|
Plagegeister aller Art und deren Bekämpfung: Spyhunter - noch vorhanden?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.02.2013, 13:19 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter - noch vorhanden? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
26.02.2013, 19:22 | #17 |
| Spyhunter - noch vorhanden? also Malewarebytes hat nichts mehr
__________________aber ESET sagt: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=604ab1ab32731140888d36e54623860d # engine=13241 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-26 01:20:05 # local_time=2013-02-26 02:20:05 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 98 97410 227264895 90197 0 # compatibility_mode=5893 16776573 100 94 318242 113471455 0 0 # compatibility_mode=7937 16777214 28 75 380497 1193543 0 0 # scanned=103392 # found=1 # cleaned=0 # scan_time=13269 sh=56CF3F22BFBD6F2AFE33780DDB4673BB0CB14A82 ft=0 fh=0000000000000000 vn="Win32/Virut.NBP virus" ac=I fn="C:\Users\JLA-PC\Desktop\Dateien\Spiele\Downloads\fallout3d.7z" ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=604ab1ab32731140888d36e54623860d # engine=13243 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-26 05:52:14 # local_time=2013-02-26 06:52:14 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 98 70544 227324424 63293 0 # compatibility_mode=5893 16776573 100 94 377771 113530984 0 0 # compatibility_mode=7937 16777214 28 75 440026 1253072 0 0 # scanned=209618 # found=2 # cleaned=0 # scan_time=29776 sh=56CF3F22BFBD6F2AFE33780DDB4673BB0CB14A82 ft=0 fh=0000000000000000 vn="Win32/Virut.NBP virus" ac=I fn="C:\Users\JLA-PC\Desktop\Dateien\Spiele\Downloads\fallout3d.7z" sh=F85ACC6D44ED37D5C487581495CD52F644911B2B ft=1 fh=b11cb89f3457cf6c vn="Win32/Virut.NBP virus" ac=I fn="C:\Users\JLA-PC\Desktop\Dateien\Spiele\Downloads\fallout3d\FalloutLauncher.exe" |
26.02.2013, 23:43 | #18 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter - noch vorhanden?Zitat:
__________________ |
27.02.2013, 15:20 | #19 |
| Spyhunter - noch vorhanden? Hmm... um ehrlich zu sein, weiß ich das nicht mehr. Das sind alles Sachen von früher, die noch auf dem PC drauf sind/waren bzw. von einem alten PC herüber kopiert wurden. Hab jetzt mal in der Richtung ausgemistet. Meinst du das hat an der Datei gelegen? |
27.02.2013, 15:34 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter - noch vorhanden? Wer von euch spielt denn Fallout? Also für mich sieht das Teil nach einem illegalen/gecrackten Mist aus aber sicher bin ich mir da nicht Lösch die gefundenen Dateien von ESET bitte umgehend!
__________________ Logfiles bitte immer in CODE-Tags posten |
27.02.2013, 19:59 | #21 |
| Spyhunter - noch vorhanden? so alles gelöscht und nochmal ESET drüberlaufen lassen. Scheint alles sauber zu sein =) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=604ab1ab32731140888d36e54623860d # engine=13253 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-27 06:56:31 # local_time=2013-02-27 07:56:31 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 98 74400 227414681 67185 0 # compatibility_mode=5893 16776573 100 94 123051 113621241 0 0 # compatibility_mode=7937 16777214 28 75 530283 1343329 0 0 # scanned=208689 # found=0 # cleaned=0 # scan_time=15352 |
27.02.2013, 20:52 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter - noch vorhanden? Das Log von MBAM bitte auch posten egal ob Fund oder kein Fund
__________________ Logfiles bitte immer in CODE-Tags posten |
27.02.2013, 21:53 | #23 |
| Spyhunter - noch vorhanden?Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.25.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 JLA-PC :: JLA-PC-THINK [Administrator] 25.02.2013 22:19:10 mbam-log-2013-02-25 (22-19-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 231755 Laufzeit: 4 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
27.02.2013, 21:57 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter - noch vorhanden? Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
27.02.2013, 22:00 | #25 |
| Spyhunter - noch vorhanden? Also nach den Überprüfungsmöglichkeiten die ich habe, ist alles sauber. hab nochmal SystemLook drüberlaufen lassen. Sind die Einträge irgendwie schlimm? Bzw. kann ich die irgendwie entfernen? Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 22:04 on 27/02/2013 by JLA-PC Administrator - Elevation successful ========== filefind ========== Searching for "*spyhunter*" C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130221_162927.log --a---- 124026 bytes [15:29 21/02/2013] [17:43 21/02/2013] 4B06860C638B6D7C0A71B4E364CF9FF3 Searching for "*enigma*" No files found. ========== folderfind ========== Searching for "*spyhunter*" C:\Program Files\Enigma Software Group\SpyHunter d------ [15:29 21/02/2013] Searching for "*enigma*" C:\Program Files\Enigma Software Group d------ [15:29 21/02/2013] ========== regfind ========== Searching for "spyhunter" [HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter] [HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig] "InstallLoc"="C:\Program Files\Enigma Software Group\SpyHunter" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\Enigma Software Group\SpyHunter\"="1" Searching for "enigma" [HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup] [HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig] "InstallLoc"="C:\Program Files\Enigma Software Group\SpyHunter" [HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig] "uninstlnk"="hxxp://sh.enigmasoftware.com/sh4/survey/uninstall_survey.php?affid=0&hwx=b78170ca7594c805ca9767f6353acccf&id=2&lang=DE&sid=anti-spyware-101.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\Enigma Software Group\SpyHunter\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\Enigma Software Group\"="1" -= EOF =- |
27.02.2013, 22:22 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter - noch vorhanden? Was soll jetzt bitte ein Log von Systemlook? Ich hab es nicht angefordert und du verstehst die Logs offensichtlich von diesem Tool auch nicht Außerdem steht da nur Spyhunter drin! Lass die Finger von Tools die du weder verstehst noch ein Helfer angefordert hat
__________________ Logfiles bitte immer in CODE-Tags posten |
27.02.2013, 22:27 | #27 |
| Spyhunter - noch vorhanden? Entschuldige, ich wollte nur auf die Suche gehen, weil du gefragt hast, ob alles sauber wäre. Danke für deine Hilfe bis hierhin! Gibt es jetzt noch etwas zu tun? |
28.02.2013, 08:36 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter - noch vorhanden? Edit: ich glaub ich hatte irgendwie einen Brett vorm Kopf gestern Spyhunter ist ja genau das was weg sollte, ich habs gestern mit was anderem verwechselt Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
28.02.2013, 13:03 | #29 |
| Spyhunter - noch vorhanden? OTL Code:
ATTFilter OTL logfile created on: 28.02.2013 12:31:16 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JLA-PC\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,89 Gb Total Physical Memory | 5,50 Gb Available Physical Memory | 69,69% Memory free 15,78 Gb Paging File | 13,28 Gb Available in Paging File | 84,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,87 Gb Total Space | 323,01 Gb Free Space | 71,32% Space Free | Partition Type: NTFS Drive Q: | 11,72 Gb Total Space | 1,79 Gb Free Space | 15,29% Space Free | Partition Type: NTFS Computer Name: JLA-PC-THINK | User Name: JLA-PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\JLA-PC\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\JLA-PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe (IBM) PRC - C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe (IBM Corp) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.) PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () PRC - C:\Program Files (x86)\dcmsvc\dcmsvc.exe () PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Programme\Lenovo\AutoLock\cv210.dll () MOD - C:\Programme\Lenovo\AutoLock\cxcore210.dll () MOD - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () MOD - C:\Program Files (x86)\dcmsvc\dcmsvc.exe () ========== Services (SafeList) ========== SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation) SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Lotus Notes Diagnostics) -- C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe (IBM) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (LNSUSvc) -- C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe (IBM Corp) SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC) DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Lenovo) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{3DE02020-2551-4A48-8D96-87703E7B2026}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{9506503A-E0C7-454F-BB0B-601E98A3DD8E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3330115897-4153597036-1136839643-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-21-3330115897-4153597036-1136839643-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKU\S-1-5-21-3330115897-4153597036-1136839643-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3330115897-4153597036-1136839643-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3330115897-4153597036-1136839643-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "yahoo.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.12 00:45:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.02 23:49:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.21 18:44:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\JLA-PC\AppData\Roaming\15001.016 FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.02 23:49:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.21 18:44:36 | 000,000,000 | ---D | M] [2012.07.11 23:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JLA-PC\AppData\Roaming\mozilla\Extensions [2013.02.23 09:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JLA-PC\AppData\Roaming\mozilla\Firefox\Profiles\ku8i2sq7.default\extensions [2012.11.11 02:44:17 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\JLA-PC\AppData\Roaming\mozilla\firefox\profiles\ku8i2sq7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.02 23:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.02 23:49:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.18 09:14:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.02.23 00:12:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe () O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKU\S-1-5-21-3330115897-4153597036-1136839643-1001..\Run: [Spotify Web Helper] C:\Users\JLA-PC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3330115897-4153597036-1136839643-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3330115897-4153597036-1136839643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\JLA-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\JLA-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\JLA-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\JLA-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn-unidsl.rwth-aachen.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85683407-D20A-4C22-9959-A561D1FE1A1D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.02.21 16:29:50 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.25 22:24:31 | 002,347,384 | ---- | C] (ESET) -- C:\Users\JLA-PC\Desktop\esetsmartinstaller_enu.exe [2013.02.25 00:03:12 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.23 09:31:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.23 09:31:13 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.23 09:30:49 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\JLA-PC\Desktop\JRT.exe [2013.02.23 00:32:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.23 00:08:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.23 00:08:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.23 00:08:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.23 00:07:05 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.23 00:06:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.23 00:05:35 | 005,034,222 | R--- | C] (Swearware) -- C:\Users\JLA-PC\Desktop\ComboFix.exe [2013.02.22 21:51:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JLA-PC\Desktop\tdsskiller.exe [2013.02.22 13:47:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.22 11:49:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\JLA-PC\Desktop\aswMBR.exe [2013.02.22 11:25:39 | 000,000,000 | ---D | C] -- C:\Users\JLA-PC\Desktop\mbar-1.01.0.1020 [2013.02.21 21:04:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JLA-PC\Desktop\OTL.exe [2013.02.21 18:59:48 | 000,000,000 | ---D | C] -- C:\Users\JLA-PC\AppData\Roaming\Malwarebytes [2013.02.21 18:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.21 18:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.21 18:59:00 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.21 18:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.21 18:58:44 | 000,000,000 | ---D | C] -- C:\Users\JLA-PC\AppData\Local\Programs [2013.02.21 18:58:27 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\JLA-PC\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.21 17:38:12 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.02.21 17:38:12 | 000,000,000 | ---D | C] -- C:\Users\JLA-PC\AppData\Roaming\Spyware Terminator [2013.02.21 17:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2013.02.21 17:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2013.02.21 17:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2013.02.21 17:34:36 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.02.21 16:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.02.21 16:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.02.20 11:36:36 | 000,000,000 | ---D | C] -- C:\Users\JLA-PC\AppData\Roaming\Ulead Systems [2013.02.20 11:36:36 | 000,000,000 | ---D | C] -- C:\Users\JLA-PC\Documents\Ulead Burn.Now [2013.02.20 10:41:46 | 000,000,000 | ---D | C] -- C:\Users\JLA-PC\AppData\Roaming\e-academy Inc [2013.02.20 10:41:46 | 000,000,000 | ---D | C] -- C:\Users\JLA-PC\AppData\Local\e-academy Inc [2013.02.14 10:28:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.14 10:28:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.14 10:28:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.14 10:28:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.14 10:28:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.14 10:28:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.14 10:28:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.14 10:28:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.14 10:28:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.14 10:28:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.14 10:28:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.14 10:28:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.14 10:28:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.14 10:28:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.14 10:28:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 22:40:15 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 22:40:13 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 22:40:12 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 22:40:02 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 22:40:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 22:40:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 22:40:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 22:40:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 22:40:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 22:39:57 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.02 15:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 ========== Files - Modified Within 30 Days ========== [2013.02.28 12:28:10 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 12:28:10 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 12:26:01 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.02.28 12:25:48 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.28 12:25:48 | 000,656,294 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.28 12:25:48 | 000,616,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.28 12:25:48 | 000,130,894 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.28 12:25:48 | 000,107,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.28 12:20:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.28 12:20:41 | 2058,801,151 | -HS- | M] () -- C:\hiberfil.sys [2013.02.25 22:25:25 | 002,347,384 | ---- | M] (ESET) -- C:\Users\JLA-PC\Desktop\esetsmartinstaller_enu.exe [2013.02.23 09:30:52 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\JLA-PC\Desktop\JRT.exe [2013.02.23 00:12:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.23 00:05:47 | 005,034,222 | R--- | M] (Swearware) -- C:\Users\JLA-PC\Desktop\ComboFix.exe [2013.02.22 21:51:02 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JLA-PC\Desktop\tdsskiller.exe [2013.02.22 15:53:44 | 576,869,716 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.22 13:45:54 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\JLA-PC\Desktop\aswMBR.exe [2013.02.21 21:42:46 | 000,376,832 | ---- | M] () -- C:\Users\JLA-PC\Desktop\gmer_2.1.19081.exe [2013.02.21 21:36:54 | 000,706,730 | ---- | M] () -- C:\Users\JLA-PC\Desktop\delfix.exe [2013.02.21 21:04:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JLA-PC\Desktop\OTL.exe [2013.02.21 20:59:29 | 000,050,477 | ---- | M] () -- C:\Users\JLA-PC\Desktop\Defogger.exe [2013.02.21 19:32:31 | 000,587,671 | ---- | M] () -- C:\Users\JLA-PC\Desktop\adwcleaner0.exe [2013.02.21 19:14:37 | 000,165,376 | ---- | M] () -- C:\Users\JLA-PC\Desktop\SystemLook_x64.exe [2013.02.21 18:59:06 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.21 18:58:33 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\JLA-PC\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.21 17:38:12 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.02.21 16:29:50 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.02.15 11:45:21 | 004,320,054 | ---- | M] () -- C:\Users\JLA-PC\Desktop\Wifo Abmeldung.bmp [2013.02.14 15:05:44 | 000,437,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.07 22:07:24 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job ========== Files Created - No Company Name ========== [2013.02.23 00:08:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.23 00:08:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.23 00:08:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.23 00:08:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.23 00:08:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.22 13:47:39 | 576,869,716 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.21 21:42:44 | 000,376,832 | ---- | C] () -- C:\Users\JLA-PC\Desktop\gmer_2.1.19081.exe [2013.02.21 21:36:31 | 000,706,730 | ---- | C] () -- C:\Users\JLA-PC\Desktop\delfix.exe [2013.02.21 20:59:28 | 000,050,477 | ---- | C] () -- C:\Users\JLA-PC\Desktop\Defogger.exe [2013.02.21 19:32:16 | 000,587,671 | ---- | C] () -- C:\Users\JLA-PC\Desktop\adwcleaner0.exe [2013.02.21 19:14:33 | 000,165,376 | ---- | C] () -- C:\Users\JLA-PC\Desktop\SystemLook_x64.exe [2013.02.21 18:59:06 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.21 16:29:50 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.02.15 11:44:44 | 004,320,054 | ---- | C] () -- C:\Users\JLA-PC\Desktop\Wifo Abmeldung.bmp [2012.12.21 03:00:08 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.07.16 19:02:16 | 000,057,564 | ---- | C] () -- C:\Users\JLA-PC\install.xml [2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.04.08 22:14:30 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.04.08 13:01:33 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.04.08 13:01:33 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.04.08 13:01:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.02.2013 12:31:16 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JLA-PC\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,89 Gb Total Physical Memory | 5,50 Gb Available Physical Memory | 69,69% Memory free 15,78 Gb Paging File | 13,28 Gb Available in Paging File | 84,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,87 Gb Total Space | 323,01 Gb Free Space | 71,32% Space Free | Partition Type: NTFS Drive Q: | 11,72 Gb Total Space | 1,79 Gb Free Space | 15,29% Space Free | Partition Type: NTFS Computer Name: JLA-PC-THINK | User Name: JLA-PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3330115897-4153597036-1136839643-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F2A33BD-D35E-48B7-A043-1BAE2B983180}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{39398838-FCD5-4A3D-9E7B-756BD0CC6144}" = lport=445 | protocol=6 | dir=in | app=system | "{509585AA-013C-418D-A255-6BF8D802C06E}" = rport=139 | protocol=6 | dir=out | app=system | "{549A2E82-770D-4C90-8273-096ED24C20B2}" = lport=137 | protocol=17 | dir=in | app=system | "{5E27BD27-CEF0-4030-8B36-95B20D50F618}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{76FBE359-8F37-4281-A455-31C5E207DC21}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{81FABDF5-DF3C-40E4-8410-186E02592BDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{91E171BA-44C4-437F-A60C-62D83B3E2A76}" = lport=138 | protocol=17 | dir=in | app=system | "{98535F5E-39EF-4BE7-ACAC-F5088CC1666D}" = rport=137 | protocol=17 | dir=out | app=system | "{9E8E6DAC-2AED-4982-8D77-DA97F00105AC}" = lport=139 | protocol=6 | dir=in | app=system | "{A446A65B-762F-4443-8A4D-2E4A12298327}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C41C5A3A-ADAE-4AD0-B65A-B3B21AB49A8F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{CC1EA4BC-303B-4E7C-92A3-6E3731B0FAAD}" = rport=138 | protocol=17 | dir=out | app=system | "{E864C755-9EFA-4E9D-B9BF-90E3455934D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{F6844839-C74A-4FBD-BA38-E04C9FF6BFF3}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1C2F0D66-2262-440D-86D5-7F9B750751C5}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{1D1BA5D3-048E-4FD7-9A65-6388161F72F6}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{1D6E93C3-908F-4FD4-98D5-1D7BC5E13C17}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{33CA58E7-E4BB-4B20-9E47-A8825D42F3AE}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{482A42B2-A908-4340-9B12-4B6AF4C0348D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{56DBD443-1663-43D0-A8D0-4CD20EF2CB1B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{57EC2E42-5022-48EC-8FAF-4570121B06D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5A57CBF1-CBEA-4953-8109-88C143BCF4AA}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "{5BFFF3C5-CC8E-4EC2-AC94-8D3EDE4B3E22}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{5DA47A14-5E9C-4F8A-9116-BBEB9A82F48A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{5EF47232-9A84-4B74-9B0D-654D0E36E933}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{63773C57-FC50-4514-A62D-D99C4D971204}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | "{7284CDD2-830E-4EF9-ADB7-1D125D3E9BB9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{898F8DF1-9D21-48BC-8458-56BC3CCF6F4F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{8BC0C9C7-6C53-49B3-ACD6-7CC0B3EBBE7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A9B8BB7D-ABB3-477A-A492-21F9ECC63E44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BD46A659-5443-4806-A538-DDDE29AC87DC}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{BDD21EBC-2612-4682-A519-E3539219E091}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C1A71D46-1B00-4DEA-A230-AE7F51EA3A25}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C80CC9D9-05B2-4FF0-B236-8936E8D883F3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D0750D67-0376-4050-8286-29C8D6315EAE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D0EF96BE-98A8-41E4-B805-345501688726}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D80D5A70-13FC-4015-BB9A-833736E49452}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E64AEA9E-410D-4498-B8FA-3081BFE36DB6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{EDC83A03-11EC-4424-AE7C-F76C3AB0BABF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F5E14E3A-2984-4CD5-900E-0BACD4F17506}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{F934C19F-B77A-42F6-AE21-35309C6F5096}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FC5ED098-EF3C-4BE2-B33F-9ABCAB60FACA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FE7ED57C-7EB1-4B51-8A91-8BF09F7A4EA0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "TCP Query User{26510D49-EAB7-4297-ABFC-D8B7E1A69935}C:\users\jla-pc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jla-pc\appdata\roaming\spotify\spotify.exe | "TCP Query User{2E29D18D-32DD-4F1F-81C9-E5D6A47393F9}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{F0255CE2-8D27-4422-9590-ADD8EED0683F}C:\users\jla-pc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jla-pc\appdata\roaming\spotify\spotify.exe | "UDP Query User{570579E7-D752-4A43-AC92-D8F5D7C6D369}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{8059A947-EA0D-4E21-B28B-E95D06C86061}C:\users\jla-pc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jla-pc\appdata\roaming\spotify\spotify.exe | "UDP Query User{F8BF0A04-6347-4E17-87A2-DF95EE77964D}C:\users\jla-pc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jla-pc\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi-Software "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) "466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) "598E94DC2EBC0E4D1F6240F3E25E1AC6D2D1A0FA" = Windows-Treiberpaket - Ricoh Company SD Host Controller (12/14/2010 6.10.10.25) "6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) "77A943AB876C131591E0EA5DB6AB08D89EE2EA9E" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0) "90FD26A77B849AE03FF5F07A1CDA7F950406A8D8" = Windows-Treiberpaket - Intel (MEIx64) System (10/19/2010 7.0.0.1144) "9B84710FFAE6C50914FCE568B59E426F1386E7F6" = Windows-Treiberpaket - Lenovo (LenovoRd) SmartCardReader (05/11/2009 4.1.0.1) "A513FC5E5A08D4EF27F234E91E0E942A0234210B" = Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD "D97688B8E3830BF9820E15EB8D9552DCBF988CFD" = Windows-Treiberpaket - Intel USB (09/16/2010 9.2.0.1013) "DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 "EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 "FE1BEBFD475BB832AAF104F5C63348E98A9286DF" = Windows-Treiberpaket - Intel System (10/04/2010 9.2.0.1015) "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "OnScreenDisplay" = Anzeige am Bildschirm "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 "{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012 "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5 "{A3DD2EC4-D17E-4EE1-B6A5-4C7075B34627}_is1" = Torchlight Version 1.0 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1134 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D17BC5AF-E3C4-4217-83EF-D228A8A154D9}" = Lotus Notes 8.5.3 de "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information "{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avira AntiVir Desktop" = Avira Free Antivirus "Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung "CanonMyPrinter" = Canon Utilities My Printer "dcmsvc_is1" = dcmsvc 1.0 "DivX Setup" = DivX-Setup "Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.17.824 "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.15.706 "Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706 "Freelancer 1.0" = Freelancer "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition "InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "Lenovo Welcome_is1" = Lenovo Welcome "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Student 2010 "ProInst" = Intel PROSet Wireless "VLC media player" = VLC media player 2.0.2 "WinLiveSuite" = Windows Live Essentials "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3330115897-4153597036-1136839643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.02.2013 12:05:50 | Computer Name = JLA-PC-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4446 Error - 27.02.2013 12:05:51 | Computer Name = JLA-PC-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 27.02.2013 12:05:51 | Computer Name = JLA-PC-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5460 Error - 27.02.2013 12:05:51 | Computer Name = JLA-PC-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5460 Error - 27.02.2013 12:05:52 | Computer Name = JLA-PC-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 27.02.2013 12:05:52 | Computer Name = JLA-PC-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6474 Error - 27.02.2013 12:05:52 | Computer Name = JLA-PC-THINK | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6474 Error - 27.02.2013 14:58:15 | Computer Name = JLA-PC-THINK | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 28.02.2013 07:24:19 | Computer Name = JLA-PC-THINK | Source = System Restore | ID = 8193 Description = Error - 28.02.2013 07:24:20 | Computer Name = JLA-PC-THINK | Source = System Restore | ID = 8193 Description = [ Cisco AnyConnect Secure Mobility Client Events ] Error - 11.07.2012 19:29:20 | Computer Name = JLA-PC-THINK | Source = acvpnagent | ID = 67108866 Description = Function: CCvcConfig::setConfig File: .\vpnconfig.cpp Line: 1261 Invoked Function: CCvcConfig::writeConfigParamToFile Return Code: -33030098 (0xFE08002E) Description: CVCCONFIG_ERROR_FAILED_TO_DELETE_CONFIG_PARAM_FILE Error - 11.07.2012 19:29:29 | Computer Name = JLA-PC-THINK | Source = acvpnagent | ID = 67108866 Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp Line: 633 Invoked Function: AddRoute Return Code: -33095642 (0xFE070026) Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_ALREADY_EXISTS the interface appears to be available Error - 11.07.2012 19:29:29 | Computer Name = JLA-PC-THINK | Source = acvpnagent | ID = 67110872 Description = Failed Route change: Action: DelRoute Destination: 192.168.2.255 Netmask: 255.255.255.255 Gateway: 192.168.2.104 Interface: 192.168.2.104 Metric: 256 Error - 11.07.2012 19:29:29 | Computer Name = JLA-PC-THINK | Source = acvpnagent | ID = 67108866 Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp Line: 242 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED Error - 11.07.2012 19:29:30 | Computer Name = JLA-PC-THINK | Source = acvpnagent | ID = 67110872 Description = Failed Route change: Action: DelRoute Destination: 192.168.2.255 Netmask: 255.255.255.255 Gateway: 192.168.2.104 Interface: 192.168.2.104 Metric: 256 Error - 11.07.2012 19:29:30 | Computer Name = JLA-PC-THINK | Source = acvpnagent | ID = 67108866 Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp Line: 242 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED Error - 11.07.2012 19:29:31 | Computer Name = JLA-PC-THINK | Source = acvpnagent | ID = 67110872 Description = Failed Route change: Action: DelRoute Destination: 192.168.2.255 Netmask: 255.255.255.255 Gateway: 192.168.2.104 Interface: 192.168.2.104 Metric: 256 Error - 11.07.2012 19:29:31 | Computer Name = JLA-PC-THINK | Source = acvpnagent | ID = 67108866 Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp Line: 242 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED Error - 11.07.2012 19:29:57 | Computer Name = JLA-PC-THINK | Source = acvpnagent | ID = 67110873 Description = Termination reason code 7: The agent has been stopped. Error - 11.07.2012 19:30:05 | Computer Name = JLA-PC-THINK | Source = acvpnui | ID = 67108866 Description = Function: ApiIpc::OnIpcMessageReceived File: .\ApiIpc.cpp Line: 692 Invoked Function: ApiIpc::OnIpcMessageReceived Return Code: -33292272 (0xFE040010) Description: IPCTRANSPORT_ERROR_PEER_SHUTTING_DOWN [ System Events ] Error - 24.02.2013 19:06:41 | Computer Name = JLA-PC-THINK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 25.02.2013 04:37:16 | Computer Name = JLA-PC-THINK | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 25.02.2013 04:37:16 | Computer Name = JLA-PC-THINK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 25.02.2013 17:02:54 | Computer Name = JLA-PC-THINK | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 25.02.2013 17:02:54 | Computer Name = JLA-PC-THINK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 27.02.2013 10:00:16 | Computer Name = JLA-PC-THINK | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 27.02.2013 10:00:16 | Computer Name = JLA-PC-THINK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 27.02.2013 12:26:12 | Computer Name = JLA-PC-THINK | Source = bowser | ID = 8003 Description = Error - 28.02.2013 07:23:07 | Computer Name = JLA-PC-THINK | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 28.02.2013 07:23:07 | Computer Name = JLA-PC-THINK | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > |
28.02.2013, 14:28 | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Spyhunter - noch vorhanden?Fixen mit OTL
Code:
ATTFilter :Reg [-HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\Enigma Software Group\"=- :Files C:\Program Files\Enigma Software Group ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Spyhunter - noch vorhanden? |
.html, adwcleaner, anhang, beiträge, beseitigt, deinstalliert, einträge, etliche, fehler, gefunde, hoffe, liebe, nachdenken, nichts, programm, schnell, spyhunter, suche, systemlook, vorhanden, zuviel |