| andrews0815 | 08.12.2011 21:31 |
Hallo Arne,
Ja, habe noch den mbam-Log von gestern nach den ganzen Säuberungsaktionen, der im wesentlichen nur besagt, dass alles OK sein soll, was ich wie gesagt ja bezweifle, sonst hab ich alles gelöscht (ich trau ja auch den Scannern nicht). Zudem weiss ich ja nicht, ob ein Scan im safemode genauso aussagekräftig ist, wie der im normalen Modus (er geht zumindest einiges schneller), der im normalen Modus ist mir vorgestern nacht eingeschlafen.
---------------------------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: 8323
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514
07.12.2011 09:57:53
mbam-log-2011-12-07 (09-57-53).txt
Scan type: Full scan (C:\|Q:\|)
Objects scanned: 389322
Time elapsed: 43 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
--------------------------------------------------------
Die OTL Logs hab ich auch, die scheinen mir mehr Infos zu haben - sorry, muss das Ding reinkopieren, die Antworten sind offensichtlich nicht attachmentfreundlich:
-----------------------------------------------------------OTL Logfile: Code:
OTL logfile created on: 12/8/2011 12:43:04 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxx\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
2.96 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 53.39% Memory free
2.96 Gb Paging File | 1.57 Gb Available in Paging File | 53.10% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.95 Gb Total Space | 49.95 Gb Free Space | 22.51% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 2.06 Gb Free Space | 21.13% Space Free | Partition Type: NTFS
Computer Name: x200 | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\ACTray.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (Ericsson AB)
PRC - C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\DTS.exe ()
PRC - C:\Windows\System32\AtService.exe (AuthenTec, Inc.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Notes\ntmulti.exe (IBM Corp)
PRC - C:\Program Files\Notes\nsd.exe (IBM)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\RotateImage\RCIMGDIR.exe (Ricoh co.,Ltd.)
PRC - C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL ()
MOD - C:\Program Files\Lenovo\Access Connections\AcWrpc.dll ()
MOD - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
MOD - C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\pxl_m17n_tool.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\hpzpi5k4.dll ()
========== Win32 Services (SafeList) ==========
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (AcSvc) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (WMCoreService) -- C:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (dtsvc) -- C:\Windows\System32\DTS.exe ()
SRV - (ADMonitor) -- C:\Windows\System32\ADMonitor.exe ()
SRV - (ATService) -- C:\Windows\System32\AtService.exe (AuthenTec, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Multi-user Cleanup Service) -- C:\Program Files\Notes\ntmulti.exe (IBM Corp)
SRV - (Lotus Notes Diagnostics) -- C:\Program Files\Notes\nsd.exe (IBM)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (DozeHDD) -- C:\Windows\System32\DRIVERS\DozeHDD.sys (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (WwanUsbServ) -- C:\Windows\System32\drivers\WwanUsbMp.sys (Ericsson AB)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (l36wgps) -- C:\Windows\System32\drivers\l36wgps.sys (Ericsson AB)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (Mbm3Mdm) -- C:\Windows\System32\drivers\Mbm3Mdm.sys (MCCI Corporation)
DRV - (Mbm3DevMt) Mobile Broadband Device Management Driver (WDM) -- C:\Windows\System32\drivers\Mbm3DevMt.sys (MCCI Corporation)
DRV - (Mbm3CBus) F3507g Mobile Broadband Device (WDM) -- C:\Windows\System32\drivers\Mbm3CBus.sys (MCCI Corporation)
DRV - (Mbm3mdfl) -- C:\Windows\System32\drivers\Mbm3mdfl.sys (MCCI Corporation)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (NETwNs32) ___ Intel(R) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (ecnssndisfltr) -- C:\Windows\System32\drivers\wwanussf.sys (Ericsson AB)
DRV - (ecnssndis) -- C:\Windows\System32\drivers\wwanuss.sys (Ericsson AB)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (5U875UVC) -- C:\Windows\System32\drivers\RCUVCMNP.sys (Ricoh co.,Ltd.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo - Welcome - Country selection [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Lenovo | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 48 DA FD 94 E7 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.hiergehtslos.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/06 21:55:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 15:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/23 15:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/23 15:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension\1.8.0.4 [2011/12/06 19:45:39 | 000,000,000 | ---D | M]
[2010/02/08 01:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Extensions
[2010/02/08 01:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/10/11 23:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\6ncgf6hz.default\extensions
[2011/12/07 12:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/19 09:41:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/07 12:49:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/06 21:55:33 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/12/06 19:45:39 | 000,000,000 | ---D | M] (ThinkVantage Password Manager) -- C:\PROGRAM FILES\LENOVO\CLIENT SECURITY SOLUTION\PWM FIREFOX EXTENSION\1.8.0.4
[2011/11/23 14:57:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/19 10:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008/06/19 10:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/09 22:40:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/09 22:40:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/09 22:40:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/09 22:40:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/09 22:40:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/09 22:40:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Canon Online Photo Plugin Module (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\RotateImage\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.71 194.230.1.39 194.230.1.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A03A056-9AF3-4F9D-BCEB-FF27B993B519}: DhcpNameServer = 194.230.1.71 194.230.1.39
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4C2A533-AF28-4D39-9F54-BBEB65FA3191}: DhcpNameServer = 194.230.1.71 194.230.1.39 194.230.1.103
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{94b5ae79-12b4-11df-b4c0-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{94b5ae79-12b4-11df-b4c0-028037ec0200}\Shell\AutoRun\command - "" = D:\setup.exe /AUTORUN
O33 - MountPoints2\{94b5ae79-12b4-11df-b4c0-028037ec0200}\Shell\configure\command - "" = D:\setup.exe
O33 - MountPoints2\{94b5ae79-12b4-11df-b4c0-028037ec0200}\Shell\install\command - "" = D:\setup.exe
O33 - MountPoints2\{e4c555fa-f20d-11de-bf7f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e4c555fa-f20d-11de-bf7f-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/12/08 00:18:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2011/12/07 12:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/07 12:49:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/07 12:49:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/07 12:49:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/07 12:15:19 | 072,852,688 | ---- | C] (Microsoft Corporation) -- C:\Users\xxx\Desktop\msert.exe
[2011/12/07 12:01:47 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Trojan
[2011/12/06 23:26:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Apple Computer
[2011/12/06 20:15:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Lotus
[2011/12/06 19:43:52 | 000,032,824 | ---- | C] (Lenovo Information Product(ShenZhen China) Inc.) -- C:\Windows\System32\drivers\psadd.sys
[2011/12/06 17:55:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2011/12/06 17:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/23 23:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2011/11/23 16:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/23 15:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/23 15:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/23 15:34:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/23 15:25:45 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/11/23 15:25:45 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/11/23 15:25:29 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/23 15:25:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/23 15:25:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/23 15:25:27 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/23 15:25:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/23 15:25:16 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/23 15:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/20 02:03:09 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/02/03 10:32:28 | 003,550,592 | ---- | C] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) -- C:\Program Files\procexp.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/12/08 00:29:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 00:18:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2011/12/07 23:51:47 | 000,671,140 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/07 23:51:47 | 000,129,944 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/07 20:31:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/07 18:29:02 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/07 15:00:11 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/07 12:59:49 | 000,025,600 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/07 12:48:51 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 12:48:51 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/07 12:40:30 | 2384,547,840 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/07 12:19:26 | 072,852,688 | ---- | M] (Microsoft Corporation) -- C:\Users\xxx\Desktop\msert.exe
[2011/12/06 22:16:38 | 000,007,605 | ---- | M] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2011/12/06 21:55:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/06 19:43:52 | 000,032,824 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) -- C:\Windows\System32\drivers\psadd.sys
[2011/12/06 19:35:46 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/12/06 17:36:11 | 000,011,246 | -HS- | M] () -- C:\Users\xxx\AppData\Local\4cvn82knc6a0o1
[2011/12/06 17:36:11 | 000,011,246 | -HS- | M] () -- C:\ProgramData\4cvn82knc6a0o1
[2011/11/29 15:47:09 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 19:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/23 16:36:15 | 000,068,590 | ---- | M] () -- C:\Users\xxx\Documents\Synchronisation_Lotus_Notes_Apple_iPhone_Synthesis_Todo_Cal_Client__1.wm2
[2011/11/23 15:45:46 | 000,002,003 | ---- | M] () -- C:\Users\xxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/23 15:41:41 | 000,415,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/23 15:33:41 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/11/23 15:33:41 | 000,075,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/11/23 15:27:38 | 002,341,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/23 15:27:28 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/23 15:27:28 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/11/23 15:27:28 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/11/23 15:27:28 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/23 15:27:28 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/23 15:18:01 | 006,143,647 | ---- | M] () -- C:\Users\xxx\Desktop\Asanas.pdf
[2011/11/23 15:01:37 | 000,002,683 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/06 17:09:41 | 000,011,246 | -HS- | C] () -- C:\Users\xxx\AppData\Local\4cvn82knc6a0o1
[2011/12/06 17:09:41 | 000,011,246 | -HS- | C] () -- C:\ProgramData\4cvn82knc6a0o1
[2011/11/23 15:17:50 | 006,143,647 | ---- | C] () -- C:\Users\xxx\Desktop\Asanas.pdf
[2011/06/23 22:24:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/21 19:01:08 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2011/04/20 11:58:57 | 000,000,665 | ---- | C] () -- C:\Windows\System32\hppapr11.dat
[2011/01/20 02:03:10 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/01/20 02:03:10 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2011/01/20 02:03:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2011/01/20 02:03:09 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/01/20 02:03:06 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/01/20 02:03:04 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/10/21 02:07:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DTS.exe
[2010/10/21 02:07:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\ADMonitor.exe
[2010/02/20 23:55:29 | 000,017,408 | ---- | C] () -- C:\Users\xxx\AppData\Local\WebpageIcons.db
[2010/02/20 00:12:21 | 000,156,766 | ---- | C] () -- C:\Users\xxx\AppData\Local\Synchronisation_Lotus_Notes_Apple_iPhone_3G_1.wm2
[2010/02/16 23:33:03 | 000,007,605 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg
[2010/02/14 22:58:00 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2010/02/14 21:49:41 | 000,025,600 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/09 20:38:58 | 000,659,200 | ---- | C] () -- C:\Users\xxx\AppData\Local\wanancsp.dat
[2010/02/07 12:04:50 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/02/07 11:49:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/06 18:35:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/26 12:13:05 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/10/20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/03 08:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 08:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,415,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,671,140 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,129,944 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2011/03/27 05:24:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Amazon
[2011/04/21 19:04:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\CachedFiles
[2011/03/27 05:02:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\calibre
[2010/02/16 23:26:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon
[2010/02/06 22:39:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
[2010/02/13 00:13:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Forte
[2010/04/25 06:08:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\HandBrake
[2010/02/05 20:57:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lenovo
[2011/05/11 17:05:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PCDr
[2011/04/21 22:57:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PwrMgr
[2010/05/27 17:34:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SE_logs
[2010/02/08 01:08:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird
[2011/05/11 16:22:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Update
[2010/02/13 02:47:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer
[2010/02/13 03:32:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Wireshark
[2011/11/29 15:47:09 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/07/05 14:24:54 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/07 15:00:11 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
< End of report >
--- --- ---
-------------------------------------------
Und noch die OTR Extras - iOTL Logfile: Code:
OTL Extras logfile created on: 12/8/2011 12:43:04 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxx\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
2.96 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 53.39% Memory free
2.96 Gb Paging File | 1.57 Gb Available in Paging File | 53.10% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.95 Gb Total Space | 49.95 Gb Free Space | 22.51% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 2.06 Gb Free Space | 21.13% Space Free | Partition Type: NTFS
Computer Name: x200 | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Value error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CFC71CB-6789-4CD9-99C0-58D490BE99AA}" = Follow MxxxrinDay - HSK Listening Practice I
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{17C4A35A-2041-42C0-8D10-DEF55B47BE56}" = Adobe Premiere Elements 8.0 Templates
"{18554B3F-46EA-40A9-B4EA-7EEE83C0559D}" = Client Security - Password Manager
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D440AF4-7330-43F0-A085-35DE1A90E703}" = Lenovo Fingerprint Software
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5C111F14-D9BE-459D-B0B6-B4D082F03749}" = Mobile Broadband Connect
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D5E4E4C-F695-45B3-8863-6B834D584CAC}" = ThinkVantage GPS
"{6DB21B2C-2BEF-44B4-B264-8EC2BC2369C6}" = ThinkVantage GPS
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82EB6CEA-749A-410F-8AD2-372A286BA3BE}" = Integrated Camera Driver Installer Package Ver.1.32.500.0
"{836670E9-61EB-4D47-9EF8-CFE936C3FE32}" = Lotus Notes 8.5.1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90510409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AE6ECFF9-FD33-48A3-B4AC-89263CC393A8}" = ImageMixer 3 SE Ver.4 Video Tools
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B83ED44B-8235-4EA8-A043-2834E28AAD8D}" = Follow MxxxrinDay - HSK Listening Practice II
"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan LiDE 500F
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CAE4E520-4695-4A96-8661-B62FA5FB669E}" = ImageMixer 3 SE Ver.4 Transfer Utility
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel(R) PROSet/Wireless WiFi-Software
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEE843A0-33C6-404C-90A4-1136F8BD38A2}" = calibre
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"05FBE63CF9C9B3424152207E7278CD6DA193C56C" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2010 8.6.0.29)
"112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Digital Editions" = Adobe Digital Editions
"DV CIG Guide" = CANON iMAGE GATEWAY Registration Guide
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"Google Chrome" = Google Chrome
"Handbrake" = Handbrake 0.9.4
"HECI" = Intel(R) Management Engine Interface
"InstallShield_{0CFC71CB-6789-4CD9-99C0-58D490BE99AA}" = Follow MxxxrinDay - HSK Listening Practice I
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{B83ED44B-8235-4EA8-A043-2834E28AAD8D}" = Follow MxxxrinDay - HSK Listening Practice II
"IrfanView" = IrfanView (remove only)
"Lenovo Welcome_is1" = Lenovo Welcome
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MyCamera" = Canon Utilities MyCamera
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"PremElem80" = Adobe Premiere Elements 8.0
"PremElem80Templates" = Adobe Premiere Elements 8.0 Templates
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SnagIt6" = SnagIt 6
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrackPoint" = ThinkPad TrackPoint Driver
"VLC media player" = VLC media player 1.1.11
"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7
"Winfonie mobile 2" = Winfonie mobile 2.2.2.13
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.6
"Zattoo4" = Zattoo4 4.0.3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/17/2011 7:11:06 PM | Computer Name = x200 | Source = PC-Doctor | ID = 1
Description = (4776) Asapi: (01:11:06:1900)(4776) libTonopahClient.DownloadManager
- Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
failed with error: 317
Error - 9/19/2011 12:31:31 PM | Computer Name = x200 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Lenovo\Access
Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files\Lenovo\Access
Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax.
Error - 9/24/2011 2:58:53 AM | Computer Name = x200 | Source = PC-Doctor | ID = 1
Description = (1872) Asapi: (08:58:53:7780)(1872) libTonopahClient.DownloadManager
- Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
failed with error: 317
Error - 9/24/2011 2:58:54 AM | Computer Name = x200 | Source = PC-Doctor | ID = 1
Description = (1872) Asapi: (08:58:54:4490)(1872) libTonopahClient.DownloadManager
- Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
failed with error: 317
Error - 9/26/2011 1:58:53 PM | Computer Name = x200 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Lenovo\Access
Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files\Lenovo\Access
Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax.
Error - 10/1/2011 12:20:10 PM | Computer Name = x200 | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Lenovo\Access
Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files\Lenovo\Access
Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax.
Error - 10/5/2011 7:34:25 AM | Computer Name = x200 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
mDNS_reentrancy (0)
Error - 10/5/2011 7:34:25 AM | Computer Name = x200 | Source = Bonjour Service | ID = 100
Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
!= mDNS_reentrancy (0)
Error - 10/5/2011 7:34:44 AM | Computer Name = x200 | Source = PC-Doctor | ID = 1
Description = (5320) Asapi: (13:34:44:7880)(5320) libTonopahClient.DownloadManager
- Error -- 135 HttpException : Http send request failed: getSystemErrormsg: FormatMessage(12007)
failed with error: 317
Error - 10/5/2011 7:35:38 AM | Computer Name = x200 | Source = ESENT | ID = 215
Description = WinMail (8188) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.
[ Lenovo-Message Center Plus/Admin Events ]
Error - 11/28/2010 10:35:35 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not exsist -> Exception message: The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not exsist
Error - 3/30/2011 1:18:51 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = IOException -> Exception message: The process cannot access the file
'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin' because
it is being used by another process.
Error - 3/30/2011 8:04:02 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The process cannot access the file 'C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\ServerRepositoryData.db'
because it is being used by another process. -> Exception message: The process
cannot access the file 'C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\ServerRepositoryData.db'
because it is being used by another process.
Error - 3/30/2011 8:04:02 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The process cannot access the file 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin'
because it is being used by another process. -> Exception message: The process
cannot access the file 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin'
because it is being used by another process.
Error - 3/30/2011 8:04:03 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Could not find file 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW_1\appupdater.exe.config'.
-> Exception message: Could not find file 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW_1\appupdater.exe.config'.
Error - 3/30/2011 8:04:03 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = IOException -> Exception message: The process cannot access the file
'appupdater.exe' because it is being used by another process.
Error - 3/30/2011 8:04:03 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Could not find a part of the path 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\SeedDB_1\SeedDB.tag'.
-> Exception message: Could not find a part of the path 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\SeedDB_1\SeedDB.tag'.
Error - 3/30/2011 8:04:06 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The process cannot access the file 'C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab'
because it is being used by another process. -> Exception message: The process
cannot access the file 'C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab'
because it is being used by another process.
Error - 3/30/2011 8:04:06 AM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = The process cannot access the file 'TOC.cab' because it is being used
by another process. -> Exception message: The process cannot access the file 'TOC.cab'
because it is being used by another process.
Error - 3/30/2011 12:06:03 PM | Computer Name = x200 | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = IOException -> Exception message: The process cannot access the file
'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin' because
it is being used by another process.
[ System Events ]
Error - 12/7/2011 4:09:15 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 12/7/2011 4:09:16 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 12/7/2011 4:09:16 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 12/7/2011 4:09:16 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 12/7/2011 4:09:16 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 12/7/2011 4:09:16 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 12/7/2011 4:09:16 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 12/7/2011 6:57:55 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7016
Description = The Data Transfer Service service has reported an invalid current
state 0.
Error - 12/7/2011 7:38:43 AM | Computer Name = x200 | Source = Service Control Manager | ID = 7016
Description = The Data Transfer Service service has reported an invalid current
state 0.
Error - 12/7/2011 5:50:38 PM | Computer Name = x200 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
< End of report >
--- --- ---
-------------------------------------------
------------------------------------------- |
