 "Lenovo Registration" = Lenovo Registration "Lenovo Welcome_is1" = Lenovo Welcome v1.0.24.3 "LENOVO.SMIIF" = Lenovo System Interface Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11) "OnScreenDisplay" = Anzeige am Bildschirm "PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows "Power Management Driver" = ThinkPad Power Management Driver for SL Series "Pro/ENGINEER Release Wildfire 3.0 Datecode M010" = Pro/ENGINEER Release Wildfire 3.0 Datecode M010 "ProInst" = Intel PROSet Wireless "RealPlayer 6.0" = RealPlayer "Recuva" = Recuva (remove only) "SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010) "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "Uninstall_is1" = Uninstall "Unlocker" = Unlocker 1.8.7 "USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement "VLC media player" = VLC media player 0.9.4 "Windows Live Toolbar" = Windows Live Toolbar "WinRAR archiver" = WinRAR archiver ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
