| |
| |||||||
Log-Analyse und Auswertung: Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.12.2011, 17:53
| #1 |
 |  Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Hallo, mein Name ist Bastian. Mir ist vor kurzem (Ca. 2 Wochen) das gleiche passiert, wie auch schon Giesi, Stezi und einigen anderen hier im Forum. Ich war mit FireFox (Version 8.0.1) im Internet und auf einmal passierte es: Es öffnete sich ein Fenster über den ganzen Bildschirm, dass mein Windowssystem aus Sicherheitsgründen blockiert worden sei. Den genauen Wortlaut habe ich nicht mehr im Kopf, sorry. Ich habe da nicht direkt reagiert, das komische war nur, dass meine Benutzeroberfläche verschwunden war und ich den Taskmanager nicht mehr öffnen konnte. Unter zur Hilfenahme von Google und den dort gefundenen Suchergebnissen konnte ich den Taskmanager in der Registry wieder einschalten. Als Antivirenprogramm habe ich von Avira die "Premium Security Suite". Den habe ich schon durchlaufen lassen und es gab folgenden Report: Code:
ATTFilter
Premium Security Suite
Erstellungsdatum der Reportdatei: Freitag, 16. Dezember 2011 14:51
Es wird nach 3567211 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Axel ****
Seriennummer : 2212677838-ISECE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : BASTIAN-W500
Versionsinformationen:
BUILD.DAT : 10.2.0.672 43195 Bytes 28.09.2011 13:10:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 09.07.2011 13:58:47
AVSCAN.DLL : 10.0.5.0 57192 Bytes 09.07.2011 13:58:47
LUKE.DLL : 10.3.0.5 45416 Bytes 09.07.2011 13:58:48
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 09.07.2011 13:58:49
AVREG.DLL : 10.3.0.9 88833 Bytes 29.07.2011 05:17:04
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 16:13:22
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 16:13:22
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 06:15:33
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 10:55:54
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 13:58:45
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 21:04:38
VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 07:25:20
VBASE008.VDF : 7.11.18.32 2132992 Bytes 24.11.2011 14:58:40
VBASE009.VDF : 7.11.18.33 2048 Bytes 24.11.2011 14:58:41
VBASE010.VDF : 7.11.18.34 2048 Bytes 24.11.2011 14:58:41
VBASE011.VDF : 7.11.18.35 2048 Bytes 24.11.2011 14:58:41
VBASE012.VDF : 7.11.18.36 2048 Bytes 24.11.2011 14:58:41
VBASE013.VDF : 7.11.18.89 204800 Bytes 28.11.2011 19:39:25
VBASE014.VDF : 7.11.18.145 143872 Bytes 01.12.2011 19:38:48
VBASE015.VDF : 7.11.18.180 173056 Bytes 02.12.2011 19:38:49
VBASE016.VDF : 7.11.18.208 164864 Bytes 05.12.2011 20:28:17
VBASE017.VDF : 7.11.18.239 177152 Bytes 06.12.2011 19:38:47
VBASE018.VDF : 7.11.19.36 171520 Bytes 09.12.2011 20:24:45
VBASE019.VDF : 7.11.19.77 144896 Bytes 13.12.2011 23:39:19
VBASE020.VDF : 7.11.19.78 2048 Bytes 13.12.2011 23:39:19
VBASE021.VDF : 7.11.19.79 2048 Bytes 13.12.2011 23:39:19
VBASE022.VDF : 7.11.19.80 2048 Bytes 13.12.2011 23:39:19
VBASE023.VDF : 7.11.19.81 2048 Bytes 13.12.2011 23:39:20
VBASE024.VDF : 7.11.19.82 2048 Bytes 13.12.2011 23:39:20
VBASE025.VDF : 7.11.19.83 2048 Bytes 13.12.2011 23:39:20
VBASE026.VDF : 7.11.19.84 2048 Bytes 13.12.2011 23:39:20
VBASE027.VDF : 7.11.19.85 2048 Bytes 13.12.2011 23:39:20
VBASE028.VDF : 7.11.19.86 2048 Bytes 13.12.2011 23:39:20
VBASE029.VDF : 7.11.19.87 2048 Bytes 13.12.2011 23:39:20
VBASE030.VDF : 7.11.19.88 2048 Bytes 13.12.2011 23:39:20
VBASE031.VDF : 7.11.19.98 81920 Bytes 13.12.2011 23:39:21
Engineversion : 8.2.8.2
AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 13:57:47
AESCRIPT.DLL : 8.1.3.90 491899 Bytes 11.12.2011 20:25:08
AESCN.DLL : 8.1.7.2 127349 Bytes 01.03.2011 16:13:23
AESBX.DLL : 8.2.4.5 434549 Bytes 03.12.2011 19:39:08
AERDL.DLL : 8.1.9.15 639348 Bytes 12.09.2011 14:59:53
AEPACK.DLL : 8.2.15.1 770423 Bytes 13.12.2011 23:39:24
AEOFFICE.DLL : 8.1.2.23 201083 Bytes 13.12.2011 23:39:22
AEHEUR.DLL : 8.1.3.6 3895670 Bytes 11.12.2011 20:25:04
AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 13:57:33
AEGEN.DLL : 8.1.5.17 405877 Bytes 11.12.2011 20:24:49
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.03.2011 16:13:23
AECORE.DLL : 8.1.24.0 196983 Bytes 25.10.2011 13:57:31
AEBB.DLL : 8.1.1.0 53618 Bytes 01.03.2011 16:13:23
AVWINLL.DLL : 10.0.0.0 19304 Bytes 13.12.2010 07:39:20
AVPREF.DLL : 10.0.3.2 44904 Bytes 09.07.2011 13:58:47
AVREP.DLL : 10.0.0.10 174120 Bytes 27.05.2011 06:15:33
AVARKT.DLL : 10.0.26.1 255336 Bytes 09.07.2011 13:58:46
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 09.07.2011 13:58:46
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 13.12.2010 07:39:20
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.33 2901352 Bytes 09.07.2011 13:58:45
RCTEXT.DLL : 10.0.63.0 98664 Bytes 09.07.2011 13:58:45
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f1d5958\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Freitag, 16. Dezember 2011 14:51
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'mscorsvw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BluetoothHeadsetProxy.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BcmSqlStartupSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPTLBXFX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'reader_sl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobileConnect.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SvcGuiHlpr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MCPLaunch.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLG.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpScrex.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'tpfnf6r.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPOSDSVC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcDeskBandHlpr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mini_WMCore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MPSERV.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPLaserJetService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcPrfMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKSVC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Bastian\AppData\Local\Temp\0.44916411262764844.exe'
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD
C:\Users\Bastian\AppData\Local\Temp\0.44916411262764844.exe
[FUND] Ist das Trojanische Pferd TR/Obfuscate.QG.87
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4970e0ec.qua' verschoben!
Ende des Suchlaufs: Freitag, 16. Dezember 2011 14:51
Benötigte Zeit: 00:07 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
43 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
42 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8385
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
18.12.2011 01:06:06
mbam-log-2011-12-18 (01-06-06).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|M:\|Q:\|)
Durchsuchte Objekte: 428144
Laufzeit: 58 Minute(n), 53 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{DA919340-65ED-1E11-7692-47ADA195D5E5} (Trojan.ZbotR.Gen) -> Value: {DA919340-65ED-1E11-7692-47ADA195D5E5} -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Bastian\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\0.11758478501636294.exe.lnk (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\Users\Bastian\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\0.44916411262764844.exe.lnk (Backdoor.Agent) -> Quarantined and deleted successfully.
Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 18.12.2011 17:09:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bastian\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 26,61% Memory free
7,80 Gb Paging File | 4,42 Gb Available in Paging File | 56,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 175,66 Gb Total Space | 65,40 Gb Free Space | 37,23% Space Free | Partition Type: NTFS
Drive E: | 465,65 Gb Total Space | 189,44 Gb Free Space | 40,68% Space Free | Partition Type: FAT32
Drive M: | 111,49 Gb Total Space | 29,78 Gb Free Space | 26,71% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 1,83 Gb Free Space | 18,77% Space Free | Partition Type: NTFS
Computer Name: BASTIAN-W500 | User Name: Bastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
"{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{5783F2D7-9001-0407-0102-0060B0CE6BBA}" = AutoCAD 2011 - Deutsch
"{5783F2D7-9001-0407-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Deutsch
"{5B67ABCE-A18A-4334-B728-A15665CB173E}" = Mobile Broadband drivers
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager und Intel® Turbo Memory
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{B1BD0923-7351-EBCE-B478-33B2DCE45AC2}" = ATI Catalyst Install Manager
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F7E3FCA4-30BC-11DD-1510-90DA60EC0410}" = ccc-utility64
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"0481B164C8D1D26C560D6A5E717C5920D4362D60" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (01/14/2010 8.6.0.13)
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55)
"1FBDB507F002A372EB195A0ACF6E2A2F9D34689E" = Windows-Treiberpaket - Ricoh Company (rismxdp) hdc (09/03/2009 6.10.01.05)
"5F72B7FA1792CB768F6A46E18A9DAD0E1FE1C863" = Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc (09/03/2009 6.10.01.05)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"ATI Uninstaller" = ATI Uninstaller
"AutoCAD 2011 - Deutsch" = AutoCAD 2011 - Deutsch
"AutoCAD 2011 - Deutsch Version 2.1" = AutoCAD 2011 - Deutsch Version 2.1
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"D50474ACAF488895A3CE5D30373288EA6AD46EAA" = Windows-Treiberpaket - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05)
"E59560E2F5B162D40255FCD327ACA5E989D995D2" = Windows-Treiberpaket - Ricoh (5U875UVC) Image (07/08/2009 1.27.500.0)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"HECI" = Intel(R) Management Engine Interface
"LENOVO.SMIIF" = Lenovo System Interface Driver
"MESOL" = Intel® Active-Management-Technologie
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C6F231-1B18-C448-323A-56D1A0DB9C46}" = Catalyst Control Center Graphics Full New
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{17FB7811-87DD-53C4-3A56-7F7F37DCD802}" = Catalyst Control Center Graphics Previews Vista
"{192359F3-D455-0C89-3161-766008BD6D10}" = CCC Help French
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{446B2807-CF65-6D50-2BC8-141E235CD1CD}" = ccc-core-static
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{73ED3EA3-F96F-D098-7EE4-146FBD30113E}" = PX Profile Update
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C6DD158-A31F-5F0B-82A0-C28258CBB31F}" = CCC Help Japanese
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{82EB6CEA-749A-410F-8AD2-372A286BA3BE}" = Integrated Camera Driver Installer Package Ver.1.27.500.0
"{872D8B75-1B00-E5AD-22DD-DA74CA237C7C}" = CCC Help Chinese Standard
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C7750D1-ADE6-4DAD-A54E-871EB2ABFE98}" = ThinkVantage GPS
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{45854A38-F4B0-4434-BB40-A8ED6FDDEEC9}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00D1-0407-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (German)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91B7B957-0F45-4BDC-85BA-08F80D49B9BC}" = Mobile Broadband Connect
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A34D0CB7-38BC-2C6D-270E-84BF07DB7CCB}" = Catalyst Control Center Graphics Light
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B99D0112-5508-59BD-B80E-4049E907845C}" = CCC Help Chinese Traditional
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C9C16E4B-4FDD-4A31-8B8F-EC402082407A}" = HPLaserJetHelp_LearnCenter
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB5B4945-AA4C-5A32-D6EC-0365F6DC0C41}" = Catalyst Control Center Core Implementation
"{CB87D276-2F4A-453A-A2D8-D597927C59A0}" = Tabellenbuch Metall digital 6.0
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D00A26B4-CFAD-373C-8A62-4408AA382451}" = CCC Help Dutch
"{D4001570-E33E-5B45-7BB6-B0AD9E08788C}" = CCC Help German
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{D984A74E-DFB9-B6A2-C863-732A551F8FB2}" = Catalyst Control Center Localization All
"{DAA3DC12-2A82-0866-B3E1-8BCFF6EC5715}" = CCC Help Korean
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1EA855E-9187-4AFB-E7A9-FE655B48386B}" = CCC Help English
"{E276D6EE-9FB5-8456-633A-603893C8F539}" = CCC Help Portuguese
"{E2773E0C-BD2A-D110-F209-0C3E1118009E}" = CCC Help Spanish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1B03D1F-29B4-86D7-DCF5-8C2DCE13B05E}" = CCC Help Italian
"{F65525AB-4B63-AC34-BE4A-08CA24FC1414}" = Catalyst Control Center Graphics Full Existing
"{F67714D1-6842-EACA-C159-D25B947FA380}" = Catalyst Control Center InstallProxy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F932659E-6B83-1BF6-C10D-5F722F33C175}" = CCC Help Swedish
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Avira AntiVir Desktop" = Avira Premium Security Suite
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 2.60
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MegaCAD 3D 2011" = MegaCAD 3D 2011
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Miranda IM" = Miranda IM 0.9.23
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"PROHYBRIDR" = 2007 Microsoft Office system
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Turnbeutelvergesser" = Turnbeutelvergesser 6.00
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD
2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD
2011\acdbmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD
2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD
2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD
2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD
2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD
2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD
2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD
2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD
2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 17.12.2011 12:00:18 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 43029
Description = Display is not active
Error - 17.12.2011 12:00:20 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 17.12.2011 12:00:20 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 43029
Description = Display is not active
Error - 17.12.2011 12:00:20 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 43029
Description = Display is not active
Error - 17.12.2011 20:06:39 | Computer Name = Bastian-W500 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 17.12.2011 20:14:42 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 17.12.2011 20:14:42 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 43029
Description = Display is not active
Error - 18.12.2011 07:26:07 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 43029
Description = Display is not active
Error - 18.12.2011 07:37:58 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 18.12.2011 07:37:58 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 43029
Description = Display is not active
< End of report >
Code:
ATTFilter OTL logfile created on: 18.12.2011 17:09:26 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bastian\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 26,61% Memory free 7,80 Gb Paging File | 4,42 Gb Available in Paging File | 56,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 175,66 Gb Total Space | 65,40 Gb Free Space | 37,23% Space Free | Partition Type: NTFS Drive E: | 465,65 Gb Total Space | 189,44 Gb Free Space | 40,68% Space Free | Partition Type: FAT32 Drive M: | 111,49 Gb Total Space | 29,78 Gb Free Space | 26,71% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 1,83 Gb Free Space | 18,77% Space Free | Partition Type: NTFS Computer Name: BASTIAN-W500 | User Name: Bastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Bastian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) PRC - C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\Rescue and Recovery\rnr_gui.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Lenovo\Rescue and Recovery\rnr_simple.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Rescue and Recovery\br_funcs.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe () PRC - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe () PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Megatech\MProtect\MPServ.exe () PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\4f17701af9670df8a08f7c824c419166\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\a90c7ebd4a3635353ce9034ba4fa7928\Extensibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e4fa07688c640cc9b6bdeabe029c74c0\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\b2794d89b6e5b5fb0aa707004f09e2ae\Iris.Mapi.MessageStore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\bd971f2e883563b3497b259edcec6098\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\a144a5f76446196e6062cd66c8b3cad4\BusinessLayer.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\b7bd9b301dddfbb50ca13583c007636e\Microsoft.Office.Interop.Outlook.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\1b4ee5f72049eb671c422b5c83896117\Microsoft.Interop.Mapi.Impl.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\bad645e10037a53cb4a78932b6f39005\Microsoft.Interop.Mapi.PropTags.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\46c3901569bd3f591de7f07f9605bfec\BCMRes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\office\7b1c0fa0c8f737a36a504cea6ab9b2fb\office.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\81bb2b9c79f79095455c1594c10adfaf\Microsoft.Interop.eCRM.Ole.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\17b4308b0e6d35c1230135ed25fffbfe\stdole.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\0ab3f1e3838ae7cecbc5258398a4d296\Microsoft.Interop.Mapi.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\1e8700cbe08335775d2270c1af3d1acd\BCMCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\680689b01ddb7fbe11478caf8cb71d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dd2070ee8e6e28ac8dc658404c50ebde\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll () MOD - C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll () MOD - C:\Windows\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll () MOD - C:\Program Files (x86)\Common Files\Lenovo\CDRecord.dll () MOD - C:\Program Files (x86)\Lenovo\Rescue and Recovery\CDRecord.dll () MOD - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\PROGRA~2\MICROS~4\Office12\ADDINS\COLLEA~1.DLL () MOD - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\de-DE\BCMRes.resources.dll () MOD - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\de-DE\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.resources.dll () MOD - C:\PROGRA~2\MICROS~4\Office12\ADDINS\UMOUTL~1.DLL () ========== Win32 Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.) SRV:64bit: - (dtsvc) -- C:\Windows\SysNative\DTS.exe () SRV:64bit: - (ADMonitor) -- C:\Windows\SysNative\ADMonitor.exe () SRV:64bit: - (ATService) -- C:\Windows\SysNative\ATService.exe (AuthenTec, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (SUService) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (WMCoreService) -- C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe () SRV - (RoxMediaDB10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (Megatech-Software-Protection) -- C:\Megatech\MProtect\MPServ.exe () SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH) DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS () DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (e36wgps) -- C:\Windows\SysNative\drivers\e36wgps64.sys (Ericsson AB) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (5U875UVC) -- C:\Windows\SysNative\drivers\5U875.sys (Ricoh co.,Ltd.) DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV:64bit: - (iaNvStor) Intel(R) -- C:\Windows\SysNative\drivers\iaNvStor.sys (Intel Corporation) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (e36gmgmt) F3607gw Mobile Broadband Device Management Drivers (Win7) -- C:\Windows\SysNative\drivers\e36gmgmt.sys (MCCI Corporation) DRV:64bit: - (e36gmdm) F3607gw Mobile Broadband Data Modem Driver (Win7) -- C:\Windows\SysNative\drivers\e36gmdm.sys (MCCI Corporation) DRV:64bit: - (e36gbus) F3607gw Mobile Broadband Device driver (Win7) -- C:\Windows\SysNative\drivers\e36gbus.sys (MCCI Corporation) DRV:64bit: - (e36gmdfl) F3607gw Mobile Broadband Data Modem Filter (Win7) -- C:\Windows\SysNative\drivers\e36gmdfl.sys (MCCI Corporation) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Lenovo) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation) DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\SysNative\drivers\AF15BDA.sys (AfaTech ) DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant) DRV - (avfwot) -- C:\Windows\SysWOW64\drivers\avfwot.sys (Avira GmbH) DRV - (PCDSRVC{127174DC-C366ED8B-06020200}_0) -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp:// IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.26 00:10:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.30 11:12:35 | 000,000,000 | ---D | M] [2011.06.10 07:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Extensions [2011.06.10 07:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.11.26 00:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\4u1ipfn5.default\extensions [2011.05.26 22:20:11 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\4u1ipfn5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.11.26 00:10:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\4u1ipfn5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.26 00:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.26 00:10:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.25 22:19:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.26 00:10:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe () O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec) O4:64bit: - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IaNvSrv] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.22.1.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E99ED48-3FEE-4731-A0FD-005AF0202FD7}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36D9559D-9053-491A-87A3-4C2C61109938}: DhcpNameServer = 172.22.1.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2BC3353-8F8C-4A0C-82FF-403037C0D436}: NameServer = 139.7.30.125 139.7.30.126 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.09 22:35:37 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - Unable to obtain root file information for disk E:\ O32 - Unable to obtain root file information for disk Q:\ O33 - MountPoints2\{24349f84-24c0-11e0-ac4d-00216ac241f2}\Shell - "" = AutoRun O33 - MountPoints2\{24349f84-24c0-11e0-ac4d-00216ac241f2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{24349f9a-24c0-11e0-ac4d-00216ac241f2}\Shell - "" = AutoRun O33 - MountPoints2\{24349f9a-24c0-11e0-ac4d-00216ac241f2}\Shell\AutoRun\command - "" = D:\autorun.exe O33 - MountPoints2\{8fb333ea-52f1-11e0-a9be-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{8fb333ea-52f1-11e0-a9be-028037ec0200}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b6a8b3de-b5ce-11df-b208-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b6a8b3de-b5ce-11df-b208-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{f9f6de81-f196-11e0-9573-002713b6dd19}\Shell - "" = AutoRun O33 - MountPoints2\{f9f6de81-f196-11e0-9573-002713b6dd19}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.18 17:05:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bastian\Desktop\OTL.exe [2011.12.18 14:36:51 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.12.18 13:15:27 | 000,000,000 | -H-D | C] -- C:\A [2011.12.17 17:07:35 | 000,000,000 | ---D | C] -- C:\Users\Bastian\AppData\Roaming\Malwarebytes [2011.12.17 17:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.17 17:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.17 17:07:26 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.17 17:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.17 14:51:39 | 000,000,000 | ---D | C] -- C:\83a370baaa6d703eb4bf237a [2011.12.14 17:31:05 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.12.14 17:31:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.14 17:31:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.14 17:31:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.14 17:31:04 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.14 17:31:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.14 17:31:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.14 01:06:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.14 01:00:40 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.14 01:00:39 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.12 23:33:52 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2011.12.12 23:33:40 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2011.12.12 23:33:40 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2011.12.12 23:33:35 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2011.12.12 23:33:35 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2011.12.12 23:33:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2011.12.12 23:33:34 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2011.12.12 23:33:34 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2011.12.12 23:33:33 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2011.12.12 23:33:33 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2011.12.12 23:33:21 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2011.12.12 23:33:21 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2011.12.12 23:33:21 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2011.12.12 23:33:21 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2011.12.12 23:33:21 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2011.12.12 23:33:21 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2011.12.12 23:33:21 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2011.12.12 23:33:21 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2011.12.12 23:33:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2011.12.12 23:33:21 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2011.12.12 23:33:21 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2011.12.12 23:33:21 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2011.12.12 23:33:21 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2011.12.10 00:24:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2011.12.10 00:24:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.12.07 19:07:49 | 000,000,000 | ---D | C] -- C:\Users\Bastian\Desktop\FW-Kirberg_Fahrsicherheitstraining_2011-12-04 [2011.12.01 23:50:57 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.12.01 23:49:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.11.19 12:49:29 | 000,000,000 | ---D | C] -- C:\Users\Bastian\AppData\Local\HP [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.18 17:12:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2011.12.18 17:05:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bastian\Desktop\OTL.exe [2011.12.18 14:51:05 | 000,001,220 | ---- | M] () -- C:\SISTodo [2011.12.18 14:51:05 | 000,000,012 | ---- | M] () -- C:\SISHashTodo [2011.12.18 14:36:51 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.12.18 13:08:04 | 001,619,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.18 13:08:04 | 000,700,836 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.18 13:08:04 | 000,653,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.18 13:08:04 | 000,149,920 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.18 13:08:04 | 000,121,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.18 13:00:03 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2011.12.18 12:55:11 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.18 12:55:11 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.18 12:26:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.18 01:14:18 | 3139,444,736 | -HS- | M] () -- C:\hiberfil.sys [2011.12.16 15:18:18 | 000,531,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.01 23:50:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.11.27 20:37:43 | 631,708,940 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.18 14:51:05 | 000,001,220 | ---- | C] () -- C:\SISTodo [2011.12.18 14:51:05 | 000,000,012 | ---- | C] () -- C:\SISHashTodo [2011.07.09 15:04:06 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2011.06.18 05:51:39 | 000,646,848 | ---- | C] () -- C:\Users\Bastian\AppData\Local\wanancsp.dat [2011.05.26 23:09:33 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\MPDLL.DLL [2011.05.26 23:09:32 | 000,000,075 | ---- | C] () -- C:\Windows\megapfad.ini [2011.03.08 23:19:51 | 000,004,096 | -H-- | C] () -- C:\Users\Bastian\AppData\Local\keyfile3.drm [2011.01.19 21:02:29 | 000,000,017 | ---- | C] () -- C:\Users\Bastian\AppData\Local\resmon.resmoncfg [2010.09.01 15:33:39 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.01 14:56:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.01 14:55:45 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2010.09.01 14:55:45 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2010.09.01 14:55:45 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2010.09.01 14:55:44 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010.09.01 14:55:44 | 000,000,542 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.06.04 14:51:10 | 000,000,542 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 < End of report > |
| Themen zu Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. |
| 64-bit, 7-zip, achtung!, aus sicherheitsgründen wurde ihr windowssystem blockiert, autorun, avira, backdoor.agent, bho, bildschirm, blockiert, c:\windows\system32\rundll32.exe, chdrt64.sys, desktop, device driver, error, excel, fehler, festplatte, firefox, flash player, google, home, igdpmd64.sys, install.exe, internet, lenovo, logfile, microsoft office 2003, microsoft office word, mozilla, nicht gefunden, nicht mehr öffnen, nt.dll, office 2007, plug-in, problem, programm, pwmtr64v.dll, registry, saving, security, server, software, taskmanager, trojan.zbotr.gen, version=1.0, vodafone, webcheck, wurde ihr |
Baum-Darstellung