| |
| |||||||
Mülltonne: (2x) Umleitung bei Klick auf Google-SuchergebnisWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
29.11.2012, 11:09
| #1 |
 |  (2x) Umleitung bei Klick auf Google-Suchergebnis Huhu hab das Problem, dass die Googlesuchergebnisse mich auf andere Seiten umleiten. Und das Windowssicherheitscenter ist deaktiviert und lässt sich nicht wieder aktivieren. hier die otl files: otl.text Code:
ATTFilter OTL logfile created on: 29.11.2012 11:01:00 - Run 7 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jrcpower\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 61,30% Memory free 12,31 Gb Paging File | 10,99 Gb Available in Paging File | 89,23% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 31,25 Gb Total Space | 2,61 Gb Free Space | 8,36% Space Free | Partition Type: NTFS Drive D: | 201,64 Gb Total Space | 92,43 Gb Free Space | 45,84% Space Free | Partition Type: NTFS Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.26 21:16:31 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.26 21:16:26 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.11.26 21:16:26 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.26 21:16:25 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe PRC - [2012.10.19 02:26:06 | 001,573,584 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.06 11:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.04.06 03:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.04.06 03:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe ========== Modules (No Company Name) ========== MOD - [2012.08.17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll MOD - [2012.08.17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll MOD - [2012.08.17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll MOD - [2012.08.17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll MOD - [2012.08.17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- D:\Programme\winrar\RarExt.dll ========== Services (SafeList) ========== SRV - [2012.11.26 21:16:31 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.26 21:16:26 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.11.26 21:16:26 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.04 19:52:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.01 14:04:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.06 11:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.06 03:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Programme\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\jrcpower\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys -- (AODDriver4.01) DRV - [2012.11.13 16:50:35 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.13 16:50:35 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.11.13 16:50:34 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2012.04.06 06:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.04.06 06:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.04.06 02:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.03.05 15:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- D:\Programme\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.05.06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009.08.04 10:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2009.07.16 11:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.07.29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb) DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2005.08.16 14:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZD1211U.sys -- (ZD1211U(ZyXEL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 3F 8F F3 A8 B9 CD 01 [binary data] IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\SearchScopes\{AA4B9C3F-7F66-4975-AB57-17B0B384B733}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=9f06e7f1-e662-426c-864c-ee449f8ce90f&apn_sauid=48D3BA67-EFE0-46E4-975B-EE8B93AB6BFC IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.11 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.10.100015 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=de_NL&apn_uid=9f06e7f1-e662-426c-864c-ee449f8ce90f&apn_ptnrs=^AGY&apn_sauid=48D3BA67-EFE0-46E4-975B-EE8B93AB6BFC&apn_dtid=^YYYYYY^YY^NL&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.04 10:36:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.04 10:37:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 09:54:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M] [2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions [2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.13 16:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions [2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2011.04.18 13:00:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com [2011.04.18 13:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com-trash [2012.11.03 13:40:02 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\toolbar@ask.com [2012.08.06 16:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js [2012.11.23 15:56:50 | 000,002,413 | ---- | M] () -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\searchplugins\askcom.xml [2012.11.03 10:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.09.04 10:36:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2011.10.18 20:03:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.18 20:03:30 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.18 20:03:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.18 20:03:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.18 20:03:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\Itunes\Mozilla Plugins\npitunes.dll CHR - Extension: Avira Toolbar = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.10.29869_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012.11.12 15:17:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{503B3F7C-5DDB-480B-A91E-701861BD2437}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C55F52-4B89-4B02-B6C4-356AC4DEE8DD}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.26 10:59:09 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jrcpower\Desktop\tdsskiller.exe [2012.11.26 10:25:13 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\jrcpower\Desktop\aswMBR.exe [2012.11.14 16:14:45 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2012.11.14 13:50:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2012.11.14 13:50:55 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2012.11.14 13:50:55 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys [2012.11.14 13:50:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2012.11.14 13:50:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll [2012.11.14 13:50:54 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2012.11.14 13:50:54 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2012.11.14 13:50:54 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2012.11.14 13:50:54 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll [2012.11.14 13:50:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll [2012.11.14 13:50:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2012.11.14 13:50:54 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2012.11.14 13:50:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2012.11.14 13:50:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2012.11.14 13:50:54 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2012.11.14 13:46:27 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.14 13:46:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.14 13:46:03 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.14 13:46:02 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.14 13:46:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.14 13:45:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.14 13:45:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.14 13:45:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.14 13:45:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.14 13:45:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.14 13:45:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.14 13:45:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.14 13:45:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.14 13:45:13 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.11.14 13:09:25 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.14 13:09:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.14 13:09:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.14 13:09:22 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.14 13:09:20 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.14 13:09:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.14 13:09:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.11.12 15:19:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.12 15:19:13 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\temp [2012.11.12 15:12:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.12 15:12:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.12 15:12:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.12 15:05:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.12 15:05:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.12 13:58:08 | 005,000,730 | R--- | C] (Swearware) -- C:\Users\jrcpower\Desktop\ComboFix.exe [2012.11.06 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Macromedia [2012.11.04 19:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\OnlineFotoservice [2012.11.04 19:29:14 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.03 14:31:00 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Diagnostics [2012.11.03 13:41:36 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Avira [2012.11.03 13:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.03 13:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.11.03 13:39:11 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\APN [2012.11.03 13:38:59 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.03 13:38:59 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.03 13:38:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.03 13:38:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.11.03 13:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.11.03 10:45:20 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris [2012.11.03 10:31:54 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.01 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\MigWiz [2012.11.01 14:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.11.01 13:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe [2012.10.31 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.10.31 23:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.31 22:42:44 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.09.12 14:46:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx ========== Files - Modified Within 30 Days ========== [2012.11.29 10:59:17 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.29 10:59:17 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.29 10:54:27 | 000,000,439 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.11.29 10:54:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.29 10:54:06 | 2616,692,736 | -HS- | M] () -- C:\hiberfil.sys [2012.11.27 23:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.26 10:59:09 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jrcpower\Desktop\tdsskiller.exe [2012.11.26 10:25:42 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\jrcpower\Desktop\aswMBR.exe [2012.11.17 20:18:10 | 000,654,096 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.17 20:18:10 | 000,615,978 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.17 20:18:10 | 000,129,968 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.17 20:18:10 | 000,106,358 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.14 13:53:29 | 000,413,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.13 16:50:35 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.13 16:50:35 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.13 16:50:34 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.13 11:47:53 | 000,005,306 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121113_114711.reg [2012.11.12 15:17:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.12 13:58:17 | 005,000,730 | R--- | M] (Swearware) -- C:\Users\jrcpower\Desktop\ComboFix.exe [2012.11.07 20:06:24 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2012.11.07 17:25:00 | 000,302,592 | ---- | M] () -- C:\Users\jrcpower\Desktop\2j5q1n4t.exe [2012.11.04 19:52:09 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.04 19:52:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.03 13:39:30 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.03 13:10:50 | 000,001,441 | ---- | M] () -- C:\scu.dat [2012.11.03 10:42:09 | 000,001,240 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg [2012.11.02 09:42:15 | 000,003,676 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg [2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe [2012.10.31 23:26:26 | 000,211,210 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg [2012.10.31 23:20:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk ========== Files Created - No Company Name ========== [2012.11.14 13:46:28 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 13:46:02 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.13 11:47:46 | 000,005,306 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121113_114711.reg [2012.11.12 15:12:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.12 15:12:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.12 15:12:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.12 15:12:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.12 15:12:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.07 20:07:47 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2012.11.07 17:24:59 | 000,302,592 | ---- | C] () -- C:\Users\jrcpower\Desktop\2j5q1n4t.exe [2012.11.04 19:29:15 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.03 13:39:30 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.03 11:20:46 | 000,001,441 | ---- | C] () -- C:\scu.dat [2012.11.03 10:42:05 | 000,001,240 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg [2012.11.02 09:42:13 | 000,003,676 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg [2012.10.31 23:25:09 | 000,211,210 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg [2012.10.31 23:20:38 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.24 13:34:12 | 000,086,016 | RHS- | C] () -- C:\Windows\System32\eappprxyz.dll [2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.11.11 17:50:03 | 000,036,352 | ---- | C] () -- C:\Windows\System32\uninst_Zyxel.exe [2011.11.11 17:50:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll [2011.11.11 17:50:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe [2011.11.11 17:50:03 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.dll [2011.11.04 10:43:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.11.04 10:43:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2011.11.04 10:43:00 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2011.11.04 10:42:41 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.07.29 13:36:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.07.29 13:35:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.10.29 10:55:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.16 10:34:38 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Canneverbe Limited [2012.10.31 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Dropbox [2012.11.13 11:50:12 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoft [2012.02.16 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Epson [2010.11.12 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\FrostWire [2010.09.27 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\GetRightToGo [2012.10.24 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite [2012.09.04 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\OpenOffice.org [2012.08.29 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\ProtectDISC [2011.10.18 13:32:57 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\PunkBuster [2010.09.21 10:13:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Thunderbird [2010.09.23 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.11.2012 11:01:00 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jrcpower\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 61,30% Memory free
12,31 Gb Paging File | 10,99 Gb Available in Paging File | 89,23% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 2,61 Gb Free Space | 8,36% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 92,43 Gb Free Space | 45,84% Space Free | Partition Type: NTFS
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AAD733-6BBC-4086-B790-C1C767E2B107}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0801CF89-F964-424F-9629-B2709504A824}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0CCE81DA-FD75-45F0-AA83-10DB325ED270}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{121ED337-38B8-4DA4-A34F-9071C74B1982}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1577C8F1-37C3-49AB-88FC-C596AA836FA6}" = rport=139 | protocol=6 | dir=out | app=system |
"{22255C3A-4543-461A-A605-344C0C425097}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D6C0C1E-E7FC-42D6-A957-9384C8401D9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{348476BE-44E2-4242-9DD8-90391F630AA9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3ADD6153-6DF2-411B-910C-494FA592A391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E1C49A3-7233-4FBA-B25F-0E3DEDF6C04A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4403E5C8-0E98-4FDE-AAA0-2A2DABD3A43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47896D60-87A2-47D3-9A4A-D2B9D23C716D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49C0AB16-73E2-46D1-BCD5-15A5B8074FC9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C7C21B9-B15F-4E35-81BC-D761CBE04329}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{532684C4-A8C5-4B5F-BAC6-AD2B38FA3C6A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5A8D4C9E-8EAD-4A2E-B53B-7960FE1D1A11}" = rport=445 | protocol=6 | dir=out | app=system |
"{5CBA1931-0687-4445-AEF5-78C5CEFA4B98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{60A569F6-8102-40DA-9719-EDE5E2F71D83}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B41757F-9869-4B74-BBA2-1CE8961F9CBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E8FA48F-5769-4A8B-BEE9-10AC081EBBA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7D92A9D8-3BBA-4935-8204-3A8A12F0A8D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{877D7B32-DCC6-45F3-A840-63F190548D9D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{892A32A7-6BA3-48F0-8569-A12D6C02BF7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A4596DB-6943-4915-B008-205505144454}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9CE9092E-AE23-4F1E-812F-F53D76D93406}" = rport=137 | protocol=17 | dir=out | app=system |
"{9E1FAF71-3FC0-45EF-B7C1-5F481885F01F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F01526C-EE06-464C-95F6-0E8D5CFBBA60}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1EE8C98-E053-4957-9F19-A2C5C6F1E74B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4BEAD71-68FD-41A3-9A5E-4E7654E8C8AA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B5B618AA-9DA3-448B-B3BF-D78ABBE2AA16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B65DEEBA-828B-4980-8171-353C94C2C9BB}" = lport=138 | protocol=17 | dir=in | app=system |
"{B6A0BE88-18CC-4AAC-B85A-0A4A774D5C29}" = rport=138 | protocol=17 | dir=out | app=system |
"{BAE1CAF4-9B2E-490E-A6F9-4DC5936BD394}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C7C9F71F-3AFF-4556-A108-532FA685E2B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CB8024CE-99CA-47B3-9960-5549CBE1F00E}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{D139BF72-BED9-47A3-82ED-1CEC7C585EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF9F644C-AEB9-46F8-916E-FE94EA52FDED}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{EF2E01ED-4FBE-4B9A-B248-892A89561A99}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1B4C304-B6CC-4C0A-82E9-AE75106C8B33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4507949-3184-4CB7-B1D4-AC128F8638F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A39F57-8706-49BC-AE25-B47D8859876A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0527F5B5-CB80-4C17-92C0-297F7BD3C5F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{165040B3-D793-42E6-BF95-015C3183AC7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1ADD5FA2-4A04-44FF-AE4F-3276CB718F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1B891D0D-3877-436F-883E-ED85F6F4A533}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{201D075B-9967-422F-9C5B-8B9DEB1076C0}" = protocol=17 | dir=in | app=d:\spiele\ar\acrmp.exe |
"{2F634716-0BCC-41F4-96B6-A6257B2369C7}" = protocol=17 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe |
"{305EBC9D-0414-412A-8740-CE569937F267}" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe |
"{396CB981-09C4-4751-9E85-47694D31C877}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43F9F702-3C64-4FC2-BCE0-BD87102FA6C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49705BF8-30E8-45F2-82BB-2D5FAC4FA97A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A3D9791-4A55-46EE-9FC9-CFE4E3076DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5426D7CE-2337-42D8-94E7-B690F45EB176}" = protocol=6 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe |
"{550D288C-ECAA-4A87-A3D1-BF04E69C2303}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{570FE4B9-E6C4-4C25-BF38-61B24C5897A1}" = protocol=17 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe |
"{5E968C66-DDE5-4E6A-9AA6-7F7150CA8920}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F66AF29-A6B2-498B-9286-D446FA5866DB}" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"{63C5F4F3-FD79-45C2-8A3C-B07654A9125B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{696229D4-B28C-4982-A7BA-7768FC623CF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6B7CCA9D-931F-4735-A51D-035D58926208}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"{7A7118CC-2367-4A6B-AF95-8C9E66DA72BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{807F3CEF-DC32-4F26-9BCC-F0AA55123E24}" = protocol=6 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe |
"{811EB95F-1E4C-4D0F-96F3-211789F457FB}" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe |
"{88071B90-86FC-4A89-B8CF-4DD2B1E65A20}" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"{892412F1-9336-4CE2-BB9C-E81B38A15029}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{89C951F3-269E-40B2-947F-0EED701FED77}" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"{9367FD16-5782-4BBF-810A-DFA8F3A929B5}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe |
"{93C53593-5A3D-444A-841A-8F67F5226D30}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"{949C6887-E091-4E9D-9143-A83A46D75261}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe |
"{951F78A4-C28E-4496-AC85-1BB25B2D9694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F88BE81-B615-4725-A550-989D10F279D5}" = dir=in | app=d:\programme\itunes\itunes.exe |
"{A468E70B-F0CE-4149-81F3-70513EBE79D4}" = protocol=6 | dir=out | app=system |
"{A70F4D59-8FCB-4C4C-B747-B3DA902CB454}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B41115EB-E2B9-4572-9D7B-1B7E6D0EDDB0}" = protocol=6 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe |
"{BB98245E-92BA-464A-944D-FADD96EF2613}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C0072E90-AD95-41B7-8A72-67EA83FF45C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3AA1C41-E6CC-4C75-994B-EFD261F18F53}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"{C7E3CE35-57AF-4EBA-B85B-374853EF4BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA8070DE-47EA-4F25-AF43-501ABF4F36CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEC70105-AE4D-4AC7-A2ED-0AB13D2121A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E23C662F-1D88-41C0-B4F3-1A9168BE2C1B}" = protocol=6 | dir=in | app=d:\spiele\ar\acrmp.exe |
"{E45F4938-2EBD-44C6-855D-BA17AD8A2221}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E512A5E8-88F1-4093-A8E9-1474A66D2091}" = protocol=17 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe |
"{EEC9C7A6-98DF-48AE-ADFA-563FD903D734}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F14CD823-0F22-40C4-819B-279BA03EFF72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F42D75CA-1258-4B78-BE56-D0D50AD292A6}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"{F5AAEC62-970B-4E18-BB11-674756AD07B3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{FC5FC8F4-E523-4377-9C8B-EACEAF1A332E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FFCF59FD-4CFC-47B8-AA99-1571599A5ED6}" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"TCP Query User{14A329F8-D93B-4327-9C7A-C34F8EEF2D18}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe |
"TCP Query User{3100C982-3B2C-4925-8DC4-B9037908B753}D:\spiele\ar\acrsp.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe |
"TCP Query User{8BFD81E3-D4D3-4D42-A539-051ED5B473C4}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe |
"TCP Query User{9B13FE7E-FB60-4B5B-823E-98507F919B65}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"TCP Query User{DC44205E-9FC5-48A1-9E65-BA828CF07980}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{DE5BF792-0880-4540-A997-BFB5130FAD17}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"TCP Query User{F5D68DFE-6CF9-459C-9A42-C19C4F8E8B4A}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{00EB192D-2D9A-4808-9AA4-13C67C38DF46}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"UDP Query User{13C20B0A-D696-45BB-B8BC-B1DD26A0035F}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{2BE1E0AD-3041-43CF-98AC-4C5AD4731375}D:\spiele\ar\acrsp.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe |
"UDP Query User{3D862BFE-5B6E-4BDD-8E9F-706272CB9CB1}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"UDP Query User{85BB992B-F906-4FDE-BBD8-029F01B0E1C5}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"UDP Query User{8B5CC288-FAB7-45CF-817F-027D03985C82}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe |
"UDP Query User{E85E56C1-8707-4959-BD18-AE9337539809}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2B48B3C5-B596-4822-A148-837B11885CB5}" = Lost Horizon
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
"{95DC4B07-1FA6-36FF-5D57-D73CF3E9B504}" = AMD Fuel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{C91E0E26-FAA3-45A0-B656-02324566F960}" = Zarb in OpenOffice 4.1
"{CBDCD881-26A0-2C09-5AAF-49829727BA0F}" = AMD Drag and Drop Transcoding
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3175897-A6B7-B940-F0D7-877281892786}" = ccc-utility
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup" = DivX-Setup
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IrfanView" = IrfanView (remove only)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SopCast" = SopCast 3.5.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.11.2012 14:07:38 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11014
Error - 21.11.2012 14:07:38 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11014
Error - 21.11.2012 14:07:39 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 21.11.2012 14:07:39 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12012
Error - 21.11.2012 14:07:39 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12012
Error - 21.11.2012 14:07:40 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 21.11.2012 14:07:40 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13026
Error - 21.11.2012 14:07:40 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13026
Error - 26.11.2012 03:50:23 | Computer Name = jrcpower-PC | Source = Windows Backup | ID = 4103
Description =
Error - 26.11.2012 05:32:28 | Computer Name = jrcpower-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00052d24 ID des fehlerhaften
Prozesses: 0x16fc Startzeit der fehlerhaften Anwendung: 0x01cdcbb81065dd2b Pfad der
fehlerhaften Anwendung: C:\Users\jrcpower\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 31336ce5-37ac-11e2-bcc1-00221565802a
Error - 26.11.2012 05:36:18 | Computer Name = jrcpower-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00052cc7 ID des fehlerhaften
Prozesses: 0x1658 Startzeit der fehlerhaften Anwendung: 0x01cdcbb8feaa8c1d Pfad der
fehlerhaften Anwendung: C:\Users\jrcpower\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: ba6c8a55-37ac-11e2-bcc1-00221565802a
[ System Events ]
Error - 27.11.2012 13:17:25 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description =
Error - 27.11.2012 13:17:25 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
Error - 27.11.2012 14:26:18 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 27.11.2012 14:26:30 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 27.11.2012 14:26:33 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description =
Error - 27.11.2012 14:26:33 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
Error - 29.11.2012 05:54:16 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 29.11.2012 05:54:27 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description =
Error - 29.11.2012 05:54:27 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
Error - 29.11.2012 05:54:26 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
< End of report >
|
|
29.11.2012, 12:16
| #2 |
| /// TB-Ausbilder  | (2x) Umleitung bei Klick auf Google-Suchergebnis Du hast doch schon einen Thread in dem dir geholfen wird. Schreibe notfalls eine PM, wenn dein Helfer sich nicht bei dir meldet.
__________________Dieses Thema ist beendet.
__________________ |
| Themen zu (2x) Umleitung bei Klick auf Google-Suchergebnis |
| antivir, autorun, avira, avira searchfree toolbar, bho, bonjour, c:\windows\system32\cmd.exe, converter, error, firefox, flash player, format, grand theft auto, helper, home, homepage, install.exe, kaspersky, logfile, mozilla, mp3, nodrives, ntdll.dll, plug-in, problem, registry, rundll, scan, security, senden, svchost.exe, udp |
Linear-Darstellung
