| |
| |||||||
Log-Analyse und Auswertung: Google Suchergebnisse - Umleitung beim Klick auf das SuchergebnisWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
01.11.2012, 13:22
| #1 |
 |  Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis Hallo, ich habe mein Problem auch schon bei anderen hier gelesen. Wenn ich mit Google Seiten suche und dann auf die Suchergebnisse klicke werde ich umgeleitet auf andere Seiten (Groupon usw,) Hab mal Malwarebytes drüber laufen lassen. Keine Funde! Wie soll ich jetzt am besten vorgehen? Welche Logs soll ich hochladen? Danke für die Hilfe Gruß power hier die logs. die extras dateiOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.11.2012 13:39:53 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jrcpower\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 59,81% Memory free
12,50 Gb Paging File | 11,02 Gb Available in Paging File | 88,17% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 4,89 Gb Free Space | 15,65% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 91,93 Gb Free Space | 45,59% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 287,68 Gb Free Space | 61,78% Space Free | Partition Type: FAT32
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "D:\Programme\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "D:\Programme\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AAD733-6BBC-4086-B790-C1C767E2B107}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0801CF89-F964-424F-9629-B2709504A824}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0CCE81DA-FD75-45F0-AA83-10DB325ED270}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{121ED337-38B8-4DA4-A34F-9071C74B1982}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1577C8F1-37C3-49AB-88FC-C596AA836FA6}" = rport=139 | protocol=6 | dir=out | app=system |
"{22255C3A-4543-461A-A605-344C0C425097}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D6C0C1E-E7FC-42D6-A957-9384C8401D9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{348476BE-44E2-4242-9DD8-90391F630AA9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3ADD6153-6DF2-411B-910C-494FA592A391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E1C49A3-7233-4FBA-B25F-0E3DEDF6C04A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4403E5C8-0E98-4FDE-AAA0-2A2DABD3A43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47896D60-87A2-47D3-9A4A-D2B9D23C716D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49C0AB16-73E2-46D1-BCD5-15A5B8074FC9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C7C21B9-B15F-4E35-81BC-D761CBE04329}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{532684C4-A8C5-4B5F-BAC6-AD2B38FA3C6A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5A8D4C9E-8EAD-4A2E-B53B-7960FE1D1A11}" = rport=445 | protocol=6 | dir=out | app=system |
"{5CBA1931-0687-4445-AEF5-78C5CEFA4B98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{60A569F6-8102-40DA-9719-EDE5E2F71D83}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B41757F-9869-4B74-BBA2-1CE8961F9CBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E8FA48F-5769-4A8B-BEE9-10AC081EBBA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7D92A9D8-3BBA-4935-8204-3A8A12F0A8D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{877D7B32-DCC6-45F3-A840-63F190548D9D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{892A32A7-6BA3-48F0-8569-A12D6C02BF7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A4596DB-6943-4915-B008-205505144454}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9CE9092E-AE23-4F1E-812F-F53D76D93406}" = rport=137 | protocol=17 | dir=out | app=system |
"{9E1FAF71-3FC0-45EF-B7C1-5F481885F01F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F01526C-EE06-464C-95F6-0E8D5CFBBA60}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1EE8C98-E053-4957-9F19-A2C5C6F1E74B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4BEAD71-68FD-41A3-9A5E-4E7654E8C8AA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B5B618AA-9DA3-448B-B3BF-D78ABBE2AA16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B65DEEBA-828B-4980-8171-353C94C2C9BB}" = lport=138 | protocol=17 | dir=in | app=system |
"{B6A0BE88-18CC-4AAC-B85A-0A4A774D5C29}" = rport=138 | protocol=17 | dir=out | app=system |
"{BAE1CAF4-9B2E-490E-A6F9-4DC5936BD394}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C7C9F71F-3AFF-4556-A108-532FA685E2B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CB8024CE-99CA-47B3-9960-5549CBE1F00E}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{D139BF72-BED9-47A3-82ED-1CEC7C585EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF9F644C-AEB9-46F8-916E-FE94EA52FDED}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{EF2E01ED-4FBE-4B9A-B248-892A89561A99}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1B4C304-B6CC-4C0A-82E9-AE75106C8B33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4507949-3184-4CB7-B1D4-AC128F8638F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A39F57-8706-49BC-AE25-B47D8859876A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0527F5B5-CB80-4C17-92C0-297F7BD3C5F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{165040B3-D793-42E6-BF95-015C3183AC7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1ADD5FA2-4A04-44FF-AE4F-3276CB718F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1B891D0D-3877-436F-883E-ED85F6F4A533}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{201D075B-9967-422F-9C5B-8B9DEB1076C0}" = protocol=17 | dir=in | app=d:\spiele\ar\acrmp.exe |
"{2F634716-0BCC-41F4-96B6-A6257B2369C7}" = protocol=17 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe |
"{305EBC9D-0414-412A-8740-CE569937F267}" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe |
"{396CB981-09C4-4751-9E85-47694D31C877}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43F9F702-3C64-4FC2-BCE0-BD87102FA6C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49705BF8-30E8-45F2-82BB-2D5FAC4FA97A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A3D9791-4A55-46EE-9FC9-CFE4E3076DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B864C71-5215-4EAD-8A14-698651BBC057}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{5426D7CE-2337-42D8-94E7-B690F45EB176}" = protocol=6 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe |
"{550D288C-ECAA-4A87-A3D1-BF04E69C2303}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{570FE4B9-E6C4-4C25-BF38-61B24C5897A1}" = protocol=17 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe |
"{5E968C66-DDE5-4E6A-9AA6-7F7150CA8920}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F66AF29-A6B2-498B-9286-D446FA5866DB}" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"{63C5F4F3-FD79-45C2-8A3C-B07654A9125B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{696229D4-B28C-4982-A7BA-7768FC623CF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7A7118CC-2367-4A6B-AF95-8C9E66DA72BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{807F3CEF-DC32-4F26-9BCC-F0AA55123E24}" = protocol=6 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe |
"{811EB95F-1E4C-4D0F-96F3-211789F457FB}" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe |
"{88071B90-86FC-4A89-B8CF-4DD2B1E65A20}" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"{892412F1-9336-4CE2-BB9C-E81B38A15029}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{89C951F3-269E-40B2-947F-0EED701FED77}" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"{9367FD16-5782-4BBF-810A-DFA8F3A929B5}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe |
"{93C53593-5A3D-444A-841A-8F67F5226D30}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"{949C6887-E091-4E9D-9143-A83A46D75261}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe |
"{951F78A4-C28E-4496-AC85-1BB25B2D9694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F88BE81-B615-4725-A550-989D10F279D5}" = dir=in | app=d:\programme\itunes\itunes.exe |
"{A468E70B-F0CE-4149-81F3-70513EBE79D4}" = protocol=6 | dir=out | app=system |
"{A70F4D59-8FCB-4C4C-B747-B3DA902CB454}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B113F637-D35B-4A0C-BC37-BA468CDB0787}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{B41115EB-E2B9-4572-9D7B-1B7E6D0EDDB0}" = protocol=6 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe |
"{BB98245E-92BA-464A-944D-FADD96EF2613}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C0072E90-AD95-41B7-8A72-67EA83FF45C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7E3CE35-57AF-4EBA-B85B-374853EF4BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA8070DE-47EA-4F25-AF43-501ABF4F36CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEC70105-AE4D-4AC7-A2ED-0AB13D2121A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E23C662F-1D88-41C0-B4F3-1A9168BE2C1B}" = protocol=6 | dir=in | app=d:\spiele\ar\acrmp.exe |
"{E45F4938-2EBD-44C6-855D-BA17AD8A2221}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E512A5E8-88F1-4093-A8E9-1474A66D2091}" = protocol=17 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe |
"{EEC9C7A6-98DF-48AE-ADFA-563FD903D734}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F14CD823-0F22-40C4-819B-279BA03EFF72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F42D75CA-1258-4B78-BE56-D0D50AD292A6}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"{F5AAEC62-970B-4E18-BB11-674756AD07B3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{FC5FC8F4-E523-4377-9C8B-EACEAF1A332E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FFCF59FD-4CFC-47B8-AA99-1571599A5ED6}" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"TCP Query User{14A329F8-D93B-4327-9C7A-C34F8EEF2D18}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe |
"TCP Query User{3100C982-3B2C-4925-8DC4-B9037908B753}D:\spiele\ar\acrsp.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe |
"TCP Query User{8BFD81E3-D4D3-4D42-A539-051ED5B473C4}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe |
"TCP Query User{9B13FE7E-FB60-4B5B-823E-98507F919B65}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"TCP Query User{DC44205E-9FC5-48A1-9E65-BA828CF07980}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{DE5BF792-0880-4540-A997-BFB5130FAD17}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"TCP Query User{F5D68DFE-6CF9-459C-9A42-C19C4F8E8B4A}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{00EB192D-2D9A-4808-9AA4-13C67C38DF46}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"UDP Query User{13C20B0A-D696-45BB-B8BC-B1DD26A0035F}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{2BE1E0AD-3041-43CF-98AC-4C5AD4731375}D:\spiele\ar\acrsp.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe |
"UDP Query User{3D862BFE-5B6E-4BDD-8E9F-706272CB9CB1}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"UDP Query User{85BB992B-F906-4FDE-BBD8-029F01B0E1C5}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"UDP Query User{8B5CC288-FAB7-45CF-817F-027D03985C82}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe |
"UDP Query User{E85E56C1-8707-4959-BD18-AE9337539809}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2B48B3C5-B596-4822-A148-837B11885CB5}" = Lost Horizon
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
"{95DC4B07-1FA6-36FF-5D57-D73CF3E9B504}" = AMD Fuel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{C91E0E26-FAA3-45A0-B656-02324566F960}" = Zarb in OpenOffice 4.1
"{CBDCD881-26A0-2C09-5AAF-49829727BA0F}" = AMD Drag and Drop Transcoding
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3175897-A6B7-B940-F0D7-877281892786}" = ccc-utility
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IrfanView" = IrfanView (remove only)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SopCast" = SopCast 3.5.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.10.2012 23:11:45 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14087
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = ESENT | ID = 455
Description = Windows (2608) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS003D0.log.
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 9000
Description =
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 7010
Description =
[ System Events ]
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 01.11.2012 03:58:59 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 01.11.2012 05:21:35 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 01.11.2012 05:21:50 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description =
Error - 01.11.2012 05:21:50 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
Error - 01.11.2012 05:21:49 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 01.11.2012 07:52:47 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 01.11.2012 07:53:03 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 01.11.2012 07:53:06 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description =
Error - 01.11.2012 07:53:06 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
< End of report >
hier die otl dateiOTL Logfile: Code:
ATTFilter OTL logfile created on: 01.11.2012 13:39:53 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jrcpower\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 59,81% Memory free 12,50 Gb Paging File | 11,02 Gb Available in Paging File | 88,17% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 31,25 Gb Total Space | 4,89 Gb Free Space | 15,65% Space Free | Partition Type: NTFS Drive D: | 201,64 Gb Total Space | 91,93 Gb Free Space | 45,59% Space Free | Partition Type: NTFS Drive H: | 465,64 Gb Total Space | 287,68 Gb Free Space | 61,78% Space Free | Partition Type: FAT32 Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\jrcpower\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - D:\Programme\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\Programme\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Avira\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Programme\Mozilla Firefox\js3250.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - D:\Programme\winrar\RarExt.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AMD FUEL Service) -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- D:\Programme\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found DRV - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AODDriver4.1) -- D:\Programme\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.) DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (EverestDriver) -- D:\Programme\EVEREST Home Edition\kerneld.wnt () DRV - (ZD1211U(ZyXEL) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 5E 3F 57 AD 55 CB 01 [binary data] IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\SearchScopes,DefaultScope = $currentSearchProvider IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8ED79CB93711742258EEFB508EB1445D&q={searchTerms} IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D" FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.11 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28 FF - prefs.js..keyword.URL: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=8ED79CB93711742258EEFB508EB1445D&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.04 10:36:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.04 10:37:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 09:54:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.04 10:37:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.09.04 10:37:37 | 000,000,000 | ---D | M] [2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions [2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.16 14:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2012.10.31 21:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions [2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2011.04.18 13:00:45 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.10.29 17:39:29 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2010.11.03 17:07:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.18 13:00:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\engine@conduit.com [2012.10.29 17:39:34 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2011.04.18 13:00:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com [2011.04.18 13:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com-trash [2010.09.22 20:01:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\vshare@toolbar [2012.10.24 23:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.24 23:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.09.04 10:36:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.24 23:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.03.18 21:22:57 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2012.03.18 21:22:57 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007.04.10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2012.03.18 21:22:57 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2012.07.27 21:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012.05.24 09:42:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012.05.24 09:42:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012.05.24 09:42:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012.05.24 09:42:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012.05.24 09:42:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012.05.24 09:42:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012.05.24 09:42:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012.10.29 17:39:33 | 000,000,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml [2011.10.18 20:03:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.18 20:03:30 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.18 20:03:31 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2011.10.18 20:03:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.18 20:03:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.18 20:03:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\Itunes\Mozilla Plugins\npitunes.dll CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{503B3F7C-5DDB-480B-A91E-701861BD2437}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C55F52-4B89-4B02-B6C4-356AC4DEE8DD}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.01 13:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe [2012.10.31 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.10.31 23:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.31 22:42:44 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.10.29 17:56:42 | 000,404,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.29 17:43:24 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\LavasoftStatistics [2012.10.29 17:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012.10.29 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Downloaded Installations [2012.10.29 17:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2012.10.29 17:39:40 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\adawarebp [2012.10.29 17:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012.10.29 17:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2012.10.29 17:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb [2012.10.29 17:37:33 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Ad-Aware Antivirus [2012.10.29 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Malwarebytes [2012.10.29 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.29 17:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.29 17:19:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.27 15:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.26 18:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH [2012.10.24 23:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.24 23:36:18 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\ElevatedDiagnostics [2012.10.24 12:34:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite [2012.10.13 14:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.10.13 14:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.10.10 22:37:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 22:36:53 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.10.10 22:36:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.10.10 22:36:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.10.10 22:36:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 22:36:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 22:36:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.10.10 22:36:40 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.10.10 22:36:39 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.03 14:39:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\restore [2012.10.03 14:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp [2012.10.03 14:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\hps [2012.10.03 14:31:36 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\Desktop\Mein CEWE FOTOBUCH [2012.09.12 14:46:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx ========== Files - Modified Within 30 Days ========== [2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe [2012.11.01 12:57:52 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.01 12:57:52 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.01 12:57:06 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.01 12:57:06 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.01 12:57:06 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.01 12:57:06 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.01 12:52:45 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\CYPCPMEOI.job [2012.11.01 12:52:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.01 12:52:36 | 2616,692,736 | -HS- | M] () -- C:\hiberfil.sys [2012.11.01 10:48:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294034856-2273291575-2137914815-1001UA.job [2012.11.01 08:58:09 | 000,412,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.31 23:26:26 | 000,211,210 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg [2012.10.31 23:20:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.29 18:48:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294034856-2273291575-2137914815-1001Core.job [2012.10.29 17:56:42 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.27 15:55:36 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.24 13:34:12 | 000,086,016 | RHS- | M] () -- C:\Windows\System32\eappprxyz.dll ========== Files Created - No Company Name ========== [2012.10.31 23:25:09 | 000,211,210 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg [2012.10.31 23:20:38 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.24 13:34:12 | 000,086,016 | RHS- | C] () -- C:\Windows\System32\eappprxyz.dll [2012.10.24 13:34:12 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\CYPCPMEOI.job [2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.11.11 17:50:03 | 000,036,352 | ---- | C] () -- C:\Windows\System32\uninst_Zyxel.exe [2011.11.11 17:50:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll [2011.11.11 17:50:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe [2011.11.11 17:50:03 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.dll [2011.11.04 10:43:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.11.04 10:43:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2011.11.04 10:43:00 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2011.11.04 10:42:41 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.07.29 13:36:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.07.29 13:35:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.11.07 09:43:12 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010.11.07 09:43:12 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.10.29 10:55:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.31 22:45:49 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ad-Aware Antivirus [2012.07.17 21:44:03 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Babylon [2012.06.16 10:34:38 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Canneverbe Limited [2012.10.31 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Dropbox [2012.07.26 20:08:20 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoft [2012.07.22 10:20:13 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.16 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Epson [2010.11.12 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\FrostWire [2010.09.27 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\GetRightToGo [2012.10.24 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite [2012.09.04 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\OpenOffice.org [2012.08.29 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\ProtectDISC [2011.10.18 13:32:57 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\PunkBuster [2010.09.21 10:13:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Thunderbird [2010.09.23 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > |
|
01.11.2012, 17:23
| #2 | ||
| /// Helfer-Team    | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Deinstalliere: Code:
ATTFilter "Ad-Aware Free": jetzt läuft mit Anti-Viren-Schutz!
Mehr AV Programme bedeutet nicht mehr Sicherheit! Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen. ►Bevor du ein anderes Antivirenprogramm installierst solltest du auf jeden Fall das vorherige vollständig deinstallieren! 2. erneut einen Systemscan mit OTL
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
02.11.2012, 09:47
| #3 |
| | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis Ok, danke für die Antwort
__________________Ad aware deinstalliert - komplett. Hier die logs: otl.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.11.2012 09:37:45 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jrcpower\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 60,32% Memory free 12,50 Gb Paging File | 11,12 Gb Available in Paging File | 88,96% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 31,25 Gb Total Space | 4,84 Gb Free Space | 15,50% Space Free | Partition Type: NTFS Drive D: | 201,64 Gb Total Space | 91,94 Gb Free Space | 45,59% Space Free | Partition Type: NTFS Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\jrcpower\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - D:\Programme\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\Programme\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Avira\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Modules (No Company Name) ========== MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll () MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll () MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll () MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll () MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll () MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll () MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll () MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - D:\Programme\winrar\RarExt.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AMD FUEL Service) -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- D:\Programme\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found DRV - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AODDriver4.1) -- D:\Programme\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.) DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (EverestDriver) -- D:\Programme\EVEREST Home Edition\kerneld.wnt () DRV - (ZD1211U(ZyXEL) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 5E 3F 57 AD 55 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = $currentSearchProvider IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8ED79CB93711742258EEFB508EB1445D&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D" FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.11 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.2 FF - prefs.js..keyword.URL: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=8ED79CB93711742258EEFB508EB1445D&q=" FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.04 10:36:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.04 10:37:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 09:54:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.04 10:37:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.09.04 10:37:37 | 000,000,000 | ---D | M] [2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions [2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.02 09:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions [2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2011.04.18 13:00:45 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.11.03 17:07:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.18 13:00:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\engine@conduit.com [2012.10.29 17:39:34 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2011.04.18 13:00:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com [2011.04.18 13:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com-trash [2010.09.22 20:01:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\vshare@toolbar [2012.10.24 23:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.24 23:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.09.04 10:36:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.24 23:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\JRCPOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1MCEEEQ.DEFAULT\EXTENSIONS\{87934C42-161D-45BC-8CEF-EF18ABE2A30C} [2012.10.29 17:39:33 | 000,000,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml [2011.10.18 20:03:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.18 20:03:30 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.18 20:03:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.18 20:03:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.18 20:03:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\Itunes\Mozilla Plugins\npitunes.dll CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found O4 - HKCU..\RunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q File not found O4 - HKCU..\RunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Users\jrcpower\AppData\Local\adawarebp" /s /q File not found O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{503B3F7C-5DDB-480B-A91E-701861BD2437}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C55F52-4B89-4B02-B6C4-356AC4DEE8DD}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.01 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\MigWiz [2012.11.01 13:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe [2012.10.31 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.10.31 23:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.31 22:42:44 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.10.29 17:56:42 | 000,404,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.29 17:43:24 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\LavasoftStatistics [2012.10.29 17:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012.10.29 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Downloaded Installations [2012.10.29 17:39:40 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\adawarebp [2012.10.29 17:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012.10.29 17:37:33 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Ad-Aware Antivirus [2012.10.29 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Malwarebytes [2012.10.29 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.29 17:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.29 17:19:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.27 15:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.26 18:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH [2012.10.24 23:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.24 23:36:18 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\ElevatedDiagnostics [2012.10.24 12:34:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite [2012.10.13 14:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.10.13 14:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.10.10 22:37:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 22:36:53 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.10.10 22:36:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.10.10 22:36:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.10.10 22:36:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 22:36:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 22:36:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.10.10 22:36:40 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.10.10 22:36:39 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.03 14:39:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\restore [2012.10.03 14:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp [2012.10.03 14:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\hps [2012.10.03 14:31:36 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\Desktop\Mein CEWE FOTOBUCH [2012.09.12 14:46:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx ========== Files - Modified Within 30 Days ========== [2012.11.02 09:36:59 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.02 09:36:59 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.02 09:36:13 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.02 09:36:13 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.02 09:36:13 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.02 09:36:13 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.02 09:31:55 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\CYPCPMEOI.job [2012.11.02 09:31:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.02 09:31:45 | 2616,692,736 | -HS- | M] () -- C:\hiberfil.sys [2012.11.01 15:48:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294034856-2273291575-2137914815-1001UA.job [2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe [2012.11.01 08:58:09 | 000,412,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.31 23:26:26 | 000,211,210 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg [2012.10.31 23:20:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.29 18:48:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294034856-2273291575-2137914815-1001Core.job [2012.10.29 17:56:42 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.27 15:55:36 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.24 13:34:12 | 000,086,016 | RHS- | M] () -- C:\Windows\System32\eappprxyz.dll ========== Files Created - No Company Name ========== [2012.10.31 23:25:09 | 000,211,210 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg [2012.10.31 23:20:38 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.24 13:34:12 | 000,086,016 | RHS- | C] () -- C:\Windows\System32\eappprxyz.dll [2012.10.24 13:34:12 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\CYPCPMEOI.job [2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.11.11 17:50:03 | 000,036,352 | ---- | C] () -- C:\Windows\System32\uninst_Zyxel.exe [2011.11.11 17:50:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll [2011.11.11 17:50:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe [2011.11.11 17:50:03 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.dll [2011.11.04 10:43:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.11.04 10:43:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2011.11.04 10:43:00 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2011.11.04 10:42:41 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.07.29 13:36:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.07.29 13:35:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.11.07 09:43:12 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010.11.07 09:43:12 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.10.29 10:55:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.31 22:45:49 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ad-Aware Antivirus [2012.07.17 21:44:03 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Babylon [2012.06.16 10:34:38 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Canneverbe Limited [2012.10.31 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Dropbox [2012.07.26 20:08:20 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoft [2012.07.22 10:20:13 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.16 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Epson [2010.11.12 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\FrostWire [2010.09.27 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\GetRightToGo [2012.10.24 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite [2012.09.04 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\OpenOffice.org [2012.08.29 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\ProtectDISC [2011.10.18 13:32:57 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\PunkBuster [2010.09.21 10:13:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Thunderbird [2010.09.23 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > Hier die andere Textdatei extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.11.2012 09:37:45 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jrcpower\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 60,32% Memory free
12,50 Gb Paging File | 11,12 Gb Available in Paging File | 88,96% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 4,84 Gb Free Space | 15,50% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 91,94 Gb Free Space | 45,59% Space Free | Partition Type: NTFS
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "D:\Programme\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "D:\Programme\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AAD733-6BBC-4086-B790-C1C767E2B107}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0801CF89-F964-424F-9629-B2709504A824}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0CCE81DA-FD75-45F0-AA83-10DB325ED270}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{121ED337-38B8-4DA4-A34F-9071C74B1982}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1577C8F1-37C3-49AB-88FC-C596AA836FA6}" = rport=139 | protocol=6 | dir=out | app=system |
"{22255C3A-4543-461A-A605-344C0C425097}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D6C0C1E-E7FC-42D6-A957-9384C8401D9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{348476BE-44E2-4242-9DD8-90391F630AA9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3ADD6153-6DF2-411B-910C-494FA592A391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E1C49A3-7233-4FBA-B25F-0E3DEDF6C04A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4403E5C8-0E98-4FDE-AAA0-2A2DABD3A43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47896D60-87A2-47D3-9A4A-D2B9D23C716D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49C0AB16-73E2-46D1-BCD5-15A5B8074FC9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C7C21B9-B15F-4E35-81BC-D761CBE04329}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{532684C4-A8C5-4B5F-BAC6-AD2B38FA3C6A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5A8D4C9E-8EAD-4A2E-B53B-7960FE1D1A11}" = rport=445 | protocol=6 | dir=out | app=system |
"{5CBA1931-0687-4445-AEF5-78C5CEFA4B98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{60A569F6-8102-40DA-9719-EDE5E2F71D83}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B41757F-9869-4B74-BBA2-1CE8961F9CBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E8FA48F-5769-4A8B-BEE9-10AC081EBBA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7D92A9D8-3BBA-4935-8204-3A8A12F0A8D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{877D7B32-DCC6-45F3-A840-63F190548D9D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{892A32A7-6BA3-48F0-8569-A12D6C02BF7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A4596DB-6943-4915-B008-205505144454}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9CE9092E-AE23-4F1E-812F-F53D76D93406}" = rport=137 | protocol=17 | dir=out | app=system |
"{9E1FAF71-3FC0-45EF-B7C1-5F481885F01F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F01526C-EE06-464C-95F6-0E8D5CFBBA60}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1EE8C98-E053-4957-9F19-A2C5C6F1E74B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4BEAD71-68FD-41A3-9A5E-4E7654E8C8AA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B5B618AA-9DA3-448B-B3BF-D78ABBE2AA16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B65DEEBA-828B-4980-8171-353C94C2C9BB}" = lport=138 | protocol=17 | dir=in | app=system |
"{B6A0BE88-18CC-4AAC-B85A-0A4A774D5C29}" = rport=138 | protocol=17 | dir=out | app=system |
"{BAE1CAF4-9B2E-490E-A6F9-4DC5936BD394}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C7C9F71F-3AFF-4556-A108-532FA685E2B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CB8024CE-99CA-47B3-9960-5549CBE1F00E}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{D139BF72-BED9-47A3-82ED-1CEC7C585EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF9F644C-AEB9-46F8-916E-FE94EA52FDED}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{EF2E01ED-4FBE-4B9A-B248-892A89561A99}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1B4C304-B6CC-4C0A-82E9-AE75106C8B33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4507949-3184-4CB7-B1D4-AC128F8638F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A39F57-8706-49BC-AE25-B47D8859876A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0527F5B5-CB80-4C17-92C0-297F7BD3C5F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{165040B3-D793-42E6-BF95-015C3183AC7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1ADD5FA2-4A04-44FF-AE4F-3276CB718F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1B891D0D-3877-436F-883E-ED85F6F4A533}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{201D075B-9967-422F-9C5B-8B9DEB1076C0}" = protocol=17 | dir=in | app=d:\spiele\ar\acrmp.exe |
"{2F634716-0BCC-41F4-96B6-A6257B2369C7}" = protocol=17 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe |
"{305EBC9D-0414-412A-8740-CE569937F267}" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe |
"{396CB981-09C4-4751-9E85-47694D31C877}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43F9F702-3C64-4FC2-BCE0-BD87102FA6C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49705BF8-30E8-45F2-82BB-2D5FAC4FA97A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A3D9791-4A55-46EE-9FC9-CFE4E3076DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5426D7CE-2337-42D8-94E7-B690F45EB176}" = protocol=6 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe |
"{550D288C-ECAA-4A87-A3D1-BF04E69C2303}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{570FE4B9-E6C4-4C25-BF38-61B24C5897A1}" = protocol=17 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe |
"{5E968C66-DDE5-4E6A-9AA6-7F7150CA8920}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F66AF29-A6B2-498B-9286-D446FA5866DB}" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"{63C5F4F3-FD79-45C2-8A3C-B07654A9125B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{696229D4-B28C-4982-A7BA-7768FC623CF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7A7118CC-2367-4A6B-AF95-8C9E66DA72BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{807F3CEF-DC32-4F26-9BCC-F0AA55123E24}" = protocol=6 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe |
"{811EB95F-1E4C-4D0F-96F3-211789F457FB}" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe |
"{88071B90-86FC-4A89-B8CF-4DD2B1E65A20}" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"{892412F1-9336-4CE2-BB9C-E81B38A15029}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{89C951F3-269E-40B2-947F-0EED701FED77}" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"{9367FD16-5782-4BBF-810A-DFA8F3A929B5}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe |
"{93C53593-5A3D-444A-841A-8F67F5226D30}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"{949C6887-E091-4E9D-9143-A83A46D75261}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe |
"{951F78A4-C28E-4496-AC85-1BB25B2D9694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F88BE81-B615-4725-A550-989D10F279D5}" = dir=in | app=d:\programme\itunes\itunes.exe |
"{A468E70B-F0CE-4149-81F3-70513EBE79D4}" = protocol=6 | dir=out | app=system |
"{A70F4D59-8FCB-4C4C-B747-B3DA902CB454}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B41115EB-E2B9-4572-9D7B-1B7E6D0EDDB0}" = protocol=6 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe |
"{BB98245E-92BA-464A-944D-FADD96EF2613}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C0072E90-AD95-41B7-8A72-67EA83FF45C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7E3CE35-57AF-4EBA-B85B-374853EF4BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA8070DE-47EA-4F25-AF43-501ABF4F36CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEC70105-AE4D-4AC7-A2ED-0AB13D2121A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E23C662F-1D88-41C0-B4F3-1A9168BE2C1B}" = protocol=6 | dir=in | app=d:\spiele\ar\acrmp.exe |
"{E45F4938-2EBD-44C6-855D-BA17AD8A2221}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E512A5E8-88F1-4093-A8E9-1474A66D2091}" = protocol=17 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe |
"{EEC9C7A6-98DF-48AE-ADFA-563FD903D734}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F14CD823-0F22-40C4-819B-279BA03EFF72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F42D75CA-1258-4B78-BE56-D0D50AD292A6}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"{F5AAEC62-970B-4E18-BB11-674756AD07B3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{FC5FC8F4-E523-4377-9C8B-EACEAF1A332E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FFCF59FD-4CFC-47B8-AA99-1571599A5ED6}" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"TCP Query User{14A329F8-D93B-4327-9C7A-C34F8EEF2D18}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe |
"TCP Query User{3100C982-3B2C-4925-8DC4-B9037908B753}D:\spiele\ar\acrsp.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe |
"TCP Query User{8BFD81E3-D4D3-4D42-A539-051ED5B473C4}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe |
"TCP Query User{9B13FE7E-FB60-4B5B-823E-98507F919B65}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"TCP Query User{DC44205E-9FC5-48A1-9E65-BA828CF07980}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{DE5BF792-0880-4540-A997-BFB5130FAD17}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"TCP Query User{F5D68DFE-6CF9-459C-9A42-C19C4F8E8B4A}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{00EB192D-2D9A-4808-9AA4-13C67C38DF46}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"UDP Query User{13C20B0A-D696-45BB-B8BC-B1DD26A0035F}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{2BE1E0AD-3041-43CF-98AC-4C5AD4731375}D:\spiele\ar\acrsp.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe |
"UDP Query User{3D862BFE-5B6E-4BDD-8E9F-706272CB9CB1}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"UDP Query User{85BB992B-F906-4FDE-BBD8-029F01B0E1C5}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"UDP Query User{8B5CC288-FAB7-45CF-817F-027D03985C82}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe |
"UDP Query User{E85E56C1-8707-4959-BD18-AE9337539809}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2B48B3C5-B596-4822-A148-837B11885CB5}" = Lost Horizon
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
"{95DC4B07-1FA6-36FF-5D57-D73CF3E9B504}" = AMD Fuel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{C91E0E26-FAA3-45A0-B656-02324566F960}" = Zarb in OpenOffice 4.1
"{CBDCD881-26A0-2C09-5AAF-49829727BA0F}" = AMD Drag and Drop Transcoding
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3175897-A6B7-B940-F0D7-877281892786}" = ccc-utility
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IrfanView" = IrfanView (remove only)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SopCast" = SopCast 3.5.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.10.2012 23:11:45 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14087
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = ESENT | ID = 455
Description = Windows (2608) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS003D0.log.
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 9000
Description =
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 7010
Description =
[ System Events ]
Error - 01.11.2012 05:21:50 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
Error - 01.11.2012 05:21:49 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 01.11.2012 07:52:47 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 01.11.2012 07:53:03 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 01.11.2012 07:53:06 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description =
Error - 01.11.2012 07:53:06 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
Error - 02.11.2012 04:31:56 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 02.11.2012 04:32:12 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 02.11.2012 04:32:16 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description =
Error - 02.11.2012 04:32:16 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
< End of report >
[/code] und zu guter letzt: die textdatei vom ccleaner Code:
ATTFilter BYY FineReader 9.0 Sprint ABBYY 15.02.2012 9.01.513.58212 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 29.10.2012 6,00MB 10.3.183.29 Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 04.09.2012 118MB 10.1.4 AMD Catalyst Install Manager Advanced Micro Devices, Inc. 02.10.2012 20,2MB 8.0.881.0 Apple Application Support Apple Inc. 24.05.2012 61,0MB 2.1.7 Apple Mobile Device Support Apple Inc. 24.05.2012 24,3MB 5.1.1.4 Apple Software Update Apple Inc. 22.04.2012 2,38MB 2.1.3.127 Assassin's Creed Revelations Ubisoft 19.12.2011 1.01 Avira Free Antivirus Avira 12.09.2012 124MB 12.0.0.1199 Batman: Arkham Asylum Eidos Interactive Limited 03.08.2012 1.0.0.0 Batman: Arkham City™ WB Games 27.11.2011 1.0.0000.131 Bonjour Apple Inc. 24.05.2012 1,02MB 3.0.0.10 CCleaner Piriform 24.10.2012 3.24 CDBurnerXP CDBurnerXP 16.06.2012 12,1MB 4.4.1.3184 DivX-Setup DivX, LLC 25.06.2012 2.6.1.9 Dropbox Dropbox, Inc. 02.06.2012 1.4.7 EA Download Manager UI Electronic Arts 23.09.2010 6.0.4.124 EVEREST Home Edition v2.20 Lavalys Inc 20.08.2012 2.20 Free YouTube Download version 3.1.31.706 DVDVideoSoft Ltd. 22.07.2012 87,1MB 3.1.31.706 Free YouTube to MP3 Converter version 3.8 DVDVideoSoft Limited. 03.11.2010 32,0MB FUSSBALL MANAGER 12 Electronic Arts 21.03.2012 6,56GB 1.0.0.3 Google Chrome Google Inc. 03.10.2010 21.0.1180.83 Grand Theft Auto IV Rockstar Games 29.10.2010 1.00.0000 HotPotatoes v 6.3.0.4 HalfBaked 12.09.2012 IrfanView (remove only) Irfan Skiljan 01.11.2012 1,50MB 4.32 iTunes Apple Inc. 24.05.2012 156MB 10.6.1.7 Java(TM) 6 Update 37 Oracle 09.09.2012 95,7MB 6.0.370 Logitech Touch Mouse Server 1.0 Logitech Inc. 05.06.2012 1.0 Lost Horizon Deep Silver 29.08.2012 1.00 Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 29.10.2012 19,4MB 1.65.1.1000 Mein CEWE FOTOBUCH CEWE COLOR AG u Co. OHG 31.10.2012 238MB 4.8.5 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 21.09.2010 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 21.09.2010 2,93MB 4.0.30319 Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 21.02.2012 31,3MB 3.5.92.0 Microsoft Games for Windows Marketplace Microsoft Corporation 27.11.2011 6,03MB 3.5.50.0 Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 04.10.2010 7,71MB 8.0.50727.42 Microsoft Silverlight Microsoft Corporation 03.09.2012 83,0MB 5.1.10411.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 26.01.2012 252KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 03.08.2012 2,38MB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 02.11.2011 234KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 04.10.2010 240KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.09.2010 596KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 27.11.2011 1,19MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 14.05.2012 12,2MB 10.0.40219 Mozilla Maintenance Service Mozilla 13.10.2012 216KB 16.0.1 Mozilla Thunderbird 16.0.1 (x86 de) Mozilla 13.10.2012 42,1MB 16.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.10.2010 35,0KB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 11.10.2010 1,33MB 4.20.9876.0 NVIDIA PhysX NVIDIA Corporation 03.08.2012 120MB 9.09.0814 ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 29.08.2012 11.0.0.14 QuickTime Apple Inc. 24.05.2012 73,2MB 7.72.80.56 Rockstar Games Social Club Rockstar Games 29.10.2010 1.00.0000 Skype Toolbars Skype Technologies S.A. 29.10.2010 7,83MB 5.0.4126 Skype™ 5.10 Skype Technologies S.A. 16.08.2012 36,2MB 5.10.116 SopCast 3.5.0 www.sopcast.com 04.03.2012 3.5.0 Ubisoft Game Launcher UBISOFT 23.09.2010 1.0.0.0 Uninstall 1.0.0.1 03.11.2010 10,5MB Windows Live ID Sign-in Assistant Microsoft Corporation 27.11.2011 5,51MB 6.500.3165.0 Windows Media Player Firefox Plugin Microsoft Corp 14.08.2012 296KB 1.0.0.8 WinRAR 10.11.2010 Zarb in OpenOffice 4.1 Hans Zybura Software 12.09.2012 4,12MB 4.1 |
|
02.11.2012, 17:55
| #4 | |
| /// Helfer-Team | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis Systembereinigung und Prüfung: ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück! Nur bei Probleme inzwischen melden! 1. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8ED79CB93711742258EEFB508EB1445D&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.startup.homepage: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.2
FF - prefs.js..keyword.URL: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=8ED79CB93711742258EEFB508EB1445D&q="
[2011.04.18 13:00:45 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.18 13:00:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\engine@conduit.com
[2012.10.29 17:39:34 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2010.09.22 20:01:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\vshare@toolbar
[2012.10.29 17:39:33 | 000,000,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q File not found
O4 - HKCU..\RunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Users\jrcpower\AppData\Local\adawarebp" /s /q File not found
O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
:Files
C:\Users\jrcpower\AppData\Roaming\LavasoftStatistics
C:\ProgramData\Lavasoft
C:\Users\jrcpower\AppData\Roaming\LavasoftStatistics
C:\ProgramData\Lavasoft
C:\Users\jrcpower\AppData\Local\adawarebp
C:\ProgramData\Ad-Aware Browsing Protection
C:\Users\jrcpower\AppData\Roaming\Ad-Aware Antivirus
C:\Users\jrcpower\AppData\Roaming\Babylon
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. alte Java Version Deinstallieren, neue installieren: Code:
ATTFilter Java(TM) 6 Update 37
Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 3. Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!: -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 4. Alle Programme/Fenster schliessen reinige dein System mit CCleaner:
5. Vorbereitung
Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
6. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
03.11.2012, 13:39
| #5 |
| | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis hallo, vorneweg: die probleme sind noch da. die umleitung erfolgt weiter und das windows sicherheitscenter lässt sich nicht aktivieren. muss ich wohl den pc neu aufsetzen, oder? hier noch die files /logs eset Code:
ATTFilter
C:\Users\jrcpower\Downloads\flash-downloader (1).exe a variant of Win32/InstallShare.A application cleaned by deleting - quarantined
C:\Users\jrcpower\Downloads\flash-downloader (2).exe a variant of Win32/InstallShare.A application cleaned by deleting - quarantined
C:\Users\jrcpower\Downloads\flash-downloader.exe a variant of Win32/InstallShare.A application cleaned by deleting - quarantined
H:\JRCPOWER-PC\Backup Set 2012-11-01 140804\Backup Files 2012-11-01 140804\Backup files 6.zip a variant of Win32/InstallShare.A application deleted - quarantined
extra OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.11.2012 13:21:51 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jrcpower\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 68,54% Memory free
12,50 Gb Paging File | 11,61 Gb Available in Paging File | 92,92% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 5,17 Gb Free Space | 16,55% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 92,14 Gb Free Space | 45,70% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 310,30 Gb Free Space | 66,64% Space Free | Partition Type: FAT32
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "D:\Programme\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "D:\Programme\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AAD733-6BBC-4086-B790-C1C767E2B107}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0801CF89-F964-424F-9629-B2709504A824}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0CCE81DA-FD75-45F0-AA83-10DB325ED270}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{121ED337-38B8-4DA4-A34F-9071C74B1982}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1577C8F1-37C3-49AB-88FC-C596AA836FA6}" = rport=139 | protocol=6 | dir=out | app=system |
"{22255C3A-4543-461A-A605-344C0C425097}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D6C0C1E-E7FC-42D6-A957-9384C8401D9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{348476BE-44E2-4242-9DD8-90391F630AA9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3ADD6153-6DF2-411B-910C-494FA592A391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E1C49A3-7233-4FBA-B25F-0E3DEDF6C04A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4403E5C8-0E98-4FDE-AAA0-2A2DABD3A43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47896D60-87A2-47D3-9A4A-D2B9D23C716D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49C0AB16-73E2-46D1-BCD5-15A5B8074FC9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C7C21B9-B15F-4E35-81BC-D761CBE04329}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{532684C4-A8C5-4B5F-BAC6-AD2B38FA3C6A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5A8D4C9E-8EAD-4A2E-B53B-7960FE1D1A11}" = rport=445 | protocol=6 | dir=out | app=system |
"{5CBA1931-0687-4445-AEF5-78C5CEFA4B98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{60A569F6-8102-40DA-9719-EDE5E2F71D83}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B41757F-9869-4B74-BBA2-1CE8961F9CBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E8FA48F-5769-4A8B-BEE9-10AC081EBBA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7D92A9D8-3BBA-4935-8204-3A8A12F0A8D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{877D7B32-DCC6-45F3-A840-63F190548D9D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{892A32A7-6BA3-48F0-8569-A12D6C02BF7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A4596DB-6943-4915-B008-205505144454}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9CE9092E-AE23-4F1E-812F-F53D76D93406}" = rport=137 | protocol=17 | dir=out | app=system |
"{9E1FAF71-3FC0-45EF-B7C1-5F481885F01F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F01526C-EE06-464C-95F6-0E8D5CFBBA60}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1EE8C98-E053-4957-9F19-A2C5C6F1E74B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4BEAD71-68FD-41A3-9A5E-4E7654E8C8AA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B5B618AA-9DA3-448B-B3BF-D78ABBE2AA16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B65DEEBA-828B-4980-8171-353C94C2C9BB}" = lport=138 | protocol=17 | dir=in | app=system |
"{B6A0BE88-18CC-4AAC-B85A-0A4A774D5C29}" = rport=138 | protocol=17 | dir=out | app=system |
"{BAE1CAF4-9B2E-490E-A6F9-4DC5936BD394}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C7C9F71F-3AFF-4556-A108-532FA685E2B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CB8024CE-99CA-47B3-9960-5549CBE1F00E}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{D139BF72-BED9-47A3-82ED-1CEC7C585EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF9F644C-AEB9-46F8-916E-FE94EA52FDED}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{EF2E01ED-4FBE-4B9A-B248-892A89561A99}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1B4C304-B6CC-4C0A-82E9-AE75106C8B33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4507949-3184-4CB7-B1D4-AC128F8638F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A39F57-8706-49BC-AE25-B47D8859876A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0527F5B5-CB80-4C17-92C0-297F7BD3C5F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{165040B3-D793-42E6-BF95-015C3183AC7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1ADD5FA2-4A04-44FF-AE4F-3276CB718F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1B891D0D-3877-436F-883E-ED85F6F4A533}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{201D075B-9967-422F-9C5B-8B9DEB1076C0}" = protocol=17 | dir=in | app=d:\spiele\ar\acrmp.exe |
"{2F634716-0BCC-41F4-96B6-A6257B2369C7}" = protocol=17 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe |
"{305EBC9D-0414-412A-8740-CE569937F267}" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe |
"{396CB981-09C4-4751-9E85-47694D31C877}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43F9F702-3C64-4FC2-BCE0-BD87102FA6C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49705BF8-30E8-45F2-82BB-2D5FAC4FA97A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A3D9791-4A55-46EE-9FC9-CFE4E3076DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5426D7CE-2337-42D8-94E7-B690F45EB176}" = protocol=6 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe |
"{550D288C-ECAA-4A87-A3D1-BF04E69C2303}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{570FE4B9-E6C4-4C25-BF38-61B24C5897A1}" = protocol=17 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe |
"{5E968C66-DDE5-4E6A-9AA6-7F7150CA8920}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F66AF29-A6B2-498B-9286-D446FA5866DB}" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"{63C5F4F3-FD79-45C2-8A3C-B07654A9125B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{696229D4-B28C-4982-A7BA-7768FC623CF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6B7CCA9D-931F-4735-A51D-035D58926208}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"{7A7118CC-2367-4A6B-AF95-8C9E66DA72BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{807F3CEF-DC32-4F26-9BCC-F0AA55123E24}" = protocol=6 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe |
"{811EB95F-1E4C-4D0F-96F3-211789F457FB}" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe |
"{88071B90-86FC-4A89-B8CF-4DD2B1E65A20}" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"{892412F1-9336-4CE2-BB9C-E81B38A15029}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{89C951F3-269E-40B2-947F-0EED701FED77}" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"{9367FD16-5782-4BBF-810A-DFA8F3A929B5}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe |
"{93C53593-5A3D-444A-841A-8F67F5226D30}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"{949C6887-E091-4E9D-9143-A83A46D75261}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe |
"{951F78A4-C28E-4496-AC85-1BB25B2D9694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F88BE81-B615-4725-A550-989D10F279D5}" = dir=in | app=d:\programme\itunes\itunes.exe |
"{A468E70B-F0CE-4149-81F3-70513EBE79D4}" = protocol=6 | dir=out | app=system |
"{A70F4D59-8FCB-4C4C-B747-B3DA902CB454}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B41115EB-E2B9-4572-9D7B-1B7E6D0EDDB0}" = protocol=6 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe |
"{BB98245E-92BA-464A-944D-FADD96EF2613}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C0072E90-AD95-41B7-8A72-67EA83FF45C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3AA1C41-E6CC-4C75-994B-EFD261F18F53}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"{C7E3CE35-57AF-4EBA-B85B-374853EF4BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA8070DE-47EA-4F25-AF43-501ABF4F36CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEC70105-AE4D-4AC7-A2ED-0AB13D2121A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E23C662F-1D88-41C0-B4F3-1A9168BE2C1B}" = protocol=6 | dir=in | app=d:\spiele\ar\acrmp.exe |
"{E45F4938-2EBD-44C6-855D-BA17AD8A2221}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E512A5E8-88F1-4093-A8E9-1474A66D2091}" = protocol=17 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe |
"{EEC9C7A6-98DF-48AE-ADFA-563FD903D734}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F14CD823-0F22-40C4-819B-279BA03EFF72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F42D75CA-1258-4B78-BE56-D0D50AD292A6}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"{F5AAEC62-970B-4E18-BB11-674756AD07B3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{FC5FC8F4-E523-4377-9C8B-EACEAF1A332E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FFCF59FD-4CFC-47B8-AA99-1571599A5ED6}" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"TCP Query User{14A329F8-D93B-4327-9C7A-C34F8EEF2D18}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe |
"TCP Query User{3100C982-3B2C-4925-8DC4-B9037908B753}D:\spiele\ar\acrsp.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe |
"TCP Query User{8BFD81E3-D4D3-4D42-A539-051ED5B473C4}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe |
"TCP Query User{9B13FE7E-FB60-4B5B-823E-98507F919B65}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"TCP Query User{DC44205E-9FC5-48A1-9E65-BA828CF07980}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{DE5BF792-0880-4540-A997-BFB5130FAD17}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"TCP Query User{F5D68DFE-6CF9-459C-9A42-C19C4F8E8B4A}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{00EB192D-2D9A-4808-9AA4-13C67C38DF46}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"UDP Query User{13C20B0A-D696-45BB-B8BC-B1DD26A0035F}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{2BE1E0AD-3041-43CF-98AC-4C5AD4731375}D:\spiele\ar\acrsp.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe |
"UDP Query User{3D862BFE-5B6E-4BDD-8E9F-706272CB9CB1}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"UDP Query User{85BB992B-F906-4FDE-BBD8-029F01B0E1C5}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"UDP Query User{8B5CC288-FAB7-45CF-817F-027D03985C82}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe |
"UDP Query User{E85E56C1-8707-4959-BD18-AE9337539809}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2B48B3C5-B596-4822-A148-837B11885CB5}" = Lost Horizon
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
"{95DC4B07-1FA6-36FF-5D57-D73CF3E9B504}" = AMD Fuel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{C91E0E26-FAA3-45A0-B656-02324566F960}" = Zarb in OpenOffice 4.1
"{CBDCD881-26A0-2C09-5AAF-49829727BA0F}" = AMD Drag and Drop Transcoding
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3175897-A6B7-B940-F0D7-877281892786}" = ccc-utility
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IrfanView" = IrfanView (remove only)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SopCast" = SopCast 3.5.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.11.2012 22:43:46 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5024
Error - 02.11.2012 22:43:46 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5024
Error - 02.11.2012 22:43:47 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.11.2012 22:43:47 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6022
Error - 02.11.2012 22:43:47 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6022
Error - 02.11.2012 22:43:48 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.11.2012 22:43:48 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7020
Error - 02.11.2012 22:43:48 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020
Error - 02.11.2012 22:43:49 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.11.2012 22:43:49 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8019
Error - 02.11.2012 22:43:49 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8019
[ System Events ]
Error - 03.11.2012 05:33:18 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
Error - 03.11.2012 05:33:18 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 31004
Description =
Error - 03.11.2012 05:43:16 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 03.11.2012 05:43:31 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 03.11.2012 05:43:34 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description =
Error - 03.11.2012 05:43:34 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
Error - 03.11.2012 05:50:57 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 03.11.2012 05:51:05 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 03.11.2012 05:51:13 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description =
Error - 03.11.2012 05:51:13 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
< End of report >
otl OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.11.2012 13:21:51 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jrcpower\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 68,54% Memory free 12,50 Gb Paging File | 11,61 Gb Available in Paging File | 92,92% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 31,25 Gb Total Space | 5,17 Gb Free Space | 16,55% Space Free | Partition Type: NTFS Drive D: | 201,64 Gb Total Space | 92,14 Gb Free Space | 45,70% Space Free | Partition Type: NTFS Drive H: | 465,64 Gb Total Space | 310,30 Gb Free Space | 66,64% Space Free | Partition Type: FAT32 Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\jrcpower\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\Temp\AVSETUP_5094e86c\setup.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - D:\Programme\winrar\RarExt.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AMD FUEL Service) -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found DRV - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AODDriver4.1) -- D:\Programme\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.) DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (EverestDriver) -- D:\Programme\EVEREST Home Edition\kerneld.wnt () DRV - (ZD1211U(ZyXEL) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 3F 8F F3 A8 B9 CD 01 [binary data] IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.11 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.04 10:36:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.04 10:37:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 09:54:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M] [2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions [2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.03 10:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions [2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010.11.03 17:07:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.18 13:00:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com [2011.04.18 13:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com-trash [2012.11.03 10:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.09.04 10:36:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2011.10.18 20:03:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.18 20:03:30 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.18 20:03:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.18 20:03:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.18 20:03:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\Itunes\Mozilla Plugins\npitunes.dll CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{503B3F7C-5DDB-480B-A91E-701861BD2437}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C55F52-4B89-4B02-B6C4-356AC4DEE8DD}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.03 10:45:20 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris [2012.11.03 10:31:54 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.01 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\MigWiz [2012.11.01 14:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.11.01 13:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe [2012.10.31 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.10.31 23:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.31 22:42:44 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.10.29 17:56:42 | 000,404,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.29 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Downloaded Installations [2012.10.29 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Malwarebytes [2012.10.29 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.29 17:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.29 17:19:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.26 18:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH [2012.10.24 23:36:18 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\ElevatedDiagnostics [2012.10.24 12:34:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite [2012.10.13 14:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.10.13 14:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.10.10 22:37:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 22:36:53 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.10.10 22:36:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.10.10 22:36:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.10.10 22:36:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 22:36:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 22:36:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.10.10 22:36:40 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.10.10 22:36:39 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.09.12 14:46:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx ========== Files - Modified Within 30 Days ========== [2012.11.03 13:10:50 | 000,001,441 | ---- | M] () -- C:\scu.dat [2012.11.03 12:48:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294034856-2273291575-2137914815-1001UA.job [2012.11.03 10:56:00 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 10:56:00 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.03 10:55:10 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.03 10:55:10 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.03 10:55:10 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.03 10:55:10 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.03 10:50:57 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\CYPCPMEOI.job [2012.11.03 10:50:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.03 10:50:35 | 2616,692,736 | -HS- | M] () -- C:\hiberfil.sys [2012.11.03 10:42:09 | 000,001,240 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg [2012.11.02 09:42:15 | 000,003,676 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg [2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe [2012.11.01 08:58:09 | 000,412,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.31 23:26:26 | 000,211,210 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg [2012.10.31 23:20:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.29 18:48:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294034856-2273291575-2137914815-1001Core.job [2012.10.29 17:56:42 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.24 13:34:12 | 000,086,016 | RHS- | M] () -- C:\Windows\System32\eappprxyz.dll ========== Files Created - No Company Name ========== [2012.11.03 11:20:46 | 000,001,441 | ---- | C] () -- C:\scu.dat [2012.11.03 10:42:05 | 000,001,240 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg [2012.11.02 09:42:13 | 000,003,676 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg [2012.10.31 23:25:09 | 000,211,210 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg [2012.10.31 23:20:38 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.24 13:34:12 | 000,086,016 | RHS- | C] () -- C:\Windows\System32\eappprxyz.dll [2012.10.24 13:34:12 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\CYPCPMEOI.job [2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.11.11 17:50:03 | 000,036,352 | ---- | C] () -- C:\Windows\System32\uninst_Zyxel.exe [2011.11.11 17:50:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll [2011.11.11 17:50:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe [2011.11.11 17:50:03 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.dll [2011.11.04 10:43:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.11.04 10:43:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2011.11.04 10:43:00 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2011.11.04 10:42:41 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.07.29 13:36:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.07.29 13:35:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.11.07 09:43:12 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010.11.07 09:43:12 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.10.29 10:55:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.16 10:34:38 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Canneverbe Limited [2012.10.31 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Dropbox [2012.07.26 20:08:20 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoft [2012.07.22 10:20:13 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.16 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Epson [2010.11.12 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\FrostWire [2010.09.27 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\GetRightToGo [2012.10.24 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite [2012.09.04 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\OpenOffice.org [2012.08.29 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\ProtectDISC [2011.10.18 13:32:57 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\PunkBuster [2010.09.21 10:13:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Thunderbird [2010.09.23 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > hab leider die textdatei nach dem fix von otl nicht gespeichert.... danke für die hilfe gruß |
|
03.11.2012, 21:26
| #6 | |
| /// Helfer-Team | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis 1. Dir bekannt?: Code:
ATTFilter C:\Windows\tasks\CYPCPMEOI.job
oder unter Systemsteuerung –> System und Sicherheit –> Verwaltung den Punkt “Aufgabenplanung” wenn nicht kannst Du löschen 2. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. Nur für 32-Bit-Systeme Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen : Anleitung:-> Rootkit-Suche mit Gmer ► WENN das Tool GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort! 4. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
__________________ --> Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis Geändert von kira (03.11.2012 um 21:37 Uhr) |
|
07.11.2012, 20:11
| #7 |
| | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis mbr Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: SAMSUNG_SP2504C rev.VT100-41 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-5
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[0x82C7CBC5] -> \Device\Harddisk0\DR0[0x863D49A8]
3 CLASSPNP[0x8BF9F59E] -> ntkrnlpa!IofCallDriver[0x82C7CBC5] -> [0x86288F08]
5 ACPI[0x8B9B43D4] -> ntkrnlpa!IofCallDriver[0x82C7CBC5] -> \Device\Ide\IdeDeviceP3T1L0-5[0x85E89030]
kernel: MBR read successfully
user & kernel MBR OK
[code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-07 20:10:04
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-5 SAMSUNG_SP2504C rev.VT100-41
Running: 2j5q1n4t.exe; Driver: C:\Users\jrcpower\AppData\Local\Temp\uwddrkoc.sys
---- System - GMER 1.0.15 ----
SSDT 918E8EF6 ZwCreateSection
SSDT 918E8F00 ZwRequestWaitReplyPort
SSDT 918E8EFB ZwSetContextThread
SSDT 918E8F05 ZwSetSecurityObject
SSDT 918E8F0A ZwSystemDebugControl
SSDT 918E8E97 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C83A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBD4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CC462C 4 Bytes [F6, 8E, 8E, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82CC4988 4 Bytes [00, 8F, 8E, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82CC49CC 4 Bytes [FB, 8E, 8E, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82CC4A48 4 Bytes [05, 8F, 8E, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82CC4A9C 4 Bytes [0A, 8F, 8E, 91]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92021000, 0x3DBAA0, 0xE8000020]
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x98F9569D]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\rundll32.exe[1580] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [755DFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1580] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [755DFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1580] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [755DFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1580] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [755DFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1580] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [755DFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:1212] A1B04F2E
---- EOF - GMER 1.0.15 ----
danke |
|
07.11.2012, 20:51
| #8 |
| /// Helfer-Team | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis 1. Vor dem nächsten Schritt, also bevor wir weitermachen: Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw) ►Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - ►Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks Mache das jetzt bitte! 2. Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment). Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint. Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread. Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop. Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen. Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
12.11.2012, 15:20
| #9 |
| | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis Combofix Logfile: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-11-12.02 - jrcpower 12.11.2012 15:13:39.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3327.2470 [GMT 1:00]
ausgeführt von:: c:\users\jrcpower\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-12 bis 2012-11-12 ))))))))))))))))))))))))))))))
.
.
2012-11-12 14:17 . 2012-11-12 14:18 -------- d-----w- c:\users\jrcpower\AppData\Local\temp
2012-11-07 19:07 . 2012-11-07 19:06 89088 ----a-w- c:\windows\system32\mbr.exe
2012-11-06 17:26 . 2012-11-06 17:26 -------- d-----w- c:\users\jrcpower\AppData\Local\Macromedia
2012-11-04 18:46 . 2012-11-04 18:46 -------- d-----w- c:\program files\OnlineFotoservice
2012-11-04 18:29 . 2012-11-04 18:52 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-03 13:31 . 2012-11-03 13:32 -------- d-----w- c:\users\jrcpower\AppData\Local\Diagnostics
2012-11-03 12:41 . 2012-11-03 12:41 -------- d-----w- c:\users\jrcpower\AppData\Roaming\Avira
2012-11-03 12:39 . 2012-11-03 12:39 -------- d-----w- c:\program files\Ask.com
2012-11-03 12:39 . 2012-11-03 12:39 -------- d-----w- c:\users\jrcpower\AppData\Local\APN
2012-11-03 12:38 . 2012-10-04 11:07 133824 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-03 12:38 . 2012-09-24 08:58 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-03 12:38 . 2012-09-13 09:58 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-03 12:38 . 2012-11-03 12:38 -------- d-----w- c:\program files\Avira
2012-11-03 09:31 . 2012-11-03 09:31 -------- d-----w- C:\_OTL
2012-11-01 13:09 . 2012-11-02 08:42 -------- dc----w- c:\users\jrcpower\AppData\Local\MigWiz
2012-11-01 13:04 . 2012-11-02 08:51 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-10-31 22:20 . 2012-10-31 22:20 -------- d-----w- c:\program files\CCleaner
2012-10-29 16:56 . 2012-11-04 18:52 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-29 16:39 . 2012-10-29 16:39 -------- d-----w- c:\users\jrcpower\AppData\Local\Downloaded Installations
2012-10-29 16:20 . 2012-10-29 16:20 -------- d-----w- c:\users\jrcpower\AppData\Roaming\Malwarebytes
2012-10-29 16:19 . 2012-10-29 16:19 -------- d-----w- c:\programdata\Malwarebytes
2012-10-29 16:19 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-24 22:36 . 2012-11-03 13:32 -------- d-----w- c:\users\jrcpower\AppData\Local\ElevatedDiagnostics
2012-10-24 12:34 . 2012-10-24 12:34 86016 --sha-r- c:\windows\system32\eappprxyz.dll
2012-10-24 11:34 . 2012-10-24 11:34 -------- d-----w- c:\users\jrcpower\AppData\Roaming\K-Pacs-Lite
2012-10-23 11:46 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B728FD8-758B-494B-83B6-FECB4816BEF3}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 13:32 . 2012-09-09 08:54 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2010-11-08 16:32 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-14 18:28 . 2012-10-10 21:37 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-10 21:36 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 21:36 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 21:36 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-24 16:57 . 2012-10-10 21:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-22 17:16 . 2012-09-12 13:13 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 13:13 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 13:13 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 13:13 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 14:29 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40 . 2012-10-10 21:36 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40 . 2012-10-10 21:36 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37 . 2012-10-10 21:36 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 17:32 . 2012-10-10 21:36 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 21:36 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 21:36 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 21:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 21:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2003-03-21 11:45 . 2012-09-12 13:46 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-19 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-19 01:26 1521872 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-19 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-19 1573584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-10-16 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZyXEL G-220 Utility GUI.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZyXEL G-220 Utility GUI.lnk
backup=c:\windows\pss\ZyXEL G-220 Utility GUI.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^jrcpower^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\jrcpower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^jrcpower^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk]
path=c:\users\jrcpower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
backup=c:\windows\pss\Logitech Touch Mouse Server.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^jrcpower^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\jrcpower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- d:\programme\ITunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- d:\programme\qt\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-08-06 11:44 642216 ----a-w- d:\programme\ATI.ACE\Core-Static\CLIStart.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\programme\EVEREST Home Edition\kerneld.wnt [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 ZD1211U(ZyXEL);ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL);c:\windows\system32\DRIVERS\zd1211u.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;d:\programme\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 AODDriver4.1;AODDriver4.1;d:\programme\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 MBAMScheduler;MBAMScheduler;d:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 18:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=de_NL&apn_uid=9f06e7f1-e662-426c-864c-ee449f8ce90f&apn_ptnrs=^AGY&apn_sauid=48D3BA67-EFE0-46E4-975B-EE8B93AB6BFC&apn_dtid=^YYYYYY^YY^NL&&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\d:\programme\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1294034856-2273291575-2137914815-1001\Software\SecuROM\License information*]
"datasecu"=hex:eb,9c,6f,d8,01,c6,dc,7f,db,91,cd,99,3a,97,49,47,b7,37,bc,eb,8d,
2b,c7,f4,c7,a5,c0,0f,b9,98,7d,f4,30,e9,78,27,d9,30,05,a3,7e,ba,fd,73,b0,eb,\
"rkeysecu"=hex:5a,9a,70,98,d4,f4,4d,88,b1,95,00,ee,42,db,7f,ba
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-12 15:19:12
ComboFix-quarantined-files.txt 2012-11-12 14:19
.
Vor Suchlauf: 5.116.796.928 Bytes frei
Nach Suchlauf: 5.027.790.848 Bytes frei
.
- - End Of File - - EEB33D7A928949392005D27C6F5E3C14
|
|
13.11.2012, 04:17
| #10 |
| /// Helfer-Team | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis ► sind die Probleme behoben worden?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
13.11.2012, 11:55
| #11 |
| | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis Hallo, die Probleme wurden behoben! Jedoch als ich heute morgen den PC gestartet habe, waren sie wieder da. Das Sicherheitscenter war plötzlich wieder deaktiviert und die Umleitungen waren wieder da. Gestern abend ging alles normal. Hilft wohl nur den PC platt machen, oder? Viele Grüße jrc |
|
14.11.2012, 05:03
| #12 |
| /// Helfer-Team | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis 1. Datei-Überprüfung Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. ►Prüfende Datei/en: Code:
ATTFilter C:\Windows\System32\eappprxyz.dll
► Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!: Scanergebnisse mitsamt Dateiname! Code:
ATTFilter Datei File name:
<hier kommt die Dateiname>
Submission date:
2010-10-22 03:34:01 (UTC)
Current status:
queued queued analysing finished
Result:
.....%
VT Community
goodware/badware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.10.22.00 2010.10.21 -
AntiVir 7.10.13.15 2010.10.21 -
Antiy-AVL 2.0.3.7 2010.10.22 -
Authentium 5.2.0.5 2010.10.22 -
Avast 4.8.1351.0 2010.10.21 -
Avast5 5.0.594.0 2010.10.21 -
usw........
...werden geprüft v. mehr wie 40 Online Virus Scanner...also Geduld!!
2. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
14.11.2012, 16:53
| #13 |
| | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis ICh habe die Datei nicht gefunden! die datei gibt es nur ohne den buchstaben z am schluss: also eappprxy.dll Code:
ATTFilter SHA256: b2accabdd5d8b23e502fe691c1dee4a2c0ea20edcde5b4000557579d56d411ec
SHA1: 38db296bac848eae3b23b6cd9af7980b0ef3bde2
MD5: 666e57b6b51824d1d235f80a3dd70a13
File size: 55.0 KB ( 56320 bytes )
File name: eappprxy.dll
File type: Win32 DLL
Detection ratio: 0 / 43
Analysis date: 2012-11-14 15:38:22 UTC ( 0 Minuten ago )
00
Less details
Analysis
Comments
Votes
Additional information
Antivirus Result Update
Agnitum - 20121114
AhnLab-V3 - 20121114
AntiVir - 20121114
Antiy-AVL - 20121113
Avast - 20121114
AVG - 20121114
BitDefender - 20121114
ByteHero - 20121110
CAT-QuickHeal - 20121114
ClamAV - 20121114
Commtouch - 20121114
Comodo - 20121114
DrWeb - 20121114
Emsisoft - 20121114
eSafe - 20121112
ESET-NOD32 - 20121114
F-Prot - 20121114
F-Secure - 20121114
Fortinet - 20121114
GData - 20121114
Ikarus - 20121114
Jiangmin - 20121114
K7AntiVirus - 20121114
Kaspersky - 20121114
Kingsoft - 20121112
McAfee - 20121114
McAfee-GW-Edition - 20121114
Microsoft - 20121114
Norman - 20121112
nProtect - 20121114
Panda - 20121114
PCTools - 20121114
Rising - 20121114
Sophos - 20121114
SUPERAntiSpyware - 20121114
Symantec - 20121114
TheHacker - 20121113
TotalDefense - 20121113
TrendMicro - 20121114
TrendMicro-HouseCall - 20121114
VBA32 - 20121114
VIPRE - 20121114
ViRobot - 20121114
otl.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.11.2012 16:42:32 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jrcpower\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 67,89% Memory free 12,50 Gb Paging File | 11,08 Gb Available in Paging File | 88,67% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 31,25 Gb Total Space | 4,58 Gb Free Space | 14,67% Space Free | Partition Type: NTFS Drive D: | 201,64 Gb Total Space | 92,43 Gb Free Space | 45,84% Space Free | Partition Type: NTFS Drive H: | 465,64 Gb Total Space | 327,24 Gb Free Space | 70,28% Space Free | Partition Type: FAT32 Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.13 16:50:18 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.11.13 16:50:15 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe PRC - [2012.10.19 02:26:06 | 001,573,584 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.06 11:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.04.06 03:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.04.06 03:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe ========== Modules (No Company Name) ========== MOD - [2012.08.17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll MOD - [2012.08.17 23:28:54 | 012,236,824 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll MOD - [2012.08.17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll MOD - [2012.08.17 23:27:36 | 000,526,872 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll MOD - [2012.08.17 23:27:35 | 000,104,984 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll MOD - [2012.08.17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll MOD - [2012.08.17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll MOD - [2012.08.17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- D:\Programme\winrar\RarExt.dll ========== Services (SafeList) ========== SRV - [2012.11.13 16:50:18 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.11.04 19:52:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.01 14:04:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.06 11:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.06 03:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Programme\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\jrcpower\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys -- (AODDriver4.01) DRV - [2012.11.13 16:50:35 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.13 16:50:35 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.11.13 16:50:34 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2012.04.06 06:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.04.06 06:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.04.06 02:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.03.05 15:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- D:\Programme\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.05.06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009.08.04 10:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2009.07.16 11:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.07.29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb) DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2005.08.16 14:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZD1211U.sys -- (ZD1211U(ZyXEL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 3F 8F F3 A8 B9 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{AA4B9C3F-7F66-4975-AB57-17B0B384B733}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=9f06e7f1-e662-426c-864c-ee449f8ce90f&apn_sauid=48D3BA67-EFE0-46E4-975B-EE8B93AB6BFC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.11 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.10.100015 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=de_NL&apn_uid=9f06e7f1-e662-426c-864c-ee449f8ce90f&apn_ptnrs=^AGY&apn_sauid=48D3BA67-EFE0-46E4-975B-EE8B93AB6BFC&apn_dtid=^YYYYYY^YY^NL&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.04 10:36:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.04 10:37:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 09:54:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M] [2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions [2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.13 16:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions [2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2011.04.18 13:00:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com [2011.04.18 13:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com-trash [2012.11.03 13:40:02 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\toolbar@ask.com [2012.08.06 16:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js [2012.11.14 13:13:09 | 000,002,413 | ---- | M] () -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\searchplugins\askcom.xml [2012.11.03 10:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.09.04 10:36:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2011.10.18 20:03:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.18 20:03:30 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.18 20:03:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.18 20:03:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.18 20:03:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\Itunes\Mozilla Plugins\npitunes.dll CHR - Extension: Avira Toolbar = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.10.29869_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012.11.12 15:17:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{503B3F7C-5DDB-480B-A91E-701861BD2437}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C55F52-4B89-4B02-B6C4-356AC4DEE8DD}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 16:14:45 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2012.11.14 13:50:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2012.11.14 13:50:55 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2012.11.14 13:50:55 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys [2012.11.14 13:50:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2012.11.14 13:50:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll [2012.11.14 13:50:54 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2012.11.14 13:50:54 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2012.11.14 13:50:54 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2012.11.14 13:50:54 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll [2012.11.14 13:50:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll [2012.11.14 13:50:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2012.11.14 13:50:54 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2012.11.14 13:50:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2012.11.14 13:50:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2012.11.14 13:50:54 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2012.11.14 13:46:27 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.14 13:46:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.14 13:46:03 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.14 13:46:02 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.14 13:46:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.14 13:45:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.14 13:45:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.14 13:45:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.14 13:45:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.14 13:45:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.14 13:45:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.14 13:45:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.14 13:45:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.14 13:45:13 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.11.14 13:09:25 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.14 13:09:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.14 13:09:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.14 13:09:22 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.14 13:09:20 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.14 13:09:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.14 13:09:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.11.12 15:19:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.12 15:19:13 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\temp [2012.11.12 15:12:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.12 15:12:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.12 15:12:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.12 15:05:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.12 15:05:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.12 13:58:08 | 005,000,730 | R--- | C] (Swearware) -- C:\Users\jrcpower\Desktop\ComboFix.exe [2012.11.06 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Macromedia [2012.11.04 19:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\OnlineFotoservice [2012.11.04 19:29:14 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.03 14:31:00 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Diagnostics [2012.11.03 13:41:36 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Avira [2012.11.03 13:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.03 13:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.11.03 13:39:11 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\APN [2012.11.03 13:38:59 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.03 13:38:59 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.03 13:38:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.03 13:38:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.11.03 13:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.11.03 10:45:20 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris [2012.11.03 10:31:54 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.01 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\MigWiz [2012.11.01 14:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.11.01 13:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe [2012.10.31 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.10.31 23:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.31 22:42:44 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.10.29 17:56:42 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.29 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Downloaded Installations [2012.10.29 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Malwarebytes [2012.10.29 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.29 17:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.29 17:19:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.24 23:36:18 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\ElevatedDiagnostics [2012.10.24 12:34:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite [2012.09.12 14:46:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx ========== Files - Modified Within 30 Days ========== [2012.11.14 16:14:43 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.14 16:13:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.14 16:13:38 | 000,000,440 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.11.14 13:58:40 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 13:58:40 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 13:53:29 | 000,413,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.14 13:52:49 | 2616,692,736 | -HS- | M] () -- C:\hiberfil.sys [2012.11.14 13:49:50 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.14 13:49:50 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.14 13:49:50 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.14 13:49:50 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.13 16:50:35 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.13 16:50:35 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.13 16:50:34 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.13 11:47:53 | 000,005,306 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121113_114711.reg [2012.11.12 15:17:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.12 13:58:17 | 005,000,730 | R--- | M] (Swearware) -- C:\Users\jrcpower\Desktop\ComboFix.exe [2012.11.07 20:06:24 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2012.11.07 17:25:00 | 000,302,592 | ---- | M] () -- C:\Users\jrcpower\Desktop\2j5q1n4t.exe [2012.11.04 19:52:09 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.04 19:52:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.03 13:39:30 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.03 13:10:50 | 000,001,441 | ---- | M] () -- C:\scu.dat [2012.11.03 10:42:09 | 000,001,240 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg [2012.11.02 09:42:15 | 000,003,676 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg [2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe [2012.10.31 23:26:26 | 000,211,210 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg [2012.10.31 23:20:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.24 13:34:12 | 000,086,016 | RHS- | M] () -- C:\Windows\System32\eappprxyz.dll [2012.10.18 18:59:05 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files Created - No Company Name ========== [2012.11.14 13:46:28 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 13:46:02 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.13 11:47:46 | 000,005,306 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121113_114711.reg [2012.11.12 15:12:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.12 15:12:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.12 15:12:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.12 15:12:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.12 15:12:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.07 20:07:47 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2012.11.07 17:24:59 | 000,302,592 | ---- | C] () -- C:\Users\jrcpower\Desktop\2j5q1n4t.exe [2012.11.04 19:29:15 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.03 13:39:30 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.03 11:20:46 | 000,001,441 | ---- | C] () -- C:\scu.dat [2012.11.03 10:42:05 | 000,001,240 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg [2012.11.02 09:42:13 | 000,003,676 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg [2012.10.31 23:25:09 | 000,211,210 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg [2012.10.31 23:20:38 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.24 13:34:12 | 000,086,016 | RHS- | C] () -- C:\Windows\System32\eappprxyz.dll [2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.11.11 17:50:03 | 000,036,352 | ---- | C] () -- C:\Windows\System32\uninst_Zyxel.exe [2011.11.11 17:50:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll [2011.11.11 17:50:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe [2011.11.11 17:50:03 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.dll [2011.11.04 10:43:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.11.04 10:43:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2011.11.04 10:43:00 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2011.11.04 10:42:41 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.07.29 13:36:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.07.29 13:35:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.10.29 10:55:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.16 10:34:38 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Canneverbe Limited [2012.10.31 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Dropbox [2012.11.13 11:50:12 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoft [2012.02.16 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Epson [2010.11.12 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\FrostWire [2010.09.27 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\GetRightToGo [2012.10.24 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite [2012.09.04 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\OpenOffice.org [2012.08.29 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\ProtectDISC [2011.10.18 13:32:57 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\PunkBuster [2010.09.21 10:13:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Thunderbird [2010.09.23 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > otl.extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.11.2012 16:42:32 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jrcpower\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 67,89% Memory free
12,50 Gb Paging File | 11,08 Gb Available in Paging File | 88,67% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 4,58 Gb Free Space | 14,67% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 92,43 Gb Free Space | 45,84% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 327,24 Gb Free Space | 70,28% Space Free | Partition Type: FAT32
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AAD733-6BBC-4086-B790-C1C767E2B107}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0801CF89-F964-424F-9629-B2709504A824}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0CCE81DA-FD75-45F0-AA83-10DB325ED270}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{121ED337-38B8-4DA4-A34F-9071C74B1982}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1577C8F1-37C3-49AB-88FC-C596AA836FA6}" = rport=139 | protocol=6 | dir=out | app=system |
"{22255C3A-4543-461A-A605-344C0C425097}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D6C0C1E-E7FC-42D6-A957-9384C8401D9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{348476BE-44E2-4242-9DD8-90391F630AA9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3ADD6153-6DF2-411B-910C-494FA592A391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E1C49A3-7233-4FBA-B25F-0E3DEDF6C04A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4403E5C8-0E98-4FDE-AAA0-2A2DABD3A43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47896D60-87A2-47D3-9A4A-D2B9D23C716D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49C0AB16-73E2-46D1-BCD5-15A5B8074FC9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C7C21B9-B15F-4E35-81BC-D761CBE04329}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{532684C4-A8C5-4B5F-BAC6-AD2B38FA3C6A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5A8D4C9E-8EAD-4A2E-B53B-7960FE1D1A11}" = rport=445 | protocol=6 | dir=out | app=system |
"{5CBA1931-0687-4445-AEF5-78C5CEFA4B98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{60A569F6-8102-40DA-9719-EDE5E2F71D83}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B41757F-9869-4B74-BBA2-1CE8961F9CBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E8FA48F-5769-4A8B-BEE9-10AC081EBBA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7D92A9D8-3BBA-4935-8204-3A8A12F0A8D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{877D7B32-DCC6-45F3-A840-63F190548D9D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{892A32A7-6BA3-48F0-8569-A12D6C02BF7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A4596DB-6943-4915-B008-205505144454}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9CE9092E-AE23-4F1E-812F-F53D76D93406}" = rport=137 | protocol=17 | dir=out | app=system |
"{9E1FAF71-3FC0-45EF-B7C1-5F481885F01F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F01526C-EE06-464C-95F6-0E8D5CFBBA60}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1EE8C98-E053-4957-9F19-A2C5C6F1E74B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4BEAD71-68FD-41A3-9A5E-4E7654E8C8AA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B5B618AA-9DA3-448B-B3BF-D78ABBE2AA16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B65DEEBA-828B-4980-8171-353C94C2C9BB}" = lport=138 | protocol=17 | dir=in | app=system |
"{B6A0BE88-18CC-4AAC-B85A-0A4A774D5C29}" = rport=138 | protocol=17 | dir=out | app=system |
"{BAE1CAF4-9B2E-490E-A6F9-4DC5936BD394}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C7C9F71F-3AFF-4556-A108-532FA685E2B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CB8024CE-99CA-47B3-9960-5549CBE1F00E}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{D139BF72-BED9-47A3-82ED-1CEC7C585EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF9F644C-AEB9-46F8-916E-FE94EA52FDED}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{EF2E01ED-4FBE-4B9A-B248-892A89561A99}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1B4C304-B6CC-4C0A-82E9-AE75106C8B33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4507949-3184-4CB7-B1D4-AC128F8638F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A39F57-8706-49BC-AE25-B47D8859876A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0527F5B5-CB80-4C17-92C0-297F7BD3C5F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{165040B3-D793-42E6-BF95-015C3183AC7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1ADD5FA2-4A04-44FF-AE4F-3276CB718F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1B891D0D-3877-436F-883E-ED85F6F4A533}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{201D075B-9967-422F-9C5B-8B9DEB1076C0}" = protocol=17 | dir=in | app=d:\spiele\ar\acrmp.exe |
"{2F634716-0BCC-41F4-96B6-A6257B2369C7}" = protocol=17 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe |
"{305EBC9D-0414-412A-8740-CE569937F267}" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe |
"{396CB981-09C4-4751-9E85-47694D31C877}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43F9F702-3C64-4FC2-BCE0-BD87102FA6C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49705BF8-30E8-45F2-82BB-2D5FAC4FA97A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A3D9791-4A55-46EE-9FC9-CFE4E3076DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5426D7CE-2337-42D8-94E7-B690F45EB176}" = protocol=6 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe |
"{550D288C-ECAA-4A87-A3D1-BF04E69C2303}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{570FE4B9-E6C4-4C25-BF38-61B24C5897A1}" = protocol=17 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe |
"{5E968C66-DDE5-4E6A-9AA6-7F7150CA8920}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F66AF29-A6B2-498B-9286-D446FA5866DB}" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"{63C5F4F3-FD79-45C2-8A3C-B07654A9125B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{696229D4-B28C-4982-A7BA-7768FC623CF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6B7CCA9D-931F-4735-A51D-035D58926208}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"{7A7118CC-2367-4A6B-AF95-8C9E66DA72BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{807F3CEF-DC32-4F26-9BCC-F0AA55123E24}" = protocol=6 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe |
"{811EB95F-1E4C-4D0F-96F3-211789F457FB}" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe |
"{88071B90-86FC-4A89-B8CF-4DD2B1E65A20}" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"{892412F1-9336-4CE2-BB9C-E81B38A15029}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{89C951F3-269E-40B2-947F-0EED701FED77}" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"{9367FD16-5782-4BBF-810A-DFA8F3A929B5}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe |
"{93C53593-5A3D-444A-841A-8F67F5226D30}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"{949C6887-E091-4E9D-9143-A83A46D75261}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe |
"{951F78A4-C28E-4496-AC85-1BB25B2D9694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F88BE81-B615-4725-A550-989D10F279D5}" = dir=in | app=d:\programme\itunes\itunes.exe |
"{A468E70B-F0CE-4149-81F3-70513EBE79D4}" = protocol=6 | dir=out | app=system |
"{A70F4D59-8FCB-4C4C-B747-B3DA902CB454}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B41115EB-E2B9-4572-9D7B-1B7E6D0EDDB0}" = protocol=6 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe |
"{BB98245E-92BA-464A-944D-FADD96EF2613}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C0072E90-AD95-41B7-8A72-67EA83FF45C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3AA1C41-E6CC-4C75-994B-EFD261F18F53}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"{C7E3CE35-57AF-4EBA-B85B-374853EF4BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA8070DE-47EA-4F25-AF43-501ABF4F36CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEC70105-AE4D-4AC7-A2ED-0AB13D2121A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E23C662F-1D88-41C0-B4F3-1A9168BE2C1B}" = protocol=6 | dir=in | app=d:\spiele\ar\acrmp.exe |
"{E45F4938-2EBD-44C6-855D-BA17AD8A2221}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E512A5E8-88F1-4093-A8E9-1474A66D2091}" = protocol=17 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe |
"{EEC9C7A6-98DF-48AE-ADFA-563FD903D734}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F14CD823-0F22-40C4-819B-279BA03EFF72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F42D75CA-1258-4B78-BE56-D0D50AD292A6}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"{F5AAEC62-970B-4E18-BB11-674756AD07B3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{FC5FC8F4-E523-4377-9C8B-EACEAF1A332E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FFCF59FD-4CFC-47B8-AA99-1571599A5ED6}" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"TCP Query User{14A329F8-D93B-4327-9C7A-C34F8EEF2D18}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe |
"TCP Query User{3100C982-3B2C-4925-8DC4-B9037908B753}D:\spiele\ar\acrsp.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe |
"TCP Query User{8BFD81E3-D4D3-4D42-A539-051ED5B473C4}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe |
"TCP Query User{9B13FE7E-FB60-4B5B-823E-98507F919B65}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"TCP Query User{DC44205E-9FC5-48A1-9E65-BA828CF07980}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{DE5BF792-0880-4540-A997-BFB5130FAD17}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"TCP Query User{F5D68DFE-6CF9-459C-9A42-C19C4F8E8B4A}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{00EB192D-2D9A-4808-9AA4-13C67C38DF46}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"UDP Query User{13C20B0A-D696-45BB-B8BC-B1DD26A0035F}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{2BE1E0AD-3041-43CF-98AC-4C5AD4731375}D:\spiele\ar\acrsp.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe |
"UDP Query User{3D862BFE-5B6E-4BDD-8E9F-706272CB9CB1}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"UDP Query User{85BB992B-F906-4FDE-BBD8-029F01B0E1C5}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"UDP Query User{8B5CC288-FAB7-45CF-817F-027D03985C82}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe |
"UDP Query User{E85E56C1-8707-4959-BD18-AE9337539809}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2B48B3C5-B596-4822-A148-837B11885CB5}" = Lost Horizon
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
"{95DC4B07-1FA6-36FF-5D57-D73CF3E9B504}" = AMD Fuel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{C91E0E26-FAA3-45A0-B656-02324566F960}" = Zarb in OpenOffice 4.1
"{CBDCD881-26A0-2C09-5AAF-49829727BA0F}" = AMD Drag and Drop Transcoding
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3175897-A6B7-B940-F0D7-877281892786}" = ccc-utility
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup" = DivX-Setup
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IrfanView" = IrfanView (remove only)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SopCast" = SopCast 3.5.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.11.2012 17:52:25 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9001
Error - 12.11.2012 17:52:25 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9001
Error - 12.11.2012 17:52:26 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.11.2012 17:52:26 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10000
Error - 12.11.2012 17:52:26 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10000
Error - 12.11.2012 17:52:27 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.11.2012 17:52:27 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10998
Error - 12.11.2012 17:52:27 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10998
Error - 12.11.2012 17:52:28 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.11.2012 17:52:28 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11997
Error - 12.11.2012 17:52:28 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11997
[ System Events ]
Error - 13.11.2012 12:03:21 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 14.11.2012 08:01:28 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 14.11.2012 08:01:43 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 14.11.2012 08:01:46 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description =
Error - 14.11.2012 08:01:46 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
Error - 14.11.2012 08:53:30 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 14.11.2012 08:53:43 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 14.11.2012 08:53:45 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description =
Error - 14.11.2012 08:53:45 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
Error - 14.11.2012 11:13:37 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
< End of report >
|
|
14.11.2012, 16:54
| #14 |
| | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis ICh habe die Datei nicht gefunden! die datei gibt es nur ohne den buchstaben z am schluss: also eappprxy.dll Code:
ATTFilter SHA256: b2accabdd5d8b23e502fe691c1dee4a2c0ea20edcde5b4000557579d56d411ec
SHA1: 38db296bac848eae3b23b6cd9af7980b0ef3bde2
MD5: 666e57b6b51824d1d235f80a3dd70a13
File size: 55.0 KB ( 56320 bytes )
File name: eappprxy.dll
File type: Win32 DLL
Detection ratio: 0 / 43
Analysis date: 2012-11-14 15:38:22 UTC ( 0 Minuten ago )
00
Less details
Analysis
Comments
Votes
Additional information
Antivirus Result Update
Agnitum - 20121114
AhnLab-V3 - 20121114
AntiVir - 20121114
Antiy-AVL - 20121113
Avast - 20121114
AVG - 20121114
BitDefender - 20121114
ByteHero - 20121110
CAT-QuickHeal - 20121114
ClamAV - 20121114
Commtouch - 20121114
Comodo - 20121114
DrWeb - 20121114
Emsisoft - 20121114
eSafe - 20121112
ESET-NOD32 - 20121114
F-Prot - 20121114
F-Secure - 20121114
Fortinet - 20121114
GData - 20121114
Ikarus - 20121114
Jiangmin - 20121114
K7AntiVirus - 20121114
Kaspersky - 20121114
Kingsoft - 20121112
McAfee - 20121114
McAfee-GW-Edition - 20121114
Microsoft - 20121114
Norman - 20121112
nProtect - 20121114
Panda - 20121114
PCTools - 20121114
Rising - 20121114
Sophos - 20121114
SUPERAntiSpyware - 20121114
Symantec - 20121114
TheHacker - 20121113
TotalDefense - 20121113
TrendMicro - 20121114
TrendMicro-HouseCall - 20121114
VBA32 - 20121114
VIPRE - 20121114
ViRobot - 20121114
otl.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.11.2012 16:42:32 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jrcpower\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 67,89% Memory free 12,50 Gb Paging File | 11,08 Gb Available in Paging File | 88,67% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 31,25 Gb Total Space | 4,58 Gb Free Space | 14,67% Space Free | Partition Type: NTFS Drive D: | 201,64 Gb Total Space | 92,43 Gb Free Space | 45,84% Space Free | Partition Type: NTFS Drive H: | 465,64 Gb Total Space | 327,24 Gb Free Space | 70,28% Space Free | Partition Type: FAT32 Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.13 16:50:18 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.11.13 16:50:15 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe PRC - [2012.10.19 02:26:06 | 001,573,584 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.06 11:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.04.06 03:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.04.06 03:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe ========== Modules (No Company Name) ========== MOD - [2012.08.17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll MOD - [2012.08.17 23:28:54 | 012,236,824 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll MOD - [2012.08.17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll MOD - [2012.08.17 23:27:36 | 000,526,872 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll MOD - [2012.08.17 23:27:35 | 000,104,984 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll MOD - [2012.08.17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll MOD - [2012.08.17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll MOD - [2012.08.17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- D:\Programme\winrar\RarExt.dll ========== Services (SafeList) ========== SRV - [2012.11.13 16:50:18 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.11.04 19:52:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.01 14:04:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.06 11:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.06 03:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Programme\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\jrcpower\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys -- (AODDriver4.01) DRV - [2012.11.13 16:50:35 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.13 16:50:35 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.11.13 16:50:34 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2012.04.06 06:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.04.06 06:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.04.06 02:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.03.05 15:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- D:\Programme\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.05.06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009.08.04 10:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2009.07.16 11:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.07.29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb) DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2005.08.16 14:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZD1211U.sys -- (ZD1211U(ZyXEL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 3F 8F F3 A8 B9 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{AA4B9C3F-7F66-4975-AB57-17B0B384B733}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=9f06e7f1-e662-426c-864c-ee449f8ce90f&apn_sauid=48D3BA67-EFE0-46E4-975B-EE8B93AB6BFC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.11 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.10.100015 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=de_NL&apn_uid=9f06e7f1-e662-426c-864c-ee449f8ce90f&apn_ptnrs=^AGY&apn_sauid=48D3BA67-EFE0-46E4-975B-EE8B93AB6BFC&apn_dtid=^YYYYYY^YY^NL&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.04 10:36:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.04 10:37:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 09:54:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M] [2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions [2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.13 16:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions [2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2011.04.18 13:00:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com [2011.04.18 13:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com-trash [2012.11.03 13:40:02 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\toolbar@ask.com [2012.08.06 16:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js [2012.11.14 13:13:09 | 000,002,413 | ---- | M] () -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\searchplugins\askcom.xml [2012.11.03 10:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.09.04 10:36:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2011.10.18 20:03:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.18 20:03:30 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.18 20:03:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.18 20:03:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.18 20:03:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\Itunes\Mozilla Plugins\npitunes.dll CHR - Extension: Avira Toolbar = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.10.29869_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012.11.12 15:17:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{503B3F7C-5DDB-480B-A91E-701861BD2437}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C55F52-4B89-4B02-B6C4-356AC4DEE8DD}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 16:14:45 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2012.11.14 13:50:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2012.11.14 13:50:55 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2012.11.14 13:50:55 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys [2012.11.14 13:50:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2012.11.14 13:50:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll [2012.11.14 13:50:54 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2012.11.14 13:50:54 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2012.11.14 13:50:54 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2012.11.14 13:50:54 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll [2012.11.14 13:50:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll [2012.11.14 13:50:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2012.11.14 13:50:54 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2012.11.14 13:50:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2012.11.14 13:50:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2012.11.14 13:50:54 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2012.11.14 13:46:27 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.14 13:46:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.14 13:46:03 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.14 13:46:02 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.14 13:46:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.14 13:45:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.14 13:45:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.14 13:45:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.14 13:45:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.14 13:45:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.14 13:45:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.14 13:45:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.14 13:45:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.14 13:45:13 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.11.14 13:09:25 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.14 13:09:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.14 13:09:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.14 13:09:22 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.14 13:09:20 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.14 13:09:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.14 13:09:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.11.12 15:19:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.12 15:19:13 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\temp [2012.11.12 15:12:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.12 15:12:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.12 15:12:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.12 15:05:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.12 15:05:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.12 13:58:08 | 005,000,730 | R--- | C] (Swearware) -- C:\Users\jrcpower\Desktop\ComboFix.exe [2012.11.06 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Macromedia [2012.11.04 19:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\OnlineFotoservice [2012.11.04 19:29:14 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.03 14:31:00 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Diagnostics [2012.11.03 13:41:36 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Avira [2012.11.03 13:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.03 13:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.11.03 13:39:11 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\APN [2012.11.03 13:38:59 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.03 13:38:59 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.03 13:38:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.03 13:38:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.11.03 13:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.11.03 10:45:20 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris [2012.11.03 10:31:54 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.01 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\MigWiz [2012.11.01 14:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.11.01 13:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe [2012.10.31 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.10.31 23:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.31 22:42:44 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.10.29 17:56:42 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.29 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Downloaded Installations [2012.10.29 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Malwarebytes [2012.10.29 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.29 17:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.29 17:19:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.24 23:36:18 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\ElevatedDiagnostics [2012.10.24 12:34:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite [2012.09.12 14:46:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx ========== Files - Modified Within 30 Days ========== [2012.11.14 16:14:43 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.14 16:13:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.14 16:13:38 | 000,000,440 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.11.14 13:58:40 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 13:58:40 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 13:53:29 | 000,413,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.14 13:52:49 | 2616,692,736 | -HS- | M] () -- C:\hiberfil.sys [2012.11.14 13:49:50 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.14 13:49:50 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.14 13:49:50 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.14 13:49:50 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.13 16:50:35 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.13 16:50:35 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.13 16:50:34 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.13 11:47:53 | 000,005,306 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121113_114711.reg [2012.11.12 15:17:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.12 13:58:17 | 005,000,730 | R--- | M] (Swearware) -- C:\Users\jrcpower\Desktop\ComboFix.exe [2012.11.07 20:06:24 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2012.11.07 17:25:00 | 000,302,592 | ---- | M] () -- C:\Users\jrcpower\Desktop\2j5q1n4t.exe [2012.11.04 19:52:09 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.04 19:52:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.03 13:39:30 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.03 13:10:50 | 000,001,441 | ---- | M] () -- C:\scu.dat [2012.11.03 10:42:09 | 000,001,240 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg [2012.11.02 09:42:15 | 000,003,676 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg [2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe [2012.10.31 23:26:26 | 000,211,210 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg [2012.10.31 23:20:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.24 13:34:12 | 000,086,016 | RHS- | M] () -- C:\Windows\System32\eappprxyz.dll [2012.10.18 18:59:05 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files Created - No Company Name ========== [2012.11.14 13:46:28 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 13:46:02 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.13 11:47:46 | 000,005,306 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121113_114711.reg [2012.11.12 15:12:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.12 15:12:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.12 15:12:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.12 15:12:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.12 15:12:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.07 20:07:47 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2012.11.07 17:24:59 | 000,302,592 | ---- | C] () -- C:\Users\jrcpower\Desktop\2j5q1n4t.exe [2012.11.04 19:29:15 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.03 13:39:30 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.03 11:20:46 | 000,001,441 | ---- | C] () -- C:\scu.dat [2012.11.03 10:42:05 | 000,001,240 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg [2012.11.02 09:42:13 | 000,003,676 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg [2012.10.31 23:25:09 | 000,211,210 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg [2012.10.31 23:20:38 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.24 13:34:12 | 000,086,016 | RHS- | C] () -- C:\Windows\System32\eappprxyz.dll [2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.11.11 17:50:03 | 000,036,352 | ---- | C] () -- C:\Windows\System32\uninst_Zyxel.exe [2011.11.11 17:50:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll [2011.11.11 17:50:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe [2011.11.11 17:50:03 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.dll [2011.11.04 10:43:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.11.04 10:43:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2011.11.04 10:43:00 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2011.11.04 10:42:41 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.07.29 13:36:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.07.29 13:35:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.10.29 10:55:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.16 10:34:38 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Canneverbe Limited [2012.10.31 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Dropbox [2012.11.13 11:50:12 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoft [2012.02.16 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Epson [2010.11.12 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\FrostWire [2010.09.27 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\GetRightToGo [2012.10.24 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite [2012.09.04 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\OpenOffice.org [2012.08.29 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\ProtectDISC [2011.10.18 13:32:57 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\PunkBuster [2010.09.21 10:13:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Thunderbird [2010.09.23 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > otl.extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.11.2012 16:42:32 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jrcpower\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 67,89% Memory free
12,50 Gb Paging File | 11,08 Gb Available in Paging File | 88,67% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 4,58 Gb Free Space | 14,67% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 92,43 Gb Free Space | 45,84% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 327,24 Gb Free Space | 70,28% Space Free | Partition Type: FAT32
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AAD733-6BBC-4086-B790-C1C767E2B107}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0801CF89-F964-424F-9629-B2709504A824}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0CCE81DA-FD75-45F0-AA83-10DB325ED270}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{121ED337-38B8-4DA4-A34F-9071C74B1982}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1577C8F1-37C3-49AB-88FC-C596AA836FA6}" = rport=139 | protocol=6 | dir=out | app=system |
"{22255C3A-4543-461A-A605-344C0C425097}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D6C0C1E-E7FC-42D6-A957-9384C8401D9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{348476BE-44E2-4242-9DD8-90391F630AA9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3ADD6153-6DF2-411B-910C-494FA592A391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E1C49A3-7233-4FBA-B25F-0E3DEDF6C04A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4403E5C8-0E98-4FDE-AAA0-2A2DABD3A43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47896D60-87A2-47D3-9A4A-D2B9D23C716D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49C0AB16-73E2-46D1-BCD5-15A5B8074FC9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C7C21B9-B15F-4E35-81BC-D761CBE04329}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{532684C4-A8C5-4B5F-BAC6-AD2B38FA3C6A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5A8D4C9E-8EAD-4A2E-B53B-7960FE1D1A11}" = rport=445 | protocol=6 | dir=out | app=system |
"{5CBA1931-0687-4445-AEF5-78C5CEFA4B98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{60A569F6-8102-40DA-9719-EDE5E2F71D83}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B41757F-9869-4B74-BBA2-1CE8961F9CBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E8FA48F-5769-4A8B-BEE9-10AC081EBBA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7D92A9D8-3BBA-4935-8204-3A8A12F0A8D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{877D7B32-DCC6-45F3-A840-63F190548D9D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{892A32A7-6BA3-48F0-8569-A12D6C02BF7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A4596DB-6943-4915-B008-205505144454}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9CE9092E-AE23-4F1E-812F-F53D76D93406}" = rport=137 | protocol=17 | dir=out | app=system |
"{9E1FAF71-3FC0-45EF-B7C1-5F481885F01F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F01526C-EE06-464C-95F6-0E8D5CFBBA60}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1EE8C98-E053-4957-9F19-A2C5C6F1E74B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4BEAD71-68FD-41A3-9A5E-4E7654E8C8AA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B5B618AA-9DA3-448B-B3BF-D78ABBE2AA16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B65DEEBA-828B-4980-8171-353C94C2C9BB}" = lport=138 | protocol=17 | dir=in | app=system |
"{B6A0BE88-18CC-4AAC-B85A-0A4A774D5C29}" = rport=138 | protocol=17 | dir=out | app=system |
"{BAE1CAF4-9B2E-490E-A6F9-4DC5936BD394}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C7C9F71F-3AFF-4556-A108-532FA685E2B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CB8024CE-99CA-47B3-9960-5549CBE1F00E}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{D139BF72-BED9-47A3-82ED-1CEC7C585EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF9F644C-AEB9-46F8-916E-FE94EA52FDED}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{EF2E01ED-4FBE-4B9A-B248-892A89561A99}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1B4C304-B6CC-4C0A-82E9-AE75106C8B33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4507949-3184-4CB7-B1D4-AC128F8638F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A39F57-8706-49BC-AE25-B47D8859876A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0527F5B5-CB80-4C17-92C0-297F7BD3C5F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{165040B3-D793-42E6-BF95-015C3183AC7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1ADD5FA2-4A04-44FF-AE4F-3276CB718F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1B891D0D-3877-436F-883E-ED85F6F4A533}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{201D075B-9967-422F-9C5B-8B9DEB1076C0}" = protocol=17 | dir=in | app=d:\spiele\ar\acrmp.exe |
"{2F634716-0BCC-41F4-96B6-A6257B2369C7}" = protocol=17 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe |
"{305EBC9D-0414-412A-8740-CE569937F267}" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe |
"{396CB981-09C4-4751-9E85-47694D31C877}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43F9F702-3C64-4FC2-BCE0-BD87102FA6C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49705BF8-30E8-45F2-82BB-2D5FAC4FA97A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A3D9791-4A55-46EE-9FC9-CFE4E3076DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5426D7CE-2337-42D8-94E7-B690F45EB176}" = protocol=6 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe |
"{550D288C-ECAA-4A87-A3D1-BF04E69C2303}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{570FE4B9-E6C4-4C25-BF38-61B24C5897A1}" = protocol=17 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe |
"{5E968C66-DDE5-4E6A-9AA6-7F7150CA8920}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F66AF29-A6B2-498B-9286-D446FA5866DB}" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"{63C5F4F3-FD79-45C2-8A3C-B07654A9125B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{696229D4-B28C-4982-A7BA-7768FC623CF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6B7CCA9D-931F-4735-A51D-035D58926208}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"{7A7118CC-2367-4A6B-AF95-8C9E66DA72BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{807F3CEF-DC32-4F26-9BCC-F0AA55123E24}" = protocol=6 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe |
"{811EB95F-1E4C-4D0F-96F3-211789F457FB}" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe |
"{88071B90-86FC-4A89-B8CF-4DD2B1E65A20}" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"{892412F1-9336-4CE2-BB9C-E81B38A15029}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{89C951F3-269E-40B2-947F-0EED701FED77}" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"{9367FD16-5782-4BBF-810A-DFA8F3A929B5}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe |
"{93C53593-5A3D-444A-841A-8F67F5226D30}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"{949C6887-E091-4E9D-9143-A83A46D75261}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe |
"{951F78A4-C28E-4496-AC85-1BB25B2D9694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9F88BE81-B615-4725-A550-989D10F279D5}" = dir=in | app=d:\programme\itunes\itunes.exe |
"{A468E70B-F0CE-4149-81F3-70513EBE79D4}" = protocol=6 | dir=out | app=system |
"{A70F4D59-8FCB-4C4C-B747-B3DA902CB454}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B41115EB-E2B9-4572-9D7B-1B7E6D0EDDB0}" = protocol=6 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe |
"{BB98245E-92BA-464A-944D-FADD96EF2613}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C0072E90-AD95-41B7-8A72-67EA83FF45C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3AA1C41-E6CC-4C75-994B-EFD261F18F53}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"{C7E3CE35-57AF-4EBA-B85B-374853EF4BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA8070DE-47EA-4F25-AF43-501ABF4F36CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEC70105-AE4D-4AC7-A2ED-0AB13D2121A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E23C662F-1D88-41C0-B4F3-1A9168BE2C1B}" = protocol=6 | dir=in | app=d:\spiele\ar\acrmp.exe |
"{E45F4938-2EBD-44C6-855D-BA17AD8A2221}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E512A5E8-88F1-4093-A8E9-1474A66D2091}" = protocol=17 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe |
"{EEC9C7A6-98DF-48AE-ADFA-563FD903D734}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F14CD823-0F22-40C4-819B-279BA03EFF72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F42D75CA-1258-4B78-BE56-D0D50AD292A6}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"{F5AAEC62-970B-4E18-BB11-674756AD07B3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{FC5FC8F4-E523-4377-9C8B-EACEAF1A332E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FFCF59FD-4CFC-47B8-AA99-1571599A5ED6}" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"TCP Query User{14A329F8-D93B-4327-9C7A-C34F8EEF2D18}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe |
"TCP Query User{3100C982-3B2C-4925-8DC4-B9037908B753}D:\spiele\ar\acrsp.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe |
"TCP Query User{8BFD81E3-D4D3-4D42-A539-051ED5B473C4}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe |
"TCP Query User{9B13FE7E-FB60-4B5B-823E-98507F919B65}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"TCP Query User{DC44205E-9FC5-48A1-9E65-BA828CF07980}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{DE5BF792-0880-4540-A997-BFB5130FAD17}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"TCP Query User{F5D68DFE-6CF9-459C-9A42-C19C4F8E8B4A}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{00EB192D-2D9A-4808-9AA4-13C67C38DF46}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe |
"UDP Query User{13C20B0A-D696-45BB-B8BC-B1DD26A0035F}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{2BE1E0AD-3041-43CF-98AC-4C5AD4731375}D:\spiele\ar\acrsp.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe |
"UDP Query User{3D862BFE-5B6E-4BDD-8E9F-706272CB9CB1}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe |
"UDP Query User{85BB992B-F906-4FDE-BBD8-029F01B0E1C5}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe |
"UDP Query User{8B5CC288-FAB7-45CF-817F-027D03985C82}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe |
"UDP Query User{E85E56C1-8707-4959-BD18-AE9337539809}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2B48B3C5-B596-4822-A148-837B11885CB5}" = Lost Horizon
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
"{95DC4B07-1FA6-36FF-5D57-D73CF3E9B504}" = AMD Fuel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{C91E0E26-FAA3-45A0-B656-02324566F960}" = Zarb in OpenOffice 4.1
"{CBDCD881-26A0-2C09-5AAF-49829727BA0F}" = AMD Drag and Drop Transcoding
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3175897-A6B7-B940-F0D7-877281892786}" = ccc-utility
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup" = DivX-Setup
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IrfanView" = IrfanView (remove only)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SopCast" = SopCast 3.5.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.11.2012 17:52:25 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9001
Error - 12.11.2012 17:52:25 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9001
Error - 12.11.2012 17:52:26 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.11.2012 17:52:26 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10000
Error - 12.11.2012 17:52:26 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10000
Error - 12.11.2012 17:52:27 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.11.2012 17:52:27 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10998
Error - 12.11.2012 17:52:27 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10998
Error - 12.11.2012 17:52:28 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.11.2012 17:52:28 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11997
Error - 12.11.2012 17:52:28 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11997
[ System Events ]
Error - 13.11.2012 12:03:21 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 14.11.2012 08:01:28 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 14.11.2012 08:01:43 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 14.11.2012 08:01:46 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description =
Error - 14.11.2012 08:01:46 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
Error - 14.11.2012 08:53:30 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 14.11.2012 08:53:43 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 14.11.2012 08:53:45 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description =
Error - 14.11.2012 08:53:45 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
Error - 14.11.2012 11:13:37 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description =
< End of report >
|
|
16.11.2012, 07:02
| #15 | |
| /// Helfer-Team | Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis versuche mal bitte die Datei umbennen Zitat:
Gehe in den abgesicherten modus [F8] (Link bitte unbedingt anklicken & lesen!) von windows Suche die Datei und benenne sie in einer Erweiterung von .BAD (Beispiel: eappprxyz.dll.BAD starte dein System neu berichte mir was Passiert?!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis |
| andere, anderen, beste, besten, c:\windows\system32\cmd.exe, document, funde, google, google suchergebnisse, grand theft auto, groupon, hochladen, install.exe, keine funde, klick, klicke, laufe, laufen, malwarebytes, plug-in, power, problem, schannel.dll, seite, seiten, suche, suchergebnisse, taskhost.exe, umgeleitet, umleitung, vorgehen |
.
