|
Plagegeister aller Art und deren Bekämpfung: C:\Users\****\AppData\Local\Temp\jrscpls.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.03.2013, 09:56 | #1 |
| C:\Users\****\AppData\Local\Temp\jrscpls.exe Hab die Meldung drauf gehabt dass ich 100€ Bezahlen soll usw. Ich denke das ist hier mitlerweile bekannt. Hab dann Malware laufen lassen. Die Meldung ist weg aber beim Start von Windows 7 kommt folgende Meldung Problem beim Starten von C:\Users\****\AppData\Local\Temp\jrscpls.exe Das angegebene Modul wurde nicht gefunden. Wenn mir da jemand weiterhelfen könnte wär das super Jimbo |
15.03.2013, 11:40 | #2 |
/// Helfer-Team | C:\Users\****\AppData\Local\Temp\jrscpls.exeDownloade Dir bitte Malwarebytes Anti-Malware
dann: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
15.03.2013, 14:02 | #3 |
| C:\Users\****\AppData\Local\Temp\jrscpls.exe ich nehme mal an es gibt keine Möglich keit ohne die 20€ fur SpeedMaxPc auszugeben?
__________________ |
15.03.2013, 14:07 | #4 |
/// Helfer-Team | C:\Users\****\AppData\Local\Temp\jrscpls.exe Speedmax? Sofort deinstallieren! An Anweisungen halten! |
15.03.2013, 17:27 | #5 |
| C:\Users\****\AppData\Local\Temp\jrscpls.exe Ich dachte die Anweisung war der Link reparieren eines DLL Fehlers! |
15.03.2013, 21:15 | #6 |
/// Helfer-Team | C:\Users\****\AppData\Local\Temp\jrscpls.exe
__________________ --> C:\Users\****\AppData\Local\Temp\jrscpls.exe |
27.04.2013, 18:57 | #7 |
| C:\Users\****\AppData\Local\Temp\jrscpls.exe So hab den Scan gemacht. Hat was gedauert bis ich zu gekommen bin. Hatte selber nen Virus an dem Ihr hier bestimmt nix machen konntet. Ergebnis: Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.04.04.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 donny1982 :: DONNY1982-THINK [Administrator] Schutz: Aktiviert 27.04.2013 19:46:24 mbam-log-2013-04-27 (19-46-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 272136 Laufzeit: 8 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
28.04.2013, 14:48 | #8 |
/// Helfer-Team | C:\Users\****\AppData\Local\Temp\jrscpls.exe Bitte Anweisungen befolgen. |
01.05.2013, 11:23 | #9 |
| C:\Users\****\AppData\Local\Temp\jrscpls.exe So hoffe nu is alles richtig. Sorry hab letze mal nicht richtig gelesen. Malware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.04.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 donny1982 :: DONNY1982-THINK [Administrator] Schutz: Aktiviert 01.05.2013 10:18:49 MBAM-log-2013-05-01 (11-53-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 422823 Laufzeit: 1 Stunde(n), 34 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Download\Software\AVS Video Converter 8.1.2.510\activator.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt. C:\Download\Software\CloneDVD v2.9.3.0\core-keygen.exe.vir (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\core-keygen.exe.vir (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. C:\Users\donny1982\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2EOP8C4\50f47504ee60d[1].exe.vir (PUP.FakePlug) -> Keine Aktion durchgeführt. (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.05.2013 12:02:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\donny1982\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,89 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 48,31% Memory free 7,77 Gb Paging File | 5,48 Gb Available in Paging File | 70,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 464,29 Gb Total Space | 379,64 Gb Free Space | 81,77% Space Free | Partition Type: NTFS Computer Name: DONNY1982-THINK | User Name: donny1982 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\donny1982\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.) PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () ========== Services (SafeList) ========== SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.) SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited) SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.) SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys () DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GdNetMon) -- C:\Windows\SysNative\drivers\GdNetMon64.sys (G Data Software AG) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys () DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys () DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited) DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\SearchScopes\{3A6967C4-F161-4BB7-A843-166EBBDBD3A8}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949 IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE475DE478 IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\SearchScopes\{988600D7-6B86-413C-B577-C7814F8BD744}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=60433927-97B7-4D83-83A5-4B92312E5F8C&apn_sauid=977FBA54-1D2F-4EA5-B5DB-C916D1624015 IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={1A6DEF70-B90B-4697-8E57-2E69F8EA74D1}&src=2&crg=3.1010000&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - prefs.js..browser.startup.homepage: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.14 22:51:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.11 22:11:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.11 22:11:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.24 20:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\donny1982\AppData\Roaming\mozilla\Extensions [2012.05.24 20:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\donny1982\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.01.24 12:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\donny1982\AppData\Roaming\mozilla\Firefox\Profiles\ui7ikhwp.default\extensions [2013.01.24 12:50:57 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\donny1982\AppData\Roaming\mozilla\Firefox\Profiles\ui7ikhwp.default\extensions\50f47504d6fd9@50f47504d7012.com [2012.11.01 07:06:30 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\donny1982\AppData\Roaming\mozilla\Firefox\Profiles\ui7ikhwp.default\extensions\toolbar@ask.com [2012.12.16 20:52:47 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\donny1982\AppData\Roaming\mozilla\firefox\profiles\ui7ikhwp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.01.13 13:32:23 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\donny1982\AppData\Roaming\mozilla\firefox\profiles\ui7ikhwp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.11.01 07:06:30 | 000,002,308 | ---- | M] () -- C:\Users\donny1982\AppData\Roaming\mozilla\firefox\profiles\ui7ikhwp.default\searchplugins\askcom.xml [2012.10.21 19:25:44 | 000,003,915 | ---- | M] () -- C:\Users\donny1982\AppData\Roaming\mozilla\firefox\profiles\ui7ikhwp.default\searchplugins\sweetim.xml [2012.05.21 22:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.11 22:11:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.11 22:11:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.11 22:11:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.11 22:11:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.11 22:11:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.11 22:11:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.11 22:11:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: SaveByclick = C:\Users\donny1982\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecpcopodiflbfakoimmapkaejdmcjnm\1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (SaveByclick) - {28C10440-BE8D-A1E7-843C-C3A31833AA60} - C:\ProgramData\SaveByclick\50f47504d716b.dll File not found O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1003..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\Users\donny1982\Desktop\mbar-1.01.0.1020\mbar\Data\cleanup.dll (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4225370901-2475469407-3187212950-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\donny1982\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\donny1982\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\donny1982\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\donny1982\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5606821E-786A-4189-AA75-549261DD8ACD}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{644B01BB-FDD5-44A8-8884-25E5384553D4}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\slpcsrj.bat) - C:\ProgramData\slpcsrj.bat () O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\slpcsrj.bat) - C:\ProgramData\slpcsrj.bat () O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.01 11:59:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\donny1982\Desktop\OTL.exe [2013.05.01 10:17:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.01 10:17:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.01 10:17:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.01 10:17:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.01 10:17:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.01 10:17:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.01 10:17:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.01 10:17:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.01 10:17:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.01 10:17:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.01 10:17:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.01 10:17:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.01 10:17:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.01 10:17:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.01 10:17:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.27 19:43:06 | 000,000,000 | ---D | C] -- C:\Users\donny1982\AppData\Roaming\Malwarebytes [2013.04.27 19:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.27 19:42:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.27 19:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.27 19:32:36 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.27 19:32:36 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.27 19:32:36 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.27 19:32:36 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.27 19:32:35 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.27 19:32:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.27 19:28:05 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.27 19:28:04 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.27 19:28:04 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.27 19:28:04 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.27 19:28:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.27 19:28:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.27 19:27:56 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2012.04.01 21:27:29 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\donny1982\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2013.05.01 12:04:07 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.01 12:04:07 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.01 12:04:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2013.05.01 12:03:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.05.01 12:01:35 | 000,657,016 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.01 12:01:35 | 000,618,858 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.01 12:01:35 | 000,131,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.01 12:01:35 | 000,107,836 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.01 12:01:34 | 001,506,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.01 11:57:34 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.01 11:56:08 | 000,322,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.01 11:55:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.01 11:55:25 | 3129,397,248 | -HS- | M] () -- C:\hiberfil.sys [2013.05.01 11:45:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.01 11:15:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.01 11:13:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\donny1982\Desktop\OTL.exe [2013.05.01 10:42:20 | 001,057,785 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2013.05.01 10:42:20 | 000,054,533 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2013.04.27 19:47:02 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.27 19:47:02 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.27 19:42:59 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.27 19:10:39 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job [2013.04.27 19:10:39 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Update3.job [2013.04.27 19:10:39 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc.job [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013.04.27 19:42:59 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.02 15:37:51 | 000,000,153 | ---- | C] () -- C:\ProgramData\slpcsrj.reg [2013.02.02 15:37:51 | 000,000,082 | ---- | C] () -- C:\ProgramData\slpcsrj.bat [2013.02.02 15:37:43 | 095,023,320 | ---- | C] () -- C:\ProgramData\slpcsrj.pad [2012.06.11 18:56:58 | 000,004,096 | -H-- | C] () -- C:\Users\donny1982\AppData\Local\keyfile3.drm [2012.05.09 21:21:11 | 000,000,600 | ---- | C] () -- C:\Users\donny1982\AppData\Local\PUTTY.RND [2012.04.02 20:45:34 | 000,017,408 | ---- | C] () -- C:\Users\donny1982\AppData\Local\WebpageIcons.db [2012.04.02 06:57:21 | 000,000,131 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.04.01 21:27:46 | 000,001,041 | ---- | C] () -- C:\Users\donny1982\AppData\Roaming\vso_ts_preview.xml [2012.04.01 21:27:29 | 000,099,384 | ---- | C] () -- C:\Users\donny1982\AppData\Roaming\inst.exe [2012.04.01 21:27:29 | 000,007,859 | ---- | C] () -- C:\Users\donny1982\AppData\Roaming\pcouffin.cat [2012.04.01 21:27:29 | 000,001,167 | ---- | C] () -- C:\Users\donny1982\AppData\Roaming\pcouffin.inf [2012.04.01 21:19:19 | 001,057,785 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.04.01 21:13:42 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.03.18 21:22:47 | 001,692,288 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2012.03.18 21:22:47 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2012.03.18 21:22:46 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2012.03.18 21:22:46 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2012.03.18 21:22:46 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2012.03.16 01:40:49 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2012.03.16 01:40:18 | 001,543,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.23 21:07:01 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.02.23 12:40:03 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.02.23 12:40:02 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.02.23 12:40:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.05.2013 12:02:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\donny1982\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,89 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 48,31% Memory free 7,77 Gb Paging File | 5,48 Gb Available in Paging File | 70,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 464,29 Gb Total Space | 379,64 Gb Free Space | 81,77% Space Free | Partition Type: NTFS Computer Name: DONNY1982-THINK | User Name: donny1982 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-4225370901-2475469407-3187212950-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1A4E39C5-5CBB-4CF7-8D7B-ACAF05951A06}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{1F602BC5-1759-4B38-A420-A15AF4E37C76}" = rport=10243 | protocol=6 | dir=out | app=system | "{2CB34BCA-2175-4D57-9945-C8D30400B109}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{30B2E3C9-B730-42C4-9462-077EB40561E6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{3FF89EE6-D101-4EC9-9C38-3ECC13A2FDBE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4C76D0DF-92E5-43D2-80F2-BA494EF319C3}" = lport=3389 | protocol=6 | dir=in | app=system | "{646EDDB1-98C5-45D2-80EE-D8CDB5F043F4}" = lport=10243 | protocol=6 | dir=in | app=system | "{69A803DD-CFE3-436D-B2B8-78A83A3EB5C3}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | "{6B4616E6-5F93-4507-A357-68082A168B2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AB943BAE-06C0-4339-9248-C65D1B71A699}" = lport=2869 | protocol=6 | dir=in | app=system | "{D85A8676-8BC5-4F1C-B28C-7D6EAC866DEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E9D28883-BB88-43CF-82AA-5296F7D3A442}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F54E7197-C020-4ECA-80D1-5E9DA85674AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02953322-B048-4D38-886B-BA9243387E98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{031F3FD9-3243-49F0-B533-5DD93D8A5201}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{17C1E2E7-60A8-4361-A533-F3DFD76429C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1ABDFFBF-4EDB-4C93-B4DE-AE71715DE5E9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{26CBD4E0-2B49-4824-A95A-CD84A7384A7C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{2983DD26-3363-4485-A7D8-4414A128E3AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{30510965-DCE6-4901-B9EC-0C745B8FAA60}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{38648BC7-B3DD-4B1C-9C63-B1F55E4FFFF8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{3E8062E5-516E-4C0A-A4BC-83DB23D40851}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{426E4B9D-5DD2-4B06-9315-BC5712AF8283}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{44231DA7-6F2A-4E14-9487-CE5F2E46A766}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A13C49A-354A-488F-957D-46CF96C02EAA}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | "{4EECA9D4-E60E-4398-9015-6B0426F23F86}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{56F324E7-DB5C-4807-ABF0-4B9838A2C866}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{58B2DEDF-888F-44AF-BA49-3273EFA00AE2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5AF95DAE-3892-4D70-9580-93410409B4DB}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{6A78ACFA-5FA8-4724-A60F-3E11443B1C17}" = protocol=6 | dir=out | app=system | "{6E06865A-189B-47CE-B7FB-90C17B6229E4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{78E3B460-F074-4C62-98D4-4A2C00114258}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{82BD43E4-CD52-47EE-B4BB-9EFCE524EC11}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{83C92993-AE19-4C70-98D3-2D9B43078EF3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{90228575-80D0-43E4-891F-7783E7EF69A0}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{95D0F951-417E-4833-ACC6-95D05DD6D703}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{99B5B823-C69F-42F8-9CC0-EEA1F233C2BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9D75750C-2396-4588-AE8D-1F38CD3C93C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9FD5039C-9DFA-4608-9E3F-917011E22597}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{A5497C3F-EDD0-48B5-8E43-6EED752A3323}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{AC961243-4EBA-42C3-9B0B-D8C91E4EAE12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{ADF7274F-0472-4AA6-8F41-A442ACB15A2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AE770071-864A-4636-AA2E-8E9B975E64AE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{B57A920E-572F-4352-95F1-CB087056FE14}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{BAF69C09-0219-4F63-8D62-8CB06D29F5B6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C1CF4DF6-4504-411D-BCBE-3FF94E6917AD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C1D0DEC4-1C5F-4E26-B588-AB6ABEFFB0FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C59788D6-3843-45B3-A83D-2039E1DA5869}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C77A7C3D-E3C0-4910-A089-048C6CBFE9E5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D0B2FA45-DE9F-419A-B2C7-66ECE866DFCD}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe | "{D49F08C9-B962-49D3-A3D9-96AC2BB8B3AD}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{E3738AED-0B4A-41BC-AD2E-C7D99A8113E6}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{E9E8B61F-552C-496E-B492-B540F3C7B60C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software "{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro "{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.71 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.71 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.71 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{C94EB447-5772-48DC-AA37-1F5012AD96B1}" = SaveByClick "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock "{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}" = Lenovo SimpleTap "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) "0DD5528A211904214F70A66DE6ADBD378B21566D" = Windows-Treiberpaket - Intel USB (12/21/2010 9.2.0.1021) "43B5066463CEBC83E99586A67037B6F9FC4193FE" = Windows-Treiberpaket - Intel System (11/20/2010 9.2.0.1016) "466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) "6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) "8058FF31D7C7F4818DC176DAF53CD379968C86E4" = Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) "BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD "DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) "DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 "EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "OnScreenDisplay" = Anzeige am Bildschirm "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SpeedCommander 14 (x64)" = SpeedCommander 14 (x64) "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{09531CAE-B186-49A9-B44F-C607CC54FA2A}" = PDF Architect "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1341F917-C3E5-413E-A11C-AA58273843C4}" = SpeedMaxPc "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D}" = "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{556F81B4-EDCD-4009-8A07-95BFE1E19F28}" = roomeon 3D-Planer "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7 "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147 "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.312 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information "{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AnyDVD" = AnyDVD "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8 "CCleaner" = CCleaner "CloneCD" = CloneCD "CloneDVD2" = CloneDVD2 "CloneDVDmobile" = CloneDVDmobile "DBox II - Bootmanager" = DBox II - Bootmanager "DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox "EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 5.0.1 Professional "FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar "Free iPad Video Converter_is1" = Free iPad Video Converter 3.7.2.1 "Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508 "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "Lenovo Welcome_is1" = Lenovo Welcome "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 11.64.1403" = Opera 11.64 "PokerStars.eu" = PokerStars.eu "ProInst" = Intel PROSet Wireless "SP_661c9f97" = "TeamViewer 7" = TeamViewer 7 "TomTom HOME" = TomTom HOME 2.8.3.2499 "UltraStar Deluxe" = UltraStar Deluxe "Universal Document Converter_is1" = Universal Document Converter (Demo) "VLC media player" = VLC media player 2.0.4 "WinLiveSuite" = Windows Live Essentials "Zattoo4" = Zattoo4 4.0.5 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4225370901-2475469407-3187212950-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "EverestPoker.com" = EverestPoker.com ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.12.2012 13:50:54 | Computer Name = donny1982-THINK | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Dwm.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc541 Name des fehlerhaften Moduls: nvwgf2umx.dll, Version: 8.17.12.6871, Zeitstempel: 0x4ddd7f4f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000c957b ID des fehlerhaften Prozesses: 0xfdc Startzeit der fehlerhaften Anwendung: 0x01cdd17e207b2e29 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Dwm.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\nvwgf2umx.dll Berichtskennung: fba8e0ac-3d71-11e2-a19a-f0def1cfaf0e Error - 03.12.2012 14:54:01 | Computer Name = donny1982-THINK | Source = System Restore | ID = 8193 Description = Error - 05.12.2012 13:59:00 | Computer Name = donny1982-THINK | Source = WinMgmt | ID = 10 Description = Error - 05.12.2012 14:32:43 | Computer Name = donny1982-THINK | Source = System Restore | ID = 8193 Description = Error - 06.12.2012 11:43:24 | Computer Name = donny1982-THINK | Source = Winlogon | ID = 4005 Description = Der Windows-Anmeldeprozess wurde unerwartet beendet. Error - 06.12.2012 11:44:35 | Computer Name = donny1982-THINK | Source = WinMgmt | ID = 10 Description = Error - 06.12.2012 18:30:25 | Computer Name = donny1982-THINK | Source = WinMgmt | ID = 10 Description = Error - 06.12.2012 20:33:32 | Computer Name = donny1982-THINK | Source = System Restore | ID = 8193 Description = Error - 07.12.2012 15:42:20 | Computer Name = donny1982-THINK | Source = System Restore | ID = 8193 Description = Error - 08.12.2012 05:59:30 | Computer Name = donny1982-THINK | Source = WinMgmt | ID = 10 Description = [ Lenovo-Lenovo Patch Utility/Admin Events ] Error - 15.09.2012 07:22:54 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 1 Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml". Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. Error - 15.09.2012 07:22:54 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2 Description = Failed to download the manifest file. Error - 15.09.2012 07:22:54 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2 Description = Failed to get available patch. Return 2. Error - 29.09.2012 08:26:04 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2 Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. Error - 29.09.2012 08:26:06 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 1 Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml". Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. Error - 29.09.2012 08:26:06 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2 Description = Failed to download the manifest file. Error - 29.09.2012 08:26:06 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2 Description = Failed to get available patch. Return 2. Error - 05.10.2012 14:00:04 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2 Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. Error - 05.10.2012 14:00:09 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 1 Description = HttpFileDownloader failed to download the file "hxxp://download.lenovo.com/ibmdl/pub/pc/pccbbs/lpupatches/x64//PM.manifest.xml". Error message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden. Error - 05.10.2012 14:00:09 | Computer Name = donny1982-THINK | Source = Lenovo Patch Utility | ID = 2 Description = Failed to download the manifest file. [ Lenovo-Message Center Plus/Admin Events ] Error - 26.04.2012 04:26:18 | Computer Name = donny1982-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. -> Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. Error - 28.05.2012 14:58:11 | Computer Name = donny1982-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. -> Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. [ System Events ] Error - 19.08.2012 13:38:17 | Computer Name = donny1982-THINK | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?19.?08.?2012 um 19:36:16 unerwartet heruntergefahren. Error - 22.08.2012 13:42:33 | Computer Name = donny1982-THINK | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?22.?08.?2012 um 19:40:37 unerwartet heruntergefahren. Error - 28.08.2012 13:39:42 | Computer Name = donny1982-THINK | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc erreicht. Error - 29.08.2012 00:34:22 | Computer Name = donny1982-THINK | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?28.?08.?2012 um 22:14:16 unerwartet heruntergefahren. Error - 01.09.2012 06:51:54 | Computer Name = donny1982-THINK | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc erreicht. Error - 01.09.2012 06:54:41 | Computer Name = donny1982-THINK | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?01.?09.?2012 um 12:53:24 unerwartet heruntergefahren. Error - 03.09.2012 10:28:43 | Computer Name = donny1982-THINK | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc erreicht. Error - 07.09.2012 13:57:36 | Computer Name = donny1982-THINK | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc erreicht. Error - 08.09.2012 11:04:45 | Computer Name = donny1982-THINK | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc erreicht. Error - 14.09.2012 12:40:12 | Computer Name = donny1982-THINK | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200e fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.135.1218.0) < End of report > vielen Dank im Voraus mfg Jimbo |
01.05.2013, 19:07 | #10 | |
/// Helfer-Team | C:\Users\****\AppData\Local\Temp\jrscpls.exeZitat:
Die Benutzung von Cracks und Keygens verstoesst gegen unseren Kodex. Schon mal darueber nachgedacht, warum es Cracks gibt? Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner. Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. |
03.05.2013, 05:31 | #11 |
| C:\Users\****\AppData\Local\Temp\jrscpls.exe Das erklärt auch die Sache mit Web.de. Ich änder meine Passwörter öfters und seit dem letzten wechsel bei web.de stehen da immer nen Paar hundert fehlgeschlagene Logins. Ich hab nen fertiges Notebook von Lenovo WR 520bei Notebooks billiger.de gekauft. Da war keine DVD bei. Wenn ich mir die Iso lade brauch ich doch auch den Windows key von dem Notebook. Kann ich den irgendwie auslesen? |
03.05.2013, 09:37 | #12 |
/// Helfer-Team | C:\Users\****\AppData\Local\Temp\jrscpls.exe Hat der Rechner keinen Lizenzaufkleber? (unten am Laptop oder hinten am Desktop-Gehause?) Auslesen von Keys: LicenseCrawler - Download - Filepony Magical Jelly Bean Keyfinder - Download - Filepony |
03.05.2013, 16:42 | #13 |
| C:\Users\****\AppData\Local\Temp\jrscpls.exe Doch hat er. Einmal Typ+nummer, S/N+nummer und Produckt ID+Nummer. Ich weiß nicht der Windows Key war immer länger. Weiß nicht welche ich da nehmen soll. |
03.05.2013, 19:57 | #14 |
/// Helfer-Team | C:\Users\****\AppData\Local\Temp\jrscpls.exe Das steht doch dabei: Product Key |
04.05.2013, 07:49 | #15 |
| C:\Users\****\AppData\Local\Temp\jrscpls.exe Also zumindest Am Notebook selber find ich sowas nicht. Könnte das nicht in den unterlagen stehen? Frag meine Frau mal wo die die hingepackt hat |
Themen zu C:\Users\****\AppData\Local\Temp\jrscpls.exe |
100€ bezahle, 100€ bezahlen, appdata, beim starten, bezahlen, folgende, gefunde, laufen, malware, meldung, pup.fakeplug, pup.hacktool.patcher, riskware.tool.ck, start von windows, starten, temp, weiterhelfen, windows, windows 7 |