|
ThinkPad plötzlich extrem langsam geworden - Ursachen unbekannt Hallo, ich habe den Lenovo ThinkPad E530 (ca. 8 Monate alt). - Prozessor: Intel (R) Core (TM) i5-3210M CPU @ 2.50GHz 2.50GHz - Arbeitsspeicher: 16 GB - WIN 7 (64bit), Service Pack 1 Der Laptop lief bis vor ein paar Tagen super. WIN Firewall, Spybot und AVG Virenscanner waren immer aktiv. Nachdem ich Back-up machen wollte (externe Festplatte), ist der Laptop auf einmal extrem langsam geworden. Z.B. beim Surfen (Firefox), Emails öffnen (Thunderbird), Dokumente öffnen/schließen, Explorer usw. Es gibt aber auch wieder Phasen wo der PC normal funktioniert. Manchmal stockt der Rechner auch ein bis zwei Sekunden. Habe mir viele Foren durchgelesen und folgendes gemacht: 1. Festplatte gesäubert/bereinigt 2. AVG Virenscanner ersetzt durch Antivirus (kompletten Scan durchgeführt, kein Fund bis auf ein verstecktes Objekt) 3. Spybot kompletter Scan 4. CCleaner (Cleaner und Registry verwendet und alles bereinigt) 5. Alle Festplatten defragmentiert Dennoch ist der Laptop immer noch phasenweise wirklich langsam und stockt. Hat sich also nichts verändert. Woran kann das liegen? Ich wäre für eure Hilfe sehr dankbar, da der PC mein Arbeitsgerät ist. LG, Daniel PS: Hier die Log files: OTL OTL logfile created on: 22.06.2013 22:17:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16618) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,60 Gb Total Physical Memory | 13,27 Gb Available Physical Memory | 85,07% Memory free 31,21 Gb Paging File | 28,73 Gb Available in Paging File | 92,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 235,91 Gb Total Space | 153,83 Gb Free Space | 65,21% Space Free | Partition Type: NTFS Drive E: | 210,81 Gb Total Space | 140,18 Gb Free Space | 66,50% Space Free | Partition Type: NTFS Drive Q: | 17,58 Gb Total Space | 4,82 Gb Free Space | 27,43% Space Free | Partition Type: NTFS Computer Name: DANIEL-THINK | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.22 22:15:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Downloads\OTL.exe PRC - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.12 14:59:15 | 000,155,488 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe PRC - [2012.06.01 20:49:06 | 000,179,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe PRC - [2012.06.01 20:49:00 | 000,290,160 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe PRC - [2012.06.01 20:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2012.06.01 20:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2012.05.15 23:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE PRC - [2012.04.23 15:03:52 | 000,046,816 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe PRC - [2012.04.13 18:06:42 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.03.27 08:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.03.27 08:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2012.03.27 08:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.03.27 08:01:56 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2012.03.07 00:49:18 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.03.07 00:49:16 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.03.07 00:49:08 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.03.07 00:49:04 | 000,163,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2012.01.25 09:44:56 | 000,567,360 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2012.01.17 08:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe PRC - [2011.12.29 12:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011.07.12 09:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2011.01.07 12:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe PRC - [2010.08.31 14:56:16 | 001,028,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.02.10 09:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.01.10 12:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.07.12 14:59:16 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll MOD - [2012.07.12 14:59:16 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll MOD - [2012.07.12 14:59:16 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll MOD - [2012.07.12 14:59:15 | 000,891,392 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll MOD - [2012.07.12 14:59:15 | 000,339,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll MOD - [2012.07.12 14:59:15 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll MOD - [2012.07.12 14:59:15 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll MOD - [2012.07.12 14:59:15 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ServiceManagerStarter.dll MOD - [2012.07.12 14:59:15 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll MOD - [2012.07.12 14:59:15 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll MOD - [2012.07.12 14:59:14 | 002,281,984 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll MOD - [2012.07.12 14:59:14 | 000,446,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\DeviceProfile.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.06.08 17:07:16 | 000,201,376 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:64bit: - [2012.04.11 09:27:06 | 000,047,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2011.12.28 22:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.12 15:20:55 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.26 17:53:36 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.11 15:30:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.08.27 13:32:34 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Daniel\AppData\Local\Temp\7zS5A00\hpslpsvc64.dll -- (HPSLPSVC) SRV - [2012.06.25 08:19:50 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.06.01 20:49:06 | 000,179,568 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM) SRV - [2012.06.01 20:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2012.06.01 20:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2012.05.29 15:27:14 | 000,144,992 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc) SRV - [2012.05.15 23:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc) SRV - [2012.05.15 23:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2012.04.23 15:03:52 | 000,046,816 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe -- (Intel(R) SRV - [2012.03.27 08:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.03.27 08:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012.03.27 08:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012.03.07 00:49:18 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.03.07 00:49:16 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.03.07 00:49:08 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.03.07 00:49:04 | 000,163,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012.02.26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.02.26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.02.26 05:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.02.26 05:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.01.17 16:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.01.17 08:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService) SRV - [2012.01.09 12:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.12.29 12:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2011.07.12 09:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011.07.12 09:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.07.12 09:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.01.07 12:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService) SRV - [2010.08.31 14:56:16 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.10 09:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008.01.10 12:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.10 12:02:21 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013.03.06 16:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 16:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.02 16:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.11.01 22:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012.08.30 21:14:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.15 15:52:37 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.23 22:48:02 | 000,148,328 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2012.06.25 08:19:38 | 014,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.06.21 04:46:46 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.06.19 21:32:20 | 000,431,928 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.06.19 21:32:20 | 000,027,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel) DRV:64bit: - [2012.06.14 17:25:26 | 001,608,352 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2012.05.15 23:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2012.04.13 18:06:42 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.04.13 18:06:42 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.04.13 18:06:42 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.04.11 09:27:04 | 000,042,280 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2012.03.28 13:16:48 | 000,216,704 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2012.03.21 11:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012.02.20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.02.13 09:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012.02.13 08:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2012.01.09 12:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.01.09 12:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.12.28 22:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2011.12.26 11:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011.12.23 14:37:12 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.12.20 17:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.12.20 17:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.12.08 23:06:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.12.08 23:06:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.12.07 18:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd) DRV:64bit: - [2011.11.10 11:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.27 04:27:52 | 000,259,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2011.08.23 14:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.29 12:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.03.26 16:07:06 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.ftp: "46.20.119.251" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "46.20.119.251" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "46.20.119.251" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "46.20.119.251" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 23:21:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.16 23:21:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.16 14:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2013.06.22 21:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\a5h4ukrt.default\extensions [2013.05.29 11:42:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\a5h4ukrt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.02.10 10:55:07 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\a5h4ukrt.default\extensions\stealthyextension@gmail.com.xpi [2013.06.22 21:53:44 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\a5h4ukrt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.03.23 19:56:30 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\a5h4ukrt.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013.05.08 23:20:46 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\a5h4ukrt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.26 17:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.05.26 17:53:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2012.10.04 18:00:33 | 000,444,411 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15262 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe (Intel Corporation) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FEEB0D7-0DEA-4DF0-8037-2793A895C2E9}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F798EB68-4EAA-4C4B-9EA3-441D270B44AB}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk Q:\ O33 - MountPoints2\{115083b4-e68d-11e1-8f3e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{115083b4-e68d-11e1-8f3e-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011.12.15 05:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{2d87b759-0e2a-11e2-984b-685d43f55b03}\Shell - "" = AutoRun O33 - MountPoints2\{2d87b759-0e2a-11e2-984b-685d43f55b03}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.21 08:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2013.06.20 11:26:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Avira [2013.06.20 11:24:18 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.20 11:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.06.20 11:22:32 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.06.20 11:22:32 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.06.20 11:22:32 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.06.20 11:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.06.20 11:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.06.20 10:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.06.20 10:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.06.02 10:37:40 | 000,000,000 | ---D | C] -- C:\Output [2013.06.02 10:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 To MP3 Converter [2013.06.02 10:22:59 | 000,000,000 | ---D | C] -- C:\MP4ToMP3Converter [2013.05.26 17:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.22 22:17:41 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.22 22:17:41 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.22 22:14:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.22 22:14:35 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.22 22:14:35 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.22 22:14:35 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.22 22:14:35 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.22 22:11:19 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.06.22 22:09:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.22 22:09:43 | 3975,614,462 | -HS- | M] () -- C:\hiberfil.sys [2013.06.22 22:08:10 | 000,000,020 | ---- | M] () -- C:\Users\Daniel\defogger_reenable [2013.06.22 22:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.22 14:40:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.22 14:40:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.21 15:45:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.06.20 13:05:27 | 000,023,232 | ---- | M] () -- C:\Users\Daniel\Documents\cc_20130620_130518.reg [2013.06.20 11:24:04 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.20 11:22:40 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.20 11:01:59 | 000,112,730 | ---- | M] () -- C:\Users\Daniel\Documents\cc_20130620_110146.reg [2013.06.20 10:58:47 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.22 22:08:06 | 000,000,020 | ---- | C] () -- C:\Users\Daniel\defogger_reenable [2013.06.22 14:40:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.22 14:40:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.20 13:05:23 | 000,023,232 | ---- | C] () -- C:\Users\Daniel\Documents\cc_20130620_130518.reg [2013.06.20 11:22:40 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.20 11:01:53 | 000,112,730 | ---- | C] () -- C:\Users\Daniel\Documents\cc_20130620_110146.reg [2013.06.20 10:58:47 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.10 12:13:40 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2012.10.24 10:05:51 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.10.24 10:03:49 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.10.04 17:53:54 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.10.04 15:37:10 | 000,009,959 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\AbsoluteReminder.xml [2012.10.04 15:36:38 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012.08.15 06:04:00 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.08.15 06:03:58 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.08.15 06:03:56 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.08.15 06:03:55 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.08 11:26:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Audacity [2012.11.23 13:21:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canon [2012.12.27 11:22:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ChessBase [2013.05.08 11:56:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DMCache [2013.03.07 16:21:34 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\elsterformular [2012.10.04 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FileOpen [2012.10.04 15:40:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech [2012.10.04 17:37:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Lenovo [2013.01.07 18:26:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Lingo4u [2012.10.04 15:46:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LSC [2012.10.04 18:34:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Nitro PDF [2013.02.28 23:16:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Notepad++ [2012.10.04 15:48:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PwrMgr [2012.10.16 21:16:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird [2012.10.04 17:29:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Extra: OTL Extras logfile created on: 22.06.2013 22:17:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16618) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,60 Gb Total Physical Memory | 13,27 Gb Available Physical Memory | 85,07% Memory free 31,21 Gb Paging File | 28,73 Gb Available in Paging File | 92,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 235,91 Gb Total Space | 153,83 Gb Free Space | 65,21% Space Free | Partition Type: NTFS Drive E: | 210,81 Gb Total Space | 140,18 Gb Free Space | 66,50% Space Free | Partition Type: NTFS Drive Q: | 17,58 Gb Total Space | 4,82 Gb Free Space | 27,43% Space Free | Partition Type: NTFS Computer Name: Daniel-THINK | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02306830-1C76-4779-AE34-3F8A9C1D0505}" = rport=137 | protocol=17 | dir=out | app=system | "{0991D40D-34B9-4C3D-92C8-B1FEF9CAE18C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{0CDE7048-DAF4-49C7-B09D-3A712B04BD53}" = rport=139 | protocol=6 | dir=out | app=system | "{15D4FD1E-4616-41AB-A768-22F742ABEDA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{264ADCAA-C58C-471A-BDC0-C8CBF391B57C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{26A23069-60A8-4B9D-BDCF-E32A91F3C427}" = rport=138 | protocol=17 | dir=out | app=system | "{5B928FBB-BA1E-4B1E-9209-8C841F3A6958}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{644661F8-6607-4A99-AC92-6B8394057077}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6A62B521-C777-49FC-9CAF-740ECEB721D8}" = lport=138 | protocol=17 | dir=in | app=system | "{9806B4E7-16F2-492D-B455-63467F0957D0}" = rport=445 | protocol=6 | dir=out | app=system | "{A016709D-8AA8-4398-9925-8743B3B3A672}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A5E267DA-08AF-4EF6-B579-11DCF55C3487}" = lport=445 | protocol=6 | dir=in | app=system | "{CBA6D5FD-0476-49A6-B9D5-35A93D5CF435}" = lport=139 | protocol=6 | dir=in | app=system | "{DB5E9C2A-11E5-48BB-A1AC-0D995B39C62B}" = lport=137 | protocol=17 | dir=in | app=system | "{EE3EA639-273B-4B62-A7F9-43A53E76E63D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F45455F-53AD-4A0D-81A6-71B20CD7233E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{19C52551-80B5-46E5-883E-948920D54DA0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{2520E4D8-4A11-496F-B903-E3DA75515D2F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2699893C-2152-4C4D-8C65-9C5AD26DA5A1}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{2FA87385-66A4-472C-8F4F-5F0252D464DE}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{51E6E418-F7EC-444D-934E-D280C1D34702}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{59866A63-D26E-477C-ADB8-40A5D5EBA82F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5C01926A-2FB2-4774-AD10-2CBC6762D788}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{605488A9-5A0D-483F-A4D4-70A32D01DA18}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{76A63905-E8B9-4BB8-B71D-F1D629C2388B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7BF85E2A-718C-4C34-BC5B-F5A028E6F462}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9B437A01-9638-431E-9DB6-CA669E3CBEFC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9D326026-0562-4B50-9BFC-D3D4A1E4340F}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | "{AA03BE3C-34B3-4778-8B8F-821B1CAB2835}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B0AFD8DB-7A88-4728-8272-2017007CA685}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B96AAD79-0558-4408-8DBC-36FC95E643F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BCE91EA4-787B-4641-8C56-55BBAFA32EDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C0E5F8F2-4C13-42F1-9EBB-A50AD76F86D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C74921D5-D691-42D9-9B5E-571CB3D6C435}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{CDB3FC8C-6043-4014-AC0E-5A23A0B51C58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D45F0B2F-DC2C-4535-A2B2-5DC91CE1A70F}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{D95E727F-95DF-401B-A2ED-2B0C9FC3E1AA}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{D98F169F-37D8-41B5-B2B7-102470C9BDD1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E3788A55-D85B-4C24-AF25-95E2F6E48C11}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F546E7CE-9C0A-4A20-A183-40BC1CFF8544}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FEC56BB1-6ECC-40B9-985A-D5C9B5CB2D7C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "TCP Query User{14744E25-2223-4487-9E83-04C79CE3C305}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "TCP Query User{5BBA2407-644C-47DE-98D9-896143F7FC2E}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe | "TCP Query User{AFE712F0-2B48-45C2-A519-D86A696EB3DD}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe | "UDP Query User{4CF2FBBE-D96F-498C-9C2E-5B3F06E7D816}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | "UDP Query User{5E94E9E3-EF8E-461C-8115-ECDD1AAF1215}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe | "UDP Query User{C4B1AA08-CC3C-4A2B-A212-DE29C3B7E887}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intel\intelappstore\bin\ismagent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series" = Canon MG6200 series MP Drivers "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot Shield "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center "{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BF601122-9F0A-41A9-BA06-3158D9FB4B80}" = Lenovo SimpleTap "{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}" = Lenovo Solution Center "{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi-Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "64A62163FE43328D13305746CB8BCC93F2DF6545" = Windows-Treiberpaket - Intel (iaStor) hdc (11/29/2011 11.0.0.1032) "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "Defraggler" = Defraggler "FD2ED46D31CE7DF190049D079E92DE03D347A634" = Windows-Treiberpaket - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21) "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center "OnScreenDisplay" = Anzeige am Bildschirm "Power Management Driver" = Lenovo Power Management Driver "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = ThinkPad UltraNav Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25 "{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 "{5B5DEF99-85E9-423D-A1A3-B83202697B09}" = Lenovo Solutions for Small Business Customizations "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{608E1B9B-A2E8-4A1F-8BAB-874EB0DD25E3}" = Intel(R) Update Manager "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A6D86CD-B004-46b7-8951-7BB75A776F8C}" = Lenovo Solutions for Small Business "{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5 "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent "{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.18 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager "{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe "{DF1EB918-CCDB-495D-9E5B-973F38BF33DA}" = Schriften von Ellen G. White "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EDF3EEF2-F0B9-440B-B8B9-A61F2DA8C78A}" = fortePivot "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information "{FF162784-CFFE-4193-AE24-7FC476812ABE}" = OneKey Recovery Pro "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 2.0.2 "Avira AntiVir Desktop" = Avira Free Antivirus "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "ElsterFormular" = ElsterFormular "ENTERPRISE" = Microsoft Office Enterprise 2007 "Fastboot" = RapidBoot HDD Accelerator "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "Intel AppUp(SM) center 33057" = Intel AppUp(SM) center "LingoDict_is1" = LingoDict 2.1.1 "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 5.0" = Canon MP Navigator EX 5.0 "MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0.4 "Root_Deploy_0" = Root CA sta-net "SopCast" = SopCast 3.5.0 "SugarSync" = SugarSync Manager "VLC media player" = VLC media player 2.0.3 "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.06.2013 06:34:37 | Computer Name = Daniel-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 21.06.2013 06:34:37 | Computer Name = Daniel-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8814 Error - 21.06.2013 06:34:37 | Computer Name = Daniel-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8814 Error - 22.06.2013 02:48:28 | Computer Name = Daniel-THINK | Source = WinMgmt | ID = 10 Description = Error - 22.06.2013 07:22:46 | Computer Name = Daniel-THINK | Source = WinMgmt | ID = 10 Description = Error - 22.06.2013 14:25:52 | Computer Name = Daniel-THINK | Source = WinMgmt | ID = 10 Description = Error - 22.06.2013 14:46:57 | Computer Name = Daniel-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 22.06.2013 14:46:57 | Computer Name = Daniel-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15709 Error - 22.06.2013 14:46:57 | Computer Name = Daniel-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15709 Error - 22.06.2013 16:10:17 | Computer Name = Daniel-THINK | Source = WinMgmt | ID = 10 Description = [ Lenovo-Lenovo Patch Utility/Admin Events ] Error - 27.05.2013 03:57:56 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = no manifest found on server in auto mode return code:17 Error - 28.05.2013 02:07:48 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. Error - 28.05.2013 02:07:57 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 1 Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpuupdates/x64//BATTERY.MANIFEST.XML". Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. Error - 28.05.2013 02:07:57 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = manifest file was not found on server Error - 28.05.2013 02:07:57 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = no manifest found on server in auto mode return code:17 Error - 28.05.2013 11:57:51 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. Error - 28.05.2013 11:57:57 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 1 Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpuupdates/x64//BATTERY.MANIFEST.XML". Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. Error - 28.05.2013 11:57:57 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = manifest file was not found on server Error - 28.05.2013 11:57:57 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = no manifest found on server in auto mode return code:17 Error - 30.05.2013 03:00:26 | Computer Name = Daniel-THINK | Source = Lenovo Patch Utility | ID = 2 Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. [ System Events ] Error - 22.06.2013 02:50:40 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 22.06.2013 07:22:42 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde mit folgendem Fehler beendet: %%-2147196306 Error - 22.06.2013 07:22:47 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht. Error - 22.06.2013 07:24:57 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 22.06.2013 07:24:57 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 22.06.2013 08:39:43 | Computer Name = Daniel-THINK | Source = DCOM | ID = 10010 Description = Error - 22.06.2013 14:28:11 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 22.06.2013 14:28:11 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 22.06.2013 16:12:39 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 22.06.2013 16:12:39 | Computer Name = Daniel-THINK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > Gmer: GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-23 10:32:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.MC10 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\kwloapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2124] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 000000006e951b41 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2124] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 000000006e951be8 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2124] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 000000006e951c20 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2124] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 000000006e951cd2 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2124] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 000000006e951cf2 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000746411a8 2 bytes [64, 74] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000746413a8 2 bytes [64, 74] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000074641422 2 bytes [64, 74] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000074641498 2 bytes [64, 74] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 000000006e951b41 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 000000006e951be8 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 000000006e951c20 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 000000006e951cd2 2 bytes [95, 6E] .text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[2032] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 000000006e951cf2 2 bytes [95, 6E] .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2476] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[2476] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[3716] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[3716] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a41465 2 bytes [A4, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a414bb 2 bytes [A4, 76] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43f55b03 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43f55b03 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
Hi, Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
|
Hey, danke für die Antwort! Hier die Daten, die du brauchst... LG, Daniel FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2013 |
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
|
Hallo , hier die Infos von Combo Fix... LG, Daniel Code: ComboFix 13-06-22.01 - Daniel 24.06.2013 8:56.1.4 - x64 |
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte. |
Danke für die Unterstützung bis hierher... Hier die Daten: Code: # AdwCleaner v2.303 - Datei am 24/06/2013 um 12:28:03 erstelltCode: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013 |
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log. Noch Probleme? |
Hallo, der Laptop läuft im Großen und Ganzen leider immer noch langsam... Es gibt aber auch kurze Phasen wo er normal läuft?! Hier die Daten: Code: ESETSmartInstaller@High as downloader log:Code: UNSUPPORTED OPERATING SYSTEM! ABORTED!FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013 |
Definier mal wann er langsam ist. |
Hey, immer dann wenn ich z.B. ein Fenster öffne/schließe (Explorer, vor allem Firefox, Thunderbird), Ordner öffne und manchmal auch wenn ich etwas schreibe... Also dann wenn der Rechner arbeiten muss. LG, Daniel |
Öffne mal den Taskmanager, was zu sehen was in den Momenten ausschlägt? Wenn nicht, antivirenprogramm deinstallieren, nochmal testen. |
Hallo, der Taskmanager (Prozesse aller Benutzer) sagt folgendes: - firefox.exe *32, (Benutzer), ca. 300.000 K - svhost.exe, (System), zu 180.000 K (manchmal kommt svhost.exe auch 2mal vor, dann liegt das zweite aber deutlich niedriger bei ca. 30.000 K), Hostprozesse - TeaTimer.exe *32 (Benutzer), ca. 67.000 K, System settings protector Wenn ich den Virenscanner deinistalliere und dann mir den Task Manager anschaue, sieht es genau so aus und es stockt dann immer noch beim Öffnen/Schließen usw. LG, Daniel |
Zitat:
|
Hey, ja genau meinte svchost.exe! Sind die Prozesse (und deren Leistung) okay? Wenn ja, was könnte man sonst noch machen? |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 11:55 Uhr. |
Copyright ©2000-2025, Trojaner-Board
