OTL Extras logfile created on: 02.01.2010 01:23:09 - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Uwe\Desktop Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16916) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 86,15 Gb Total Space | 47,41 Gb Free Space | 55,02% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: UWE-PC Current User Name: Uwe Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* chm.file [open] -- "%SystemRoot%\hh.exe" %1 cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [scan_with_SPYWAREfighter] -- C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe /scan "%1" (SPAMfighter) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{4A38939F-8B2C-4FFF-8C6A-022459453E88}C:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe" = protocol=6 | dir=in | app=c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe | "TCP Query User{BCDBB0FB-B469-4BE7-B817-1E8BEE3CD247}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{784B0D3F-9B71-447F-BC03-2E1BDCE7ABAF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{EBFA8BB3-ACBC-4AB9-9283-209A6F9B1420}C:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe" = protocol=17 | dir=in | app=c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900 "{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message "{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject' "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6 "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security "{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5A7D2B13-9522-48A9-A06F-A9C4AA33D8AD}" = SPYWAREfighter "{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections "{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90E00407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Multimedia Center For Think Offerings "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center "{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component "{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers "{E1A83640-A568-4B56-A4C9-AB38C7035156}" = ThinkPad Mobility Center Customization "{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV "{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant "2B6D818F3939804B01D509A4234EFE979CAAADCA" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011) "33B90F7893A16FA92E149B05C5B46C501B4202CD" = Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43) "38C8E8384B1D0355BE6B7A0EE5ACD9EA7122E268" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011) "4CF15B23EAB3D8AAA1E32F8ED986D8811D81835D" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1008) "530B366ABB8F4E0087E6FB2DE3609611DF9D8D27" = Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008) "5B35493BBF3623E997EADC90AFF8AA66DF7A114F" = Windows Driver Package - Intel System (09/15/2006 8.2.0.1000) "787E3A824531CE2DB2180F5CFAD00B052D0E389E" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1010) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AwayTask" = Maintenance Manager "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem "Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "E40C666F7FDCD87A10F83B12403CB4F0AE34A16D" = Windows Driver Package - Intel (e1express) Net (02/27/2007 9.7.37.0) "E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011) "FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista "Lenovo Registration" = Lenovo Registration "LENOVO.SMIIF" = Lenovo System Interface Driver "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) "NVIDIA Drivers" = NVIDIA Drivers "OnScreenDisplay" = Anzeige am Bildschirm "PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows "Picasa2" = Picasa 2 "Power Management Driver" = ThinkPad Power Management Driver "PROSet" = Intel(R) PRO Network Connections Drivers "SPYWAREfighter" = SPYWAREfighter "SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation) "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement "VLC media player" = VLC media player 1.0.3 "Windows Live Toolbar" = Windows Live Toolbar [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 01.01.2010 01:30:11 | Computer Name = Uwe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung TpScrex.exe, Version 1.0.0.1, Zeitstempel 0x448f9bf1, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x1000148b, Prozess-ID 0x109c, Anwendungsstartzeit 01ca8aa2b880fa73. Error - 01.01.2010 01:33:02 | Computer Name = Uwe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung mbam-setup.exe, Version 1.42.0.0, Zeitstempel 0x2a425e19, fehlerhaftes Modul mbam-setup.exe, Version 1.42.0.0, Zeitstempel 0x2a425e19, Ausnahmecode 0x80000003, Fehleroffset 0x00009b24, Prozess-ID 0x1244, Anwendungsstartzeit 01ca8aa3e29e73e3. Error - 01.01.2010 01:37:23 | Computer Name = Uwe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung mbam-setup.exe, Version 1.42.0.0, Zeitstempel 0x2a425e19, fehlerhaftes Modul mbam-setup.exe, Version 1.42.0.0, Zeitstempel 0x2a425e19, Ausnahmecode 0x80000003, Fehleroffset 0x00009b24, Prozess-ID 0x13ec, Anwendungsstartzeit 01ca8aa47e6730a3. Error - 01.01.2010 01:53:16 | Computer Name = Uwe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung c.exe, Version 0.0.0.0, Zeitstempel 0x4b38c5a4, fehlerhaftes Modul mshtml.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4a969195, Ausnahmecode 0xc0000005, Fehleroffset 0x6dd5d8af, Prozess-ID 0xb1c, Anwendungsstartzeit 01ca8aa6b4a3d313. Error - 01.01.2010 02:55:17 | Computer Name = Uwe-PC | Source = WerSvc | ID = 5007 Description = Error - 01.01.2010 03:04:28 | Computer Name = Uwe-PC | Source = WerSvc | ID = 5007 Description = Error - 01.01.2010 07:35:17 | Computer Name = Uwe-PC | Source = WerSvc | ID = 5007 Description = Error - 01.01.2010 17:58:16 | Computer Name = Uwe-PC | Source = WerSvc | ID = 5007 Description = Error - 01.01.2010 18:04:07 | Computer Name = Uwe-PC | Source = WerSvc | ID = 5007 Description = Error - 01.01.2010 18:49:03 | Computer Name = Uwe-PC | Source = WerSvc | ID = 5007 Description = [ System Events ] Error - 01.01.2010 17:35:39 | Computer Name = Uwe-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 01.01.2010 17:35:39 | Computer Name = Uwe-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 01.01.2010 17:35:39 | Computer Name = Uwe-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 01.01.2010 17:35:39 | Computer Name = Uwe-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 01.01.2010 17:35:44 | Computer Name = Uwe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 01.01.2010 17:58:23 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 01.01.2010 17:58:23 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7026 Description = Error - 01.01.2010 18:03:51 | Computer Name = Uwe-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 01.01.2010 um 23:02:25 unerwartet heruntergefahren. Error - 01.01.2010 18:04:32 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 01.01.2010 18:49:06 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1 .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* chm.file [open] -- "%SystemRoot%\hh.exe" %1 cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [scan_with_SPYWAREfighter] -- C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe /scan "%1" (SPAMfighter) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{4A38939F-8B2C-4FFF-8C6A-022459453E88}C:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe" = protocol=6 | dir=in | app=c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe | "TCP Query User{BCDBB0FB-B469-4BE7-B817-1E8BEE3CD247}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{784B0D3F-9B71-447F-BC03-2E1BDCE7ABAF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{EBFA8BB3-ACBC-4AB9-9283-209A6F9B1420}C:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe" = protocol=17 | dir=in | app=c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900 "{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message "{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject' "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6 "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security "{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5A7D2B13-9522-48A9-A06F-A9C4AA33D8AD}" = SPYWAREfighter "{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections "{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90E00407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Multimedia Center For Think Offerings "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center "{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component "{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers "{E1A83640-A568-4B56-A4C9-AB38C7035156}" = ThinkPad Mobility Center Customization "{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV "{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant "2B6D818F3939804B01D509A4234EFE979CAAADCA" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011) "33B90F7893A16FA92E149B05C5B46C501B4202CD" = Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43) "38C8E8384B1D0355BE6B7A0EE5ACD9EA7122E268" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011) "4CF15B23EAB3D8AAA1E32F8ED986D8811D81835D" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1008) "530B366ABB8F4E0087E6FB2DE3609611DF9D8D27" = Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008) "5B35493BBF3623E997EADC90AFF8AA66DF7A114F" = Windows Driver Package - Intel System (09/15/2006 8.2.0.1000) "787E3A824531CE2DB2180F5CFAD00B052D0E389E" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1010) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AwayTask" = Maintenance Manager "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem "Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "E40C666F7FDCD87A10F83B12403CB4F0AE34A16D" = Windows Driver Package - Intel (e1express) Net (02/27/2007 9.7.37.0) "E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011) "FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista "Lenovo Registration" = Lenovo Registration "LENOVO.SMIIF" = Lenovo System Interface Driver "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6) "NVIDIA Drivers" = NVIDIA Drivers "OnScreenDisplay" = Anzeige am Bildschirm "PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows "Picasa2" = Picasa 2 "Power Management Driver" = ThinkPad Power Management Driver "PROSet" = Intel(R) PRO Network Connections Drivers "SPYWAREfighter" = SPYWAREfighter "SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation) "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement "VLC media player" = VLC media player 1.0.3 "Windows Live Toolbar" = Windows Live Toolbar [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 01.01.2010 01:30:11 | Computer Name = Uwe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung TpScrex.exe, Version 1.0.0.1, Zeitstempel 0x448f9bf1, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x1000148b, Prozess-ID 0x109c, Anwendungsstartzeit 01ca8aa2b880fa73. Error - 01.01.2010 01:33:02 | Computer Name = Uwe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung mbam-setup.exe, Version 1.42.0.0, Zeitstempel 0x2a425e19, fehlerhaftes Modul mbam-setup.exe, Version 1.42.0.0, Zeitstempel 0x2a425e19, Ausnahmecode 0x80000003, Fehleroffset 0x00009b24, Prozess-ID 0x1244, Anwendungsstartzeit 01ca8aa3e29e73e3. Error - 01.01.2010 01:37:23 | Computer Name = Uwe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung mbam-setup.exe, Version 1.42.0.0, Zeitstempel 0x2a425e19, fehlerhaftes Modul mbam-setup.exe, Version 1.42.0.0, Zeitstempel 0x2a425e19, Ausnahmecode 0x80000003, Fehleroffset 0x00009b24, Prozess-ID 0x13ec, Anwendungsstartzeit 01ca8aa47e6730a3. Error - 01.01.2010 01:53:16 | Computer Name = Uwe-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung c.exe, Version 0.0.0.0, Zeitstempel 0x4b38c5a4, fehlerhaftes Modul mshtml.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4a969195, Ausnahmecode 0xc0000005, Fehleroffset 0x6dd5d8af, Prozess-ID 0xb1c, Anwendungsstartzeit 01ca8aa6b4a3d313. Error - 01.01.2010 02:55:17 | Computer Name = Uwe-PC | Source = WerSvc | ID = 5007 Description = Error - 01.01.2010 03:04:28 | Computer Name = Uwe-PC | Source = WerSvc | ID = 5007 Description = Error - 01.01.2010 07:35:17 | Computer Name = Uwe-PC | Source = WerSvc | ID = 5007 Description = Error - 01.01.2010 17:58:16 | Computer Name = Uwe-PC | Source = WerSvc | ID = 5007 Description = Error - 01.01.2010 18:04:07 | Computer Name = Uwe-PC | Source = WerSvc | ID = 5007 Description = Error - 01.01.2010 18:49:03 | Computer Name = Uwe-PC | Source = WerSvc | ID = 5007 Description = [ System Events ] Error - 01.01.2010 17:35:39 | Computer Name = Uwe-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 01.01.2010 17:35:39 | Computer Name = Uwe-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 01.01.2010 17:35:39 | Computer Name = Uwe-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 01.01.2010 17:35:39 | Computer Name = Uwe-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 01.01.2010 17:35:44 | Computer Name = Uwe-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 01.01.2010 17:58:23 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 01.01.2010 17:58:23 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7026 Description = Error - 01.01.2010 18:03:51 | Computer Name = Uwe-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 01.01.2010 um 23:02:25 unerwartet heruntergefahren. Error - 01.01.2010 18:04:32 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000 Description = Error - 01.01.2010 18:49:06 | Computer Name = Uwe-PC | Source = Service Control Manager | ID = 7000 Description = < End of report >