|
Log-Analyse und Auswertung: Rechner stürzt reglmäßig ab und läuft viel zu langsam; anbei logfileWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.01.2011, 19:06 | #1 |
| Rechner stürzt reglmäßig ab und läuft viel zu langsam; anbei logfile Wie im Titel beschrieben hab ich grad einige Probleme mit meinem Rechner. Über Hilfe wäre ich sehr dankbar, da ich mich selber nicht so richtig gut auskenne. Vielen Dank schon mal im voraus Arne Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:01:35, on 26.01.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe C:\Windows\System32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Windows\system32\igfxtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE C:\Program Files\Digital Line Detect\DLG.exe C:\Users\al\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\al\AppData\Local\Google\Chrome\Application\chrome.exe C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\Users\al\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\al\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [CreateLMBCShortCut] "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\al\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S5C07.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13528 bytes |
26.01.2011, 20:42 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rechner stürzt reglmäßig ab und läuft viel zu langsam; anbei logfile Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
26.01.2011, 23:01 | #3 |
| Rechner stürzt reglmäßig ab und läuft viel zu langsam; anbei logfile anbei die logfiles. Ältere Logfiles von Malwarebytes hab ich auch allerdings immer nur Quick Scan und immer ohne das infizierte Dateien entdeckt wurden.
__________________Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5610 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 26.01.2011 22:45:27 mbam-log-2011-01-26 (22-45-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|) Durchsuchte Objekte: 350883 Laufzeit: 1 Stunde(n), 46 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\pdfforge toolbar\searchsettingsres409.dll (PUP.Dealio) -> Quarantined and deleted successfully. c:\program files\pdfforge toolbar\widgihelper.exe (PUP.Dealio) -> Quarantined and deleted successfully. c:\Users\al\documents\corel draw x5 with keygen\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. und OTL:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.01.2011 22:51:46 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\al\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 29,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 62,00% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,65 Gb Total Space | 33,92 Gb Free Space | 15,30% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 3,63 Gb Free Space | 37,12% Space Free | Partition Type: NTFS Drive S: | 1,46 Gb Total Space | 0,51 Gb Free Space | 34,54% Space Free | Partition Type: NTFS Computer Name: AL-PC | User Name: al | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- C:\Users\al\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{367D69D5-574D-4937-A9AC-C4E633E44781}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{5D78A966-018D-4684-94B1-767861C78FDC}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface | "{6A4886ED-F5DC-482A-89AE-FD8AEFE52CE6}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{6C030E8B-408F-4098-B277-3DF504152A4A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{DD730A83-D7B3-4CE2-9552-FC89269B0F00}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{001EBB61-7D93-4B8B-AE43-E79C3EC66B1F}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | "{03055C9A-7A3F-4A6C-94FC-FE31FC240595}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{158075AF-E6DA-4DE7-89A8-75B6CFFDDA49}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{2A711030-C5C2-4E99-A918-C3C9E030BBA0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{2B91A6E7-2731-48D3-A4D8-A07BB86F9A47}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | "{3E0A3564-E8A9-4D8F-A111-CFE2209D5172}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{415268FA-C105-473F-885E-E88BA7E3BD83}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4EB5CB08-2BA7-4087-AADF-BFD2C1C2E403}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{55F625E1-F212-42A4-90A1-394DFB1B228E}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | "{639D9AE0-235C-4C91-B424-224AC3ABB0D6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{7B5B2793-4DA1-46BA-A329-347B011A7C1C}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "{81328BD2-D1C8-42C3-8F10-7E697802EA96}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{8FA81627-A3AD-41B1-A581-778F471C2DB6}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | "{9322619E-A5FE-479A-B6F8-4BA0F9277EFF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{9747C973-0110-45A2-9226-E0712EAFFC91}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | "{9D0991C3-E071-4F74-B976-FB42E6BF353B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{AB00FFFA-8D91-4EEE-9C48-CB5E134E72DF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B1226355-F468-401F-87ED-954B44B594CC}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{B6863B8A-DA2D-4BEF-A9DC-A2B62C147C3A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{C847F6BE-3E6C-4A7F-B903-1EF4F6FB8CB7}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | "{C8FC8704-3EB9-4E20-A3DC-19DFA81D41AD}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{D5577D59-4029-4F6F-91BC-BBB0EF683D4A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D85A26EA-FB5E-4E15-8158-673F6952534C}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | "{E30DDCF2-BA80-49ED-8135-FABB1EB59839}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{E3FDCF6C-D18E-4DA0-8877-9040331D5183}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{FE739B55-2246-4F97-845C-EB641F46177D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{FEEEC11B-818B-4824-BA6A-24FE39B29C02}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "TCP Query User{1C769DB0-3BAB-4464-9264-0D9FA47516A7}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe | "TCP Query User{24854D71-CE78-4298-8D97-0EC138C70D32}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{2A09B9D1-C88D-4BCF-9B1F-81EBC4EFC43F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{37D52B92-BB19-43CB-9854-F3B636754F37}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{5F214A4B-F8DE-42F2-843A-300BAA679A39}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{68F10FAD-D3DB-4DAC-A551-5D13CDA7ECD1}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe | "TCP Query User{85E5849C-B4BE-418F-BD52-47FBF756FBA9}C:\program files\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe | "TCP Query User{91C5AE6F-A1B7-4315-A49B-CA6AAD44E689}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{A7EDD122-6C03-4536-B490-50D0CED21664}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{C30CFB72-E8F2-4186-BA92-F1A4F7508F84}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{C31E8221-48EB-4C1F-9EFC-EEA14AC71EDA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{C503BBEC-FC0C-457B-A472-BA407DDA550F}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe | "TCP Query User{C5DDF32F-D2EE-4479-B4CC-E87449169456}C:\users\al\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\al\downloads\starcraft_2_eu_de-de.exe | "UDP Query User{00BC75F9-28FD-431B-988E-67DB178C653B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{0C0D1E3C-0E8D-458F-98C0-0F36CBFAC323}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{0F499181-BFA5-4CA0-BC83-1B53FA102765}C:\program files\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe | "UDP Query User{394D999A-1041-4227-B125-B43F9293348D}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{4C088AF4-DAF4-4656-9855-68A2166A1D93}C:\users\al\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\al\downloads\starcraft_2_eu_de-de.exe | "UDP Query User{5D093671-6695-4DBE-A4F1-1D40FC1BBE64}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe | "UDP Query User{74FDA0EE-188B-4E25-8837-C86BAE9225EA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{7A3F3378-E017-41A9-BB1E-99ADE81BD845}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe | "UDP Query User{8515B17D-EB7F-4E9B-9F6B-D5A8C14BA8B4}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe | "UDP Query User{9A3327D0-7A9B-4EA0-826E-4BA517DCC011}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{BDA38D86-6916-47C3-A206-8B50F2DC7EFE}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{C3244345-B05C-4B47-A31E-3AD13EF17A28}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{EF4F16D8-A51A-4E16-B743-B72C36921B76}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{052E244C-3674-8907-D9C3-092C89521B94}" = Catalyst Control Center Localization Korean "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{09A84D86-C709-4825-9548-ACF4838D478D}" = Intel(R) PROSet/Wireless WiFi Software "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{10F90FAD-6627-7113-86AE-C243C74F0DEF}" = CCC Help German "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1433371A-F983-9562-3947-92420A72849D}" = Catalyst Control Center Graphics Previews Vista "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{22266E88-29AF-8D27-F85F-DD75D76E4AE2}" = Catalyst Control Center Localization German "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23146B80-2B64-023D-0696-A753E5C45FB4}" = Catalyst Control Center Graphics Full Existing "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc "{340A2AD6-0679-46DA-9180-DABBD5B36FD1}" = BitDefender Antivirus Pro 2011 "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{3752F72E-A481-41C7-256B-C20D7BFBE3BC}" = CCC Help English "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D717E8B-7AF0-4FDF-87FA-6C5797A1B995}" = Roxio Creator Business Edition "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{433894BE-54BF-CC72-2147-14EA837ADC87}" = CCC Help Portuguese "{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System "{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista "{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections "{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{52F58309-1687-0C82-699A-27D9029B9429}" = CCC Help Spanish "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2 "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F64E152-51C1-47B4-BEA8-007D73C7460F}" = Cisco AnyConnect VPN Client "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{6ADC5DFC-24AA-D4E1-478A-5CD6337F8051}" = Catalyst Control Center Localization Italian "{6B00B854-F04B-5C6A-63C5-21B9EF8CE3CF}" = CCC Help French "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Lenovo Central Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{771C80E2-7A02-D773-96C3-155F217CD02A}" = CCC Help Japanese "{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7B647582-EE62-8275-9D76-15692741C585}" = Catalyst Control Center Localization Chinese Traditional "{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery "{821456F8-EB18-41A8-DED5-695096B7D9D6}" = Catalyst Control Center Localization Chinese Standard "{8220C00D-CBA1-AB41-1A66-7B99FAEF65F9}" = ATI Catalyst Install Manager "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ACB5112-A58B-7283-B771-6271A0D9471D}" = Catalyst Control Center Core Implementation "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8EBBED54-C2D0-928A-7CA9-D28FAD39C4B6}" = CCC Help Korean "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite "{94B1AD86-8764-8853-F4BB-7F92D5E94AA3}" = Catalyst Control Center Graphics Full New "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97BBF90F-A852-4AA0-872B-42D13AA22D94}" = Mobile Broadband Connect "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B14495A-E66F-3D68-3B03-D40A6862D6D7}" = ccc-utility "{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}" = Catalyst Control Center - Branding "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7EE37A9-367B-651F-9F4A-0BDE35D7417F}" = CCC Help Chinese Standard "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{ABC6E084-55EA-5860-4654-B21FFE886B1B}" = PX Profile Update "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 "{AE2832A3-8108-F2BF-7086-BE66D29106E7}" = Catalyst Control Center Graphics Light "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2 "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BA0B7C1F-5315-50C4-1EE9-FFA688A28C74}" = Catalyst Control Center Localization Spanish "{BAAC402D-86A7-3918-4A24-7C8E83AE1756}" = CCC Help Swedish "{BBDD2E21-F74F-FE49-956D-13FB1999DC28}" = CCC Help Italian "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{BF1ECD50-5A11-B18B-4AA0-20E41E7C20F7}" = Catalyst Control Center Localization Japanese "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{C710E77E-6AC2-608B-214C-CEF6B9CDBA6E}" = Catalyst Control Center InstallProxy "{C945C17F-2E78-4511-ABB6-EF637D2EE8FB}" = Skins "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CCCF9048-DAFD-F1F5-B860-9B5C32FBD2D6}" = Catalyst Control Center Localization Portuguese "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D22E6706-136E-4810-AF2E-359AE30A7323}" = ThinkVantage Status Gadget "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{E2ACDD92-7A9F-FCE8-2452-8A660792038E}" = CCC Help Chinese Traditional "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{E4CB66D5-C29E-9612-5E32-6807E91A82CD}" = Catalyst Control Center Localization Swedish "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center "{EA5AB32C-970E-D7C4-C896-1C927FB3E384}" = Catalyst Control Center Localization Dutch "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F9230D65-8EED-B6DD-F9FB-8AEFDE06579C}" = Catalyst Control Center Localization French "{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility "{FAA034EC-DB6A-A753-5DCE-DD7D75EDEA8E}" = ccc-core-static "{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "{FF878914-1DDC-44E2-92F6-69DE291DDCA7}" = CCC Help Dutch "0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001) "1205965EF392C9B0D5A9BDB139035F058E76359E" = Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05) "1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11) "25A4FC9EFE7A8860FCF6F86FFABDD9334A2619E3" = Windows Driver Package - Intel (e1yexpress) Net (08/22/2008 9.52.10.1001) "3EB6CB625B5778835F0A66A7529E69050E0EE033" = Windows Driver Package - Lenovo 1.53 (03/19/2009 1.53) "432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002) "464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011) "513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007) "5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001) "778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13) "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Akamai" = Akamai NetSession Interface "ATI Uninstaller" = ATI Uninstaller "AviSynth" = AviSynth 2.5 "BitDefender" = BitDefender Antivirus Pro 2011 "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Combat Arms EU" = Combat Arms EU "CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2 "Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011) "EADM" = EA Download Manager "Easy-Shutdown" = Easy-Shutdown 1.3 "EC1E678D1EFB79A1D02C312390944027C715CD5C" = Windows Driver Package - Intel (iaStor) hdc (02/11/2009 8.8.0.1009) "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch "FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "HECI" = Intel(R) Management Engine Interface "ICQToolbar" = ICQ Toolbar "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "Lenovo Registration" = Lenovo Registration "Lenovo Welcome_is1" = Lenovo Welcome "LENOVO.SMIIF" = Lenovo System Interface Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MESOL" = Intel® Active Management Technology "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "OnScreenDisplay" = On Screen Display "PC-Doctor for Windows" = Lenovo System Toolbox "Power Management Driver" = ThinkPad Power Management Driver "PROHYBRIDR" = 2007 Microsoft Office system "ProInst" = Intel PROSet Wireless "PROR" = Microsoft Office Professional 2007 "StarCraft II" = StarCraft II "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement "Videora iPod Converter" = Videora iPod Converter 5.04 "VLC media player" = VLC media player 1.0.2 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "XMind" = XMind "YouTube Downloader App" = YouTube Downloader App 2.03 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Winamp Detect" = Winamp Anwendungserkennung ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 26.01.2011 09:47:24 | Computer Name = al-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 187154 Error - 26.01.2011 09:49:51 | Computer Name = al-PC | Source = WinMgmt | ID = 10 Description = Error - 26.01.2011 11:32:16 | Computer Name = al-PC | Source = EventSystem | ID = 4621 Description = Error - 26.01.2011 11:47:37 | Computer Name = al-PC | Source = WinMgmt | ID = 10 Description = Error - 26.01.2011 13:44:11 | Computer Name = al-PC | Source = EventSystem | ID = 4609 Description = Error - 26.01.2011 13:45:03 | Computer Name = al-PC | Source = WinMgmt | ID = 10 Description = Error - 26.01.2011 13:50:50 | Computer Name = al-PC | Source = WinMgmt | ID = 10 Description = Error - 26.01.2011 15:01:59 | Computer Name = al-PC | Source = WinMgmt | ID = 10 Description = Error - 26.01.2011 15:17:46 | Computer Name = al-PC | Source = Microsoft Office 12 | ID = 2001 Description = Rejected Safe Mode action : Microsoft Office Outlook. Error - 26.01.2011 17:49:11 | Computer Name = al-PC | Source = WinMgmt | ID = 10 Description = [ Cisco AnyConnect VPN Client Events ] Error - 25.01.2011 16:00:28 | Computer Name = al-PC | Source = vpnagent | ID = 50331649 Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp Line: 997 Description: fatal error, stopping service Error - 25.01.2011 16:02:03 | Computer Name = al-PC | Source = vpnagent | ID = 50331649 Description = Function: CVCMSSaxParser Return code: 0xC00CE225 File: .\xml\MSSaxErrorHandlerImpl.cpp Line: 31 Description: WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed. Error - 26.01.2011 06:20:07 | Computer Name = al-PC | Source = vpnagent | ID = 50331649 Description = Function: CVCMSSaxParser Return code: 0xC00CE225 File: .\xml\MSSaxErrorHandlerImpl.cpp Line: 31 Description: WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed. Error - 26.01.2011 09:49:31 | Computer Name = al-PC | Source = vpnagent | ID = 50331649 Description = Function: CVCMSSaxParser Return code: 0xC00CE225 File: .\xml\MSSaxErrorHandlerImpl.cpp Line: 31 Description: WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed. Error - 26.01.2011 11:47:20 | Computer Name = al-PC | Source = vpnagent | ID = 50331649 Description = Function: CVCMSSaxParser Return code: 0xC00CE225 File: .\xml\MSSaxErrorHandlerImpl.cpp Line: 31 Description: WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed. Error - 26.01.2011 13:50:29 | Computer Name = al-PC | Source = vpnagent | ID = 50331649 Description = Function: CVCMSSaxParser Return code: 0xC00CE225 File: .\xml\MSSaxErrorHandlerImpl.cpp Line: 31 Description: WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed. Error - 26.01.2011 15:01:41 | Computer Name = al-PC | Source = vpnagent | ID = 50331649 Description = Function: CVCMSSaxParser Return code: 0xC00CE225 File: .\xml\MSSaxErrorHandlerImpl.cpp Line: 31 Description: WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed. Error - 26.01.2011 17:47:11 | Computer Name = al-PC | Source = vpnagent | ID = 50331650 Description = Termination reason code 9: Client PC is shutting down. Error - 26.01.2011 17:47:11 | Computer Name = al-PC | Source = vpnagent | ID = 50331649 Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp Line: 997 Description: fatal error, stopping service Error - 26.01.2011 17:48:44 | Computer Name = al-PC | Source = vpnagent | ID = 50331649 Description = Function: CVCMSSaxParser Return code: 0xC00CE225 File: .\xml\MSSaxErrorHandlerImpl.cpp Line: 31 Description: WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed. [ Lenovo-Message Center Plus/Admin Events ] Error - 25.10.2009 10:13:18 | Computer Name = al-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4 Description = The file size of the downloaded file /TOC.cab is not the same as the file size of the file on the server Error - 25.10.2009 10:13:18 | Computer Name = al-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4 Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\wrapper.py does not have a Lenovo Digital Signature. The file will be deleted Error - 21.01.2011 21:44:20 | Computer Name = al-PC | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Unable to retrieve machine model -> Exception message: Provider load failure Error - 21.01.2011 21:44:20 | Computer Name = al-PC | Source = Lenovo-Message Center Plus/Admin | ID = 4 Description = Retrieved null machine type model Error - 21.01.2011 21:45:18 | Computer Name = al-PC | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Unable to retrieve machine model -> Exception message: [ System Events ] Error - 26.01.2011 15:01:32 | Computer Name = al-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 19:59:28 on 26.01.2011 was unexpected. Error - 26.01.2011 15:01:59 | Computer Name = al-PC | Source = Service Control Manager | ID = 7000 Description = Error - 26.01.2011 15:01:59 | Computer Name = al-PC | Source = Service Control Manager | ID = 7000 Description = Error - 26.01.2011 15:01:59 | Computer Name = al-PC | Source = Service Control Manager | ID = 7023 Description = Error - 26.01.2011 15:01:59 | Computer Name = al-PC | Source = Service Control Manager | ID = 7026 Description = Error - 26.01.2011 17:46:57 | Computer Name = al-PC | Source = DCOM | ID = 10010 Description = Error - 26.01.2011 17:49:11 | Computer Name = al-PC | Source = Service Control Manager | ID = 7000 Description = Error - 26.01.2011 17:49:11 | Computer Name = al-PC | Source = Service Control Manager | ID = 7000 Description = Error - 26.01.2011 17:49:11 | Computer Name = al-PC | Source = Service Control Manager | ID = 7023 Description = Error - 26.01.2011 17:49:11 | Computer Name = al-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.01.2011 22:51:46 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\al\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 29,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 62,00% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,65 Gb Total Space | 33,92 Gb Free Space | 15,30% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 3,63 Gb Free Space | 37,12% Space Free | Partition Type: NTFS Drive S: | 1,46 Gb Total Space | 0,51 Gb Free Space | 34,54% Space Free | Partition Type: NTFS Computer Name: AL-PC | User Name: al | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\al\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.) PRC - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe (BitDefender S.R.L.) PRC - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.) PRC - C:\Users\al\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft) PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe () PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo) PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe () PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE (Lenovo Group Limited) PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\ibmpmsvc.exe (Lenovo) PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo) PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Windows\System32\TpShocks.exe (Lenovo.) PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Windows\System32\TPHDEXLG.exe (Lenovo.) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) ========== Modules (SafeList) ========== MOD - C:\Users\al\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00074_002\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00074_002\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00074_002\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00074_002\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00074_002\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00074_002\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00074_002\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Updatesrv) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe (BitDefender S.R.L.) SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe (BitDefender S.R.L.) SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll () SRV - (Update Server) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (IBMPMSVC) -- C:\Windows\System32\ibmpmsvc.exe (Lenovo) SRV - (TSSCoreService) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo) SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (TPHDEXLGSVC) -- C:\Windows\System32\TPHDEXLG.exe (Lenovo.) SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (TVT_UpdateMonitor) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (bdselfpr) -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys (BitDefender LLC) DRV - (Trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.) DRV - (Bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC) DRV - (bdfsfltr) -- C:\Windows\system32\DRIVERS\bdfsfltr.sys (BitDefender) DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender) DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender) DRV - (BDFM) -- C:\Windows\System32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (tvtfilter) -- C:\Windows\System32\drivers\tvtfilter.sys (Lenovo) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited) DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider) DRV - (IBMPMDRV) -- C:\Windows\System32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (MUXP) -- C:\Windows\System32\drivers\mux.sys (Intel© Corporation) DRV - (MUXMP) -- C:\Windows\System32\drivers\mux.sys (Intel© Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (tvtumon) -- C:\Windows\System32\drivers\tvtumon.sys (Lenovo) DRV - (intelkmd) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio) DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011.01.19 17:57:47 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.) O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.) O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL () O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe () O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPSON Stylus DX8400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\al\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\al\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.06.02 23:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{1f2d3753-8599-11de-99e1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1f2d3753-8599-11de-99e1-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008.07.21 17:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{4443a7d9-7884-11df-9702-00216a59994b}\Shell\AutoRun\command - "" = bbjl2g.exe O33 - MountPoints2\{4443a7d9-7884-11df-9702-00216a59994b}\Shell\open\Command - "" = bbjl2g.exe O33 - MountPoints2\{51653459-8592-11de-918a-00247e6e40e2}\Shell - "" = AutoRun O33 - MountPoints2\{51653459-8592-11de-918a-00247e6e40e2}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008.07.29 23:37:58 | 000,180,224 | -HS- | M] () O33 - MountPoints2\{a0cd3604-ea55-11de-ab3f-00216a59994b}\Shell - "" = AutoRun O33 - MountPoints2\{a0cd3604-ea55-11de-ab3f-00216a59994b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{a7c1fa13-f795-11de-8f13-00216a59994a}\Shell - "" = AutoRun O33 - MountPoints2\{a7c1fa13-f795-11de-8f13-00216a59994a}\Shell\AutoRun\command - "" = F:\JackLaunch.exe O33 - MountPoints2\{b5be4edf-11ca-11e0-9bb0-00216a59994a}\Shell\AutoRun\command - "" = D:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.26 20:56:09 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\al\Desktop\OTL.exe [2011.01.26 18:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\HJT [2011.01.26 18:58:20 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.01.25 14:52:43 | 000,000,000 | ---D | C] -- C:\Users\al\Desktop\präsis [2011.01.19 17:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDefender 2011 [2011.01.19 17:57:50 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\BitDefender [2011.01.19 17:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender [2011.01.19 16:45:32 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\QuickScan [2011.01.19 16:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender [2011.01.19 16:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender [2011.01.19 16:41:38 | 000,308,152 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys [2011.01.19 16:41:21 | 000,327,368 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdfsfltr.sys [2011.01.19 01:32:30 | 000,000,000 | ---D | C] -- C:\Users\al\AppData\Roaming\Malwarebytes [2011.01.19 01:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.19 01:30:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.19 01:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.19 01:29:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.19 01:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.01.19 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\al\Documents\Chu Desktop [2011.01.14 00:39:14 | 000,000,000 | ---D | C] -- C:\Users\al\Documents\My Palettes [2011.01.12 11:16:56 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.12 11:16:55 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.01.04 16:24:09 | 000,000,000 | ---D | C] -- C:\Users\al\Desktop\LeagueOfLegends.EU.12_20_2010 [2009.08.10 11:47:24 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2009.08.10 11:47:24 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2011.01.26 22:48:45 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.26 22:48:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.26 22:48:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.26 22:48:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.26 22:48:32 | 2642,440,192 | -HS- | M] () -- C:\hiberfil.sys [2011.01.26 22:47:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.01.26 22:04:03 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.26 22:02:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769887172-4083246247-2960312149-1003UA.job [2011.01.26 20:56:10 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\al\Desktop\OTL.exe [2011.01.26 19:00:15 | 000,002,599 | ---- | M] () -- C:\Users\al\Desktop\HiJackThis.lnk [2011.01.26 12:41:35 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.26 12:41:35 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.25 13:07:00 | 000,131,968 | ---- | M] () -- C:\Users\al\Documents\Tiger Airways Booking Confirmation - C2TILS.PDF [2011.01.25 13:02:07 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-769887172-4083246247-2960312149-1003Core.job [2011.01.24 12:09:54 | 011,938,082 | ---- | M] () -- C:\Users\al\Desktop\vladi.pdf [2011.01.22 03:30:27 | 000,048,414 | ---- | M] () -- C:\Users\al\Desktop\MYM.JPG [2011.01.22 01:23:21 | 000,009,804 | ---- | M] () -- C:\Users\al\Documents\Poker.xlsx [2011.01.19 22:10:00 | 000,019,969 | ---- | M] () -- C:\Users\al\Documents\EmiratesETicket1.PDF [2011.01.19 18:24:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\imblacklist.dat [2011.01.19 18:14:38 | 000,510,337 | ---- | M] () -- C:\ProgramData\bdinstall.bin [2011.01.19 18:08:58 | 000,308,152 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys [2011.01.19 18:07:54 | 000,000,415 | ---- | M] () -- C:\Windows\System32\user_gensett.xml [2011.01.19 17:57:55 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Antivirus Pro 2011.lnk [2011.01.19 01:30:17 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.19 00:45:42 | 000,035,807 | ---- | M] () -- C:\Users\al\Documents\Welcome to Skywards.docx [2011.01.18 23:04:27 | 000,667,373 | ---- | M] () -- C:\Users\al\Desktop\Reisepass Arne.jpg [2011.01.15 09:03:45 | 000,002,037 | ---- | M] () -- C:\Users\al\Desktop\Google Chrome.lnk [2011.01.15 09:03:45 | 000,001,999 | ---- | M] () -- C:\Users\al\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011.01.14 11:41:23 | 000,188,928 | ---- | M] () -- C:\Users\al\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.10 20:41:00 | 002,567,680 | ---- | M] () -- C:\Users\al\Documents\2010_09_Paper_Waibel_final_E.doc [2011.01.04 16:24:23 | 000,000,378 | ---- | M] () -- C:\Users\al\Desktop\Resume Download of League of Legends.url [2010.12.28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll ========== Files Created - No Company Name ========== [2011.01.26 18:58:20 | 000,002,599 | ---- | C] () -- C:\Users\al\Desktop\HiJackThis.lnk [2011.01.26 18:50:16 | 2642,440,192 | -HS- | C] () -- C:\hiberfil.sys [2011.01.25 13:07:00 | 000,131,968 | ---- | C] () -- C:\Users\al\Documents\Tiger Airways Booking Confirmation - C2TILS.PDF [2011.01.24 12:11:28 | 011,938,082 | ---- | C] () -- C:\Users\al\Desktop\vladi.pdf [2011.01.21 21:56:24 | 000,048,414 | ---- | C] () -- C:\Users\al\Desktop\MYM.JPG [2011.01.21 20:33:36 | 000,009,804 | ---- | C] () -- C:\Users\al\Documents\Poker.xlsx [2011.01.19 22:10:00 | 000,019,969 | ---- | C] () -- C:\Users\al\Documents\EmiratesETicket1.PDF [2011.01.19 18:24:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imblacklist.dat [2011.01.19 18:07:54 | 000,000,415 | ---- | C] () -- C:\Windows\System32\user_gensett.xml [2011.01.19 17:57:55 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Antivirus Pro 2011.lnk [2011.01.19 16:41:13 | 000,510,337 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.01.19 01:30:17 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.19 00:45:41 | 000,035,807 | ---- | C] () -- C:\Users\al\Documents\Welcome to Skywards.docx [2011.01.18 23:04:26 | 000,667,373 | ---- | C] () -- C:\Users\al\Desktop\Reisepass Arne.jpg [2011.01.10 20:41:00 | 002,567,680 | ---- | C] () -- C:\Users\al\Documents\2010_09_Paper_Waibel_final_E.doc [2011.01.04 16:24:23 | 000,000,378 | ---- | C] () -- C:\Users\al\Desktop\Resume Download of League of Legends.url [2010.07.08 09:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe [2010.02.02 18:04:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.01.13 15:55:35 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.01.13 15:49:08 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini [2010.01.02 12:38:22 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.10.08 16:54:01 | 000,188,928 | ---- | C] () -- C:\Users\al\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.01 18:04:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.01 17:52:05 | 000,007,728 | ---- | C] () -- C:\Users\al\AppData\Local\d3d9caps.dat [2009.10.01 15:34:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.10 12:01:18 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL [2009.08.10 12:01:18 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini [2009.08.10 11:59:37 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2009.08.10 11:59:37 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2009.08.10 11:59:37 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2009.08.10 11:59:37 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2009.08.10 11:59:37 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2009.08.10 11:59:37 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2009.08.10 11:48:30 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.08.10 11:47:24 | 001,754,368 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2009.08.10 11:47:24 | 000,028,800 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2009.08.10 11:47:24 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2007.01.31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini < End of report > nochmal vielen Dank und lieben Gruß arne |
26.01.2011, 23:10 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Rechner stürzt reglmäßig ab und läuft viel zu langsam; anbei logfileZitat:
Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Rechner stürzt reglmäßig ab und läuft viel zu langsam; anbei logfile |
adobe, bho, bitdefender 2011, bonjour, browser, defender, desktop, excel, google, hijack, hijackthis, internet, internet explorer, langsam, lenovo, logfile, notification, object, plug-in, registry, rundll, security, server, software, system, thinkvantage registry monitor service, virus, vista, windows, zu langsam |