Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.11.2012, 13:22   #1
jrcpower
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



Hallo,
ich habe mein Problem auch schon bei anderen hier gelesen. Wenn ich mit Google Seiten suche und dann auf die Suchergebnisse klicke werde ich umgeleitet auf andere Seiten (Groupon usw,)
Hab mal Malwarebytes drüber laufen lassen. Keine Funde!
Wie soll ich jetzt am besten vorgehen?
Welche Logs soll ich hochladen?

Danke für die Hilfe
Gruß power

hier die logs.

die extras dateiOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.11.2012 13:39:53 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jrcpower\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 59,81% Memory free
12,50 Gb Paging File | 11,02 Gb Available in Paging File | 88,17% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 4,89 Gb Free Space | 15,65% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 91,93 Gb Free Space | 45,59% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 287,68 Gb Free Space | 61,78% Space Free | Partition Type: FAT32
 
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "D:\Programme\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "D:\Programme\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AAD733-6BBC-4086-B790-C1C767E2B107}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0801CF89-F964-424F-9629-B2709504A824}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0CCE81DA-FD75-45F0-AA83-10DB325ED270}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{121ED337-38B8-4DA4-A34F-9071C74B1982}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{1577C8F1-37C3-49AB-88FC-C596AA836FA6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{22255C3A-4543-461A-A605-344C0C425097}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2D6C0C1E-E7FC-42D6-A957-9384C8401D9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{348476BE-44E2-4242-9DD8-90391F630AA9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3ADD6153-6DF2-411B-910C-494FA592A391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E1C49A3-7233-4FBA-B25F-0E3DEDF6C04A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4403E5C8-0E98-4FDE-AAA0-2A2DABD3A43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47896D60-87A2-47D3-9A4A-D2B9D23C716D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{49C0AB16-73E2-46D1-BCD5-15A5B8074FC9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4C7C21B9-B15F-4E35-81BC-D761CBE04329}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{532684C4-A8C5-4B5F-BAC6-AD2B38FA3C6A}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{5A8D4C9E-8EAD-4A2E-B53B-7960FE1D1A11}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5CBA1931-0687-4445-AEF5-78C5CEFA4B98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{60A569F6-8102-40DA-9719-EDE5E2F71D83}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6B41757F-9869-4B74-BBA2-1CE8961F9CBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6E8FA48F-5769-4A8B-BEE9-10AC081EBBA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7D92A9D8-3BBA-4935-8204-3A8A12F0A8D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{877D7B32-DCC6-45F3-A840-63F190548D9D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{892A32A7-6BA3-48F0-8569-A12D6C02BF7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A4596DB-6943-4915-B008-205505144454}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9CE9092E-AE23-4F1E-812F-F53D76D93406}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9E1FAF71-3FC0-45EF-B7C1-5F481885F01F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F01526C-EE06-464C-95F6-0E8D5CFBBA60}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A1EE8C98-E053-4957-9F19-A2C5C6F1E74B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4BEAD71-68FD-41A3-9A5E-4E7654E8C8AA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B5B618AA-9DA3-448B-B3BF-D78ABBE2AA16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B65DEEBA-828B-4980-8171-353C94C2C9BB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B6A0BE88-18CC-4AAC-B85A-0A4A774D5C29}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BAE1CAF4-9B2E-490E-A6F9-4DC5936BD394}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C7C9F71F-3AFF-4556-A108-532FA685E2B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CB8024CE-99CA-47B3-9960-5549CBE1F00E}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{D139BF72-BED9-47A3-82ED-1CEC7C585EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DF9F644C-AEB9-46F8-916E-FE94EA52FDED}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{EF2E01ED-4FBE-4B9A-B248-892A89561A99}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F1B4C304-B6CC-4C0A-82E9-AE75106C8B33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F4507949-3184-4CB7-B1D4-AC128F8638F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A39F57-8706-49BC-AE25-B47D8859876A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0527F5B5-CB80-4C17-92C0-297F7BD3C5F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{165040B3-D793-42E6-BF95-015C3183AC7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1ADD5FA2-4A04-44FF-AE4F-3276CB718F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{1B891D0D-3877-436F-883E-ED85F6F4A533}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{201D075B-9967-422F-9C5B-8B9DEB1076C0}" = protocol=17 | dir=in | app=d:\spiele\ar\acrmp.exe | 
"{2F634716-0BCC-41F4-96B6-A6257B2369C7}" = protocol=17 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe | 
"{305EBC9D-0414-412A-8740-CE569937F267}" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"{396CB981-09C4-4751-9E85-47694D31C877}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{43F9F702-3C64-4FC2-BCE0-BD87102FA6C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{49705BF8-30E8-45F2-82BB-2D5FAC4FA97A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4A3D9791-4A55-46EE-9FC9-CFE4E3076DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4B864C71-5215-4EAD-8A14-698651BBC057}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe | 
"{5426D7CE-2337-42D8-94E7-B690F45EB176}" = protocol=6 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe | 
"{550D288C-ECAA-4A87-A3D1-BF04E69C2303}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{570FE4B9-E6C4-4C25-BF38-61B24C5897A1}" = protocol=17 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe | 
"{5E968C66-DDE5-4E6A-9AA6-7F7150CA8920}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5F66AF29-A6B2-498B-9286-D446FA5866DB}" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"{63C5F4F3-FD79-45C2-8A3C-B07654A9125B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{696229D4-B28C-4982-A7BA-7768FC623CF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7A7118CC-2367-4A6B-AF95-8C9E66DA72BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{807F3CEF-DC32-4F26-9BCC-F0AA55123E24}" = protocol=6 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe | 
"{811EB95F-1E4C-4D0F-96F3-211789F457FB}" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"{88071B90-86FC-4A89-B8CF-4DD2B1E65A20}" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"{892412F1-9336-4CE2-BB9C-E81B38A15029}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{89C951F3-269E-40B2-947F-0EED701FED77}" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"{9367FD16-5782-4BBF-810A-DFA8F3A929B5}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe | 
"{93C53593-5A3D-444A-841A-8F67F5226D30}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"{949C6887-E091-4E9D-9143-A83A46D75261}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe | 
"{951F78A4-C28E-4496-AC85-1BB25B2D9694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9F88BE81-B615-4725-A550-989D10F279D5}" = dir=in | app=d:\programme\itunes\itunes.exe | 
"{A468E70B-F0CE-4149-81F3-70513EBE79D4}" = protocol=6 | dir=out | app=system | 
"{A70F4D59-8FCB-4C4C-B747-B3DA902CB454}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B113F637-D35B-4A0C-BC37-BA468CDB0787}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe | 
"{B41115EB-E2B9-4572-9D7B-1B7E6D0EDDB0}" = protocol=6 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe | 
"{BB98245E-92BA-464A-944D-FADD96EF2613}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C0072E90-AD95-41B7-8A72-67EA83FF45C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C7E3CE35-57AF-4EBA-B85B-374853EF4BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CA8070DE-47EA-4F25-AF43-501ABF4F36CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CEC70105-AE4D-4AC7-A2ED-0AB13D2121A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E23C662F-1D88-41C0-B4F3-1A9168BE2C1B}" = protocol=6 | dir=in | app=d:\spiele\ar\acrmp.exe | 
"{E45F4938-2EBD-44C6-855D-BA17AD8A2221}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E512A5E8-88F1-4093-A8E9-1474A66D2091}" = protocol=17 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe | 
"{EEC9C7A6-98DF-48AE-ADFA-563FD903D734}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F14CD823-0F22-40C4-819B-279BA03EFF72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{F42D75CA-1258-4B78-BE56-D0D50AD292A6}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"{F5AAEC62-970B-4E18-BB11-674756AD07B3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{FC5FC8F4-E523-4377-9C8B-EACEAF1A332E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FFCF59FD-4CFC-47B8-AA99-1571599A5ED6}" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"TCP Query User{14A329F8-D93B-4327-9C7A-C34F8EEF2D18}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"TCP Query User{3100C982-3B2C-4925-8DC4-B9037908B753}D:\spiele\ar\acrsp.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"TCP Query User{8BFD81E3-D4D3-4D42-A539-051ED5B473C4}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"TCP Query User{9B13FE7E-FB60-4B5B-823E-98507F919B65}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"TCP Query User{DC44205E-9FC5-48A1-9E65-BA828CF07980}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"TCP Query User{DE5BF792-0880-4540-A997-BFB5130FAD17}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"TCP Query User{F5D68DFE-6CF9-459C-9A42-C19C4F8E8B4A}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe | 
"UDP Query User{00EB192D-2D9A-4808-9AA4-13C67C38DF46}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"UDP Query User{13C20B0A-D696-45BB-B8BC-B1DD26A0035F}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe | 
"UDP Query User{2BE1E0AD-3041-43CF-98AC-4C5AD4731375}D:\spiele\ar\acrsp.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"UDP Query User{3D862BFE-5B6E-4BDD-8E9F-706272CB9CB1}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"UDP Query User{85BB992B-F906-4FDE-BBD8-029F01B0E1C5}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"UDP Query User{8B5CC288-FAB7-45CF-817F-027D03985C82}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"UDP Query User{E85E56C1-8707-4959-BD18-AE9337539809}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2B48B3C5-B596-4822-A148-837B11885CB5}" = Lost Horizon
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
"{95DC4B07-1FA6-36FF-5D57-D73CF3E9B504}" = AMD Fuel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{C91E0E26-FAA3-45A0-B656-02324566F960}" = Zarb in OpenOffice 4.1
"{CBDCD881-26A0-2C09-5AAF-49829727BA0F}" = AMD Drag and Drop Transcoding
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3175897-A6B7-B940-F0D7-877281892786}" = ccc-utility
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IrfanView" = IrfanView (remove only)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SopCast" = SopCast 3.5.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.10.2012 23:11:45 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14087
 
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = ESENT | ID = 455
Description = Windows (2608) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS003D0.log.
 
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 7010
Description = 
 
[ System Events ]
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 01.11.2012 03:58:59 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 01.11.2012 05:21:35 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 01.11.2012 05:21:50 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 01.11.2012 05:21:50 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
Error - 01.11.2012 05:21:49 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 01.11.2012 07:52:47 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 01.11.2012 07:53:03 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 01.11.2012 07:53:06 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 01.11.2012 07:53:06 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
 
< End of report >
         
--- --- ---

hier die otl dateiOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.11.2012 13:39:53 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jrcpower\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 59,81% Memory free
12,50 Gb Paging File | 11,02 Gb Available in Paging File | 88,17% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 4,89 Gb Free Space | 15,65% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 91,93 Gb Free Space | 45,59% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 287,68 Gb Free Space | 61,78% Space Free | Partition Type: FAT32
 
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\jrcpower\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - D:\Programme\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Programme\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Programme\Mozilla Firefox\js3250.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - D:\Programme\winrar\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AMD FUEL Service) -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Programme\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AODDriver4.1) -- D:\Programme\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (EverestDriver) -- D:\Programme\EVEREST Home Edition\kerneld.wnt ()
DRV - (ZD1211U(ZyXEL) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 5E 3F 57 AD 55 CB 01  [binary data]
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\SearchScopes,DefaultScope = $currentSearchProvider
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8ED79CB93711742258EEFB508EB1445D&q={searchTerms}
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.11
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28
FF - prefs.js..keyword.URL: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=8ED79CB93711742258EEFB508EB1445D&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.04 10:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.04 10:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 09:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.04 10:37:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.09.04 10:37:37 | 000,000,000 | ---D | M]
 
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.16 14:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.10.31 21:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions
[2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011.04.18 13:00:45 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.10.29 17:39:29 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2010.11.03 17:07:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.18 13:00:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\engine@conduit.com
[2012.10.29 17:39:34 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011.04.18 13:00:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com
[2011.04.18 13:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com-trash
[2010.09.22 20:01:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\vshare@toolbar
[2012.10.24 23:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.24 23:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.09.04 10:36:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.24 23:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.03.18 21:22:57 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2012.03.18 21:22:57 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007.04.10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2012.03.18 21:22:57 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2012.07.27 21:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2012.05.24 09:42:44 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2012.05.24 09:42:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2012.05.24 09:42:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2012.05.24 09:42:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2012.05.24 09:42:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012.05.24 09:42:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2012.05.24 09:42:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012.10.29 17:39:33 | 000,000,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2011.10.18 20:03:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.18 20:03:30 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.18 20:03:31 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011.10.18 20:03:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.18 20:03:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.18 20:03:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\Itunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programme\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{503B3F7C-5DDB-480B-A91E-701861BD2437}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C55F52-4B89-4B02-B6C4-356AC4DEE8DD}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.01 13:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe
[2012.10.31 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.31 23:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.31 22:42:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.29 17:56:42 | 000,404,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.29 17:43:24 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\LavasoftStatistics
[2012.10.29 17:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.10.29 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Downloaded Installations
[2012.10.29 17:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012.10.29 17:39:40 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\adawarebp
[2012.10.29 17:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.10.29 17:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012.10.29 17:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012.10.29 17:37:33 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Ad-Aware Antivirus
[2012.10.29 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Malwarebytes
[2012.10.29 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.29 17:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.29 17:19:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.27 15:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.26 18:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
[2012.10.24 23:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.24 23:36:18 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\ElevatedDiagnostics
[2012.10.24 12:34:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite
[2012.10.13 14:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.13 14:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.10 22:37:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 22:36:53 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.10 22:36:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.10 22:36:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 22:36:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 22:36:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 22:36:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 22:36:40 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.10 22:36:39 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.03 14:39:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\restore
[2012.10.03 14:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2012.10.03 14:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2012.10.03 14:31:36 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\Desktop\Mein CEWE FOTOBUCH
[2012.09.12 14:46:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe
[2012.11.01 12:57:52 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.01 12:57:52 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.01 12:57:06 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.01 12:57:06 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.01 12:57:06 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.01 12:57:06 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.01 12:52:45 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\CYPCPMEOI.job
[2012.11.01 12:52:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.01 12:52:36 | 2616,692,736 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.01 10:48:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294034856-2273291575-2137914815-1001UA.job
[2012.11.01 08:58:09 | 000,412,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.31 23:26:26 | 000,211,210 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg
[2012.10.31 23:20:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.29 18:48:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294034856-2273291575-2137914815-1001Core.job
[2012.10.29 17:56:42 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.27 15:55:36 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.24 13:34:12 | 000,086,016 | RHS- | M] () -- C:\Windows\System32\eappprxyz.dll
 
========== Files Created - No Company Name ==========
 
[2012.10.31 23:25:09 | 000,211,210 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg
[2012.10.31 23:20:38 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.24 13:34:12 | 000,086,016 | RHS- | C] () -- C:\Windows\System32\eappprxyz.dll
[2012.10.24 13:34:12 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\CYPCPMEOI.job
[2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.11.11 17:50:03 | 000,036,352 | ---- | C] () -- C:\Windows\System32\uninst_Zyxel.exe
[2011.11.11 17:50:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2011.11.11 17:50:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2011.11.11 17:50:03 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.dll
[2011.11.04 10:43:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.04 10:43:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011.11.04 10:43:00 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.11.04 10:42:41 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.29 13:36:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.07.29 13:35:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.11.07 09:43:12 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.11.07 09:43:12 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.10.29 10:55:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.31 22:45:49 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ad-Aware Antivirus
[2012.07.17 21:44:03 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Babylon
[2012.06.16 10:34:38 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Canneverbe Limited
[2012.10.31 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Dropbox
[2012.07.26 20:08:20 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoft
[2012.07.22 10:20:13 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.16 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Epson
[2010.11.12 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\FrostWire
[2010.09.27 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\GetRightToGo
[2012.10.24 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite
[2012.09.04 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\OpenOffice.org
[2012.08.29 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\ProtectDISC
[2011.10.18 13:32:57 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\PunkBuster
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Thunderbird
[2010.09.23 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 01.11.2012, 17:23   #2
kira
/// Helfer-Team
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Hilfeleistung - geplante Vorgehensweise:
  • Problemsuche
  • Problembeseitigung/Systembereinigung
  • Verwendete Programme deinstallieren/entfernen
  • Thema abschließen: Tipps zur Computersicherheit
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Deinstalliere:
Code:
ATTFilter
"Ad-Aware Free": jetzt läuft mit Anti-Viren-Schutz!
         
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!

Mehr AV Programme bedeutet nicht mehr Sicherheit! Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen.
Bevor du ein anderes Antivirenprogramm installierst solltest du auf jeden Fall das vorherige vollständig deinstallieren!

2.
erneut einen Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Mache Häckchen bei LOP- und Purity-Prüfung
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 02.11.2012, 09:47   #3
jrcpower
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



Ok, danke für die Antwort

Ad aware deinstalliert - komplett.

Hier die logs:
otl.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.11.2012 09:37:45 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jrcpower\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 60,32% Memory free
12,50 Gb Paging File | 11,12 Gb Available in Paging File | 88,96% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 4,84 Gb Free Space | 15,50% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 91,94 Gb Free Space | 45,59% Space Free | Partition Type: NTFS
 
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\jrcpower\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - D:\Programme\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Programme\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Avira\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll ()
MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll ()
MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll ()
MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll ()
MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll ()
MOD - C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - D:\Programme\winrar\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AMD FUEL Service) -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Programme\Avira\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AODDriver4.1) -- D:\Programme\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (EverestDriver) -- D:\Programme\EVEREST Home Edition\kerneld.wnt ()
DRV - (ZD1211U(ZyXEL) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 5E 3F 57 AD 55 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = $currentSearchProvider
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8ED79CB93711742258EEFB508EB1445D&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.11
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.2
FF - prefs.js..keyword.URL: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=8ED79CB93711742258EEFB508EB1445D&q="
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.04 10:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.04 10:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 09:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.04 10:37:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.09.04 10:37:37 | 000,000,000 | ---D | M]
 
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.02 09:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions
[2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011.04.18 13:00:45 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.11.03 17:07:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.18 13:00:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\engine@conduit.com
[2012.10.29 17:39:34 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011.04.18 13:00:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com
[2011.04.18 13:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com-trash
[2010.09.22 20:01:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\vshare@toolbar
[2012.10.24 23:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.24 23:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.09.04 10:36:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.24 23:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\JRCPOWER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1MCEEEQ.DEFAULT\EXTENSIONS\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
[2012.10.29 17:39:33 | 000,000,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2011.10.18 20:03:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.18 20:03:30 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.18 20:03:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.18 20:03:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.18 20:03:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\Itunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q File not found
O4 - HKCU..\RunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Users\jrcpower\AppData\Local\adawarebp" /s /q File not found
O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{503B3F7C-5DDB-480B-A91E-701861BD2437}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C55F52-4B89-4B02-B6C4-356AC4DEE8DD}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.01 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\MigWiz
[2012.11.01 13:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe
[2012.10.31 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.31 23:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.31 22:42:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.29 17:56:42 | 000,404,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.29 17:43:24 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\LavasoftStatistics
[2012.10.29 17:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.10.29 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Downloaded Installations
[2012.10.29 17:39:40 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\adawarebp
[2012.10.29 17:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.10.29 17:37:33 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Ad-Aware Antivirus
[2012.10.29 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Malwarebytes
[2012.10.29 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.29 17:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.29 17:19:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.27 15:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.26 18:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
[2012.10.24 23:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.24 23:36:18 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\ElevatedDiagnostics
[2012.10.24 12:34:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite
[2012.10.13 14:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.13 14:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.10 22:37:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 22:36:53 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.10 22:36:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.10 22:36:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 22:36:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 22:36:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 22:36:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 22:36:40 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.10 22:36:39 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.03 14:39:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\restore
[2012.10.03 14:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2012.10.03 14:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2012.10.03 14:31:36 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\Desktop\Mein CEWE FOTOBUCH
[2012.09.12 14:46:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.02 09:36:59 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.02 09:36:59 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.02 09:36:13 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.02 09:36:13 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.02 09:36:13 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.02 09:36:13 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.02 09:31:55 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\CYPCPMEOI.job
[2012.11.02 09:31:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.02 09:31:45 | 2616,692,736 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.01 15:48:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294034856-2273291575-2137914815-1001UA.job
[2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe
[2012.11.01 08:58:09 | 000,412,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.31 23:26:26 | 000,211,210 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg
[2012.10.31 23:20:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.29 18:48:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294034856-2273291575-2137914815-1001Core.job
[2012.10.29 17:56:42 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.27 15:55:36 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.24 13:34:12 | 000,086,016 | RHS- | M] () -- C:\Windows\System32\eappprxyz.dll
 
========== Files Created - No Company Name ==========
 
[2012.10.31 23:25:09 | 000,211,210 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg
[2012.10.31 23:20:38 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.24 13:34:12 | 000,086,016 | RHS- | C] () -- C:\Windows\System32\eappprxyz.dll
[2012.10.24 13:34:12 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\CYPCPMEOI.job
[2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.11.11 17:50:03 | 000,036,352 | ---- | C] () -- C:\Windows\System32\uninst_Zyxel.exe
[2011.11.11 17:50:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2011.11.11 17:50:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2011.11.11 17:50:03 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.dll
[2011.11.04 10:43:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.04 10:43:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011.11.04 10:43:00 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.11.04 10:42:41 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.29 13:36:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.07.29 13:35:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.11.07 09:43:12 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.11.07 09:43:12 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.10.29 10:55:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.31 22:45:49 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ad-Aware Antivirus
[2012.07.17 21:44:03 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Babylon
[2012.06.16 10:34:38 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Canneverbe Limited
[2012.10.31 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Dropbox
[2012.07.26 20:08:20 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoft
[2012.07.22 10:20:13 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.16 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Epson
[2010.11.12 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\FrostWire
[2010.09.27 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\GetRightToGo
[2012.10.24 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite
[2012.09.04 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\OpenOffice.org
[2012.08.29 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\ProtectDISC
[2011.10.18 13:32:57 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\PunkBuster
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Thunderbird
[2010.09.23 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Hier die andere Textdatei
extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.11.2012 09:37:45 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jrcpower\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 60,32% Memory free
12,50 Gb Paging File | 11,12 Gb Available in Paging File | 88,96% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 4,84 Gb Free Space | 15,50% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 91,94 Gb Free Space | 45,59% Space Free | Partition Type: NTFS
 
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "D:\Programme\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "D:\Programme\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AAD733-6BBC-4086-B790-C1C767E2B107}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0801CF89-F964-424F-9629-B2709504A824}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0CCE81DA-FD75-45F0-AA83-10DB325ED270}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{121ED337-38B8-4DA4-A34F-9071C74B1982}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{1577C8F1-37C3-49AB-88FC-C596AA836FA6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{22255C3A-4543-461A-A605-344C0C425097}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2D6C0C1E-E7FC-42D6-A957-9384C8401D9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{348476BE-44E2-4242-9DD8-90391F630AA9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3ADD6153-6DF2-411B-910C-494FA592A391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E1C49A3-7233-4FBA-B25F-0E3DEDF6C04A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4403E5C8-0E98-4FDE-AAA0-2A2DABD3A43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47896D60-87A2-47D3-9A4A-D2B9D23C716D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{49C0AB16-73E2-46D1-BCD5-15A5B8074FC9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4C7C21B9-B15F-4E35-81BC-D761CBE04329}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{532684C4-A8C5-4B5F-BAC6-AD2B38FA3C6A}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{5A8D4C9E-8EAD-4A2E-B53B-7960FE1D1A11}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5CBA1931-0687-4445-AEF5-78C5CEFA4B98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{60A569F6-8102-40DA-9719-EDE5E2F71D83}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6B41757F-9869-4B74-BBA2-1CE8961F9CBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6E8FA48F-5769-4A8B-BEE9-10AC081EBBA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7D92A9D8-3BBA-4935-8204-3A8A12F0A8D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{877D7B32-DCC6-45F3-A840-63F190548D9D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{892A32A7-6BA3-48F0-8569-A12D6C02BF7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A4596DB-6943-4915-B008-205505144454}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9CE9092E-AE23-4F1E-812F-F53D76D93406}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9E1FAF71-3FC0-45EF-B7C1-5F481885F01F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F01526C-EE06-464C-95F6-0E8D5CFBBA60}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A1EE8C98-E053-4957-9F19-A2C5C6F1E74B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4BEAD71-68FD-41A3-9A5E-4E7654E8C8AA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B5B618AA-9DA3-448B-B3BF-D78ABBE2AA16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B65DEEBA-828B-4980-8171-353C94C2C9BB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B6A0BE88-18CC-4AAC-B85A-0A4A774D5C29}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BAE1CAF4-9B2E-490E-A6F9-4DC5936BD394}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C7C9F71F-3AFF-4556-A108-532FA685E2B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CB8024CE-99CA-47B3-9960-5549CBE1F00E}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{D139BF72-BED9-47A3-82ED-1CEC7C585EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DF9F644C-AEB9-46F8-916E-FE94EA52FDED}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{EF2E01ED-4FBE-4B9A-B248-892A89561A99}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F1B4C304-B6CC-4C0A-82E9-AE75106C8B33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F4507949-3184-4CB7-B1D4-AC128F8638F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A39F57-8706-49BC-AE25-B47D8859876A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0527F5B5-CB80-4C17-92C0-297F7BD3C5F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{165040B3-D793-42E6-BF95-015C3183AC7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1ADD5FA2-4A04-44FF-AE4F-3276CB718F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{1B891D0D-3877-436F-883E-ED85F6F4A533}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{201D075B-9967-422F-9C5B-8B9DEB1076C0}" = protocol=17 | dir=in | app=d:\spiele\ar\acrmp.exe | 
"{2F634716-0BCC-41F4-96B6-A6257B2369C7}" = protocol=17 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe | 
"{305EBC9D-0414-412A-8740-CE569937F267}" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"{396CB981-09C4-4751-9E85-47694D31C877}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{43F9F702-3C64-4FC2-BCE0-BD87102FA6C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{49705BF8-30E8-45F2-82BB-2D5FAC4FA97A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4A3D9791-4A55-46EE-9FC9-CFE4E3076DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5426D7CE-2337-42D8-94E7-B690F45EB176}" = protocol=6 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe | 
"{550D288C-ECAA-4A87-A3D1-BF04E69C2303}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{570FE4B9-E6C4-4C25-BF38-61B24C5897A1}" = protocol=17 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe | 
"{5E968C66-DDE5-4E6A-9AA6-7F7150CA8920}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5F66AF29-A6B2-498B-9286-D446FA5866DB}" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"{63C5F4F3-FD79-45C2-8A3C-B07654A9125B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{696229D4-B28C-4982-A7BA-7768FC623CF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7A7118CC-2367-4A6B-AF95-8C9E66DA72BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{807F3CEF-DC32-4F26-9BCC-F0AA55123E24}" = protocol=6 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe | 
"{811EB95F-1E4C-4D0F-96F3-211789F457FB}" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"{88071B90-86FC-4A89-B8CF-4DD2B1E65A20}" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"{892412F1-9336-4CE2-BB9C-E81B38A15029}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{89C951F3-269E-40B2-947F-0EED701FED77}" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"{9367FD16-5782-4BBF-810A-DFA8F3A929B5}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe | 
"{93C53593-5A3D-444A-841A-8F67F5226D30}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"{949C6887-E091-4E9D-9143-A83A46D75261}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe | 
"{951F78A4-C28E-4496-AC85-1BB25B2D9694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9F88BE81-B615-4725-A550-989D10F279D5}" = dir=in | app=d:\programme\itunes\itunes.exe | 
"{A468E70B-F0CE-4149-81F3-70513EBE79D4}" = protocol=6 | dir=out | app=system | 
"{A70F4D59-8FCB-4C4C-B747-B3DA902CB454}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B41115EB-E2B9-4572-9D7B-1B7E6D0EDDB0}" = protocol=6 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe | 
"{BB98245E-92BA-464A-944D-FADD96EF2613}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C0072E90-AD95-41B7-8A72-67EA83FF45C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C7E3CE35-57AF-4EBA-B85B-374853EF4BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CA8070DE-47EA-4F25-AF43-501ABF4F36CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CEC70105-AE4D-4AC7-A2ED-0AB13D2121A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E23C662F-1D88-41C0-B4F3-1A9168BE2C1B}" = protocol=6 | dir=in | app=d:\spiele\ar\acrmp.exe | 
"{E45F4938-2EBD-44C6-855D-BA17AD8A2221}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E512A5E8-88F1-4093-A8E9-1474A66D2091}" = protocol=17 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe | 
"{EEC9C7A6-98DF-48AE-ADFA-563FD903D734}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F14CD823-0F22-40C4-819B-279BA03EFF72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{F42D75CA-1258-4B78-BE56-D0D50AD292A6}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"{F5AAEC62-970B-4E18-BB11-674756AD07B3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{FC5FC8F4-E523-4377-9C8B-EACEAF1A332E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FFCF59FD-4CFC-47B8-AA99-1571599A5ED6}" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"TCP Query User{14A329F8-D93B-4327-9C7A-C34F8EEF2D18}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"TCP Query User{3100C982-3B2C-4925-8DC4-B9037908B753}D:\spiele\ar\acrsp.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"TCP Query User{8BFD81E3-D4D3-4D42-A539-051ED5B473C4}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"TCP Query User{9B13FE7E-FB60-4B5B-823E-98507F919B65}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"TCP Query User{DC44205E-9FC5-48A1-9E65-BA828CF07980}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"TCP Query User{DE5BF792-0880-4540-A997-BFB5130FAD17}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"TCP Query User{F5D68DFE-6CF9-459C-9A42-C19C4F8E8B4A}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe | 
"UDP Query User{00EB192D-2D9A-4808-9AA4-13C67C38DF46}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"UDP Query User{13C20B0A-D696-45BB-B8BC-B1DD26A0035F}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe | 
"UDP Query User{2BE1E0AD-3041-43CF-98AC-4C5AD4731375}D:\spiele\ar\acrsp.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"UDP Query User{3D862BFE-5B6E-4BDD-8E9F-706272CB9CB1}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"UDP Query User{85BB992B-F906-4FDE-BBD8-029F01B0E1C5}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"UDP Query User{8B5CC288-FAB7-45CF-817F-027D03985C82}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"UDP Query User{E85E56C1-8707-4959-BD18-AE9337539809}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2B48B3C5-B596-4822-A148-837B11885CB5}" = Lost Horizon
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
"{95DC4B07-1FA6-36FF-5D57-D73CF3E9B504}" = AMD Fuel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{C91E0E26-FAA3-45A0-B656-02324566F960}" = Zarb in OpenOffice 4.1
"{CBDCD881-26A0-2C09-5AAF-49829727BA0F}" = AMD Drag and Drop Transcoding
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3175897-A6B7-B940-F0D7-877281892786}" = ccc-utility
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IrfanView" = IrfanView (remove only)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SopCast" = SopCast 3.5.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.10.2012 23:11:45 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14087
 
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = ESENT | ID = 455
Description = Windows (2608) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS003D0.log.
 
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 01.11.2012 03:58:28 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 01.11.2012 03:58:29 | Computer Name = jrcpower-PC | Source = Windows Search Service | ID = 7010
Description = 
 
[ System Events ]
Error - 01.11.2012 05:21:50 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
Error - 01.11.2012 05:21:49 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 01.11.2012 07:52:47 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 01.11.2012 07:53:03 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 01.11.2012 07:53:06 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 01.11.2012 07:53:06 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
Error - 02.11.2012 04:31:56 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 02.11.2012 04:32:12 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 02.11.2012 04:32:16 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 02.11.2012 04:32:16 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
 
< End of report >
         
--- --- ---

[/code]

und zu guter letzt: die textdatei vom ccleaner

Code:
ATTFilter
BYY FineReader 9.0 Sprint	ABBYY	15.02.2012		9.01.513.58212
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	29.10.2012	6,00MB	10.3.183.29
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	04.09.2012	118MB	10.1.4
AMD Catalyst Install Manager	Advanced Micro Devices, Inc.	02.10.2012	20,2MB	8.0.881.0
Apple Application Support	Apple Inc.	24.05.2012	61,0MB	2.1.7
Apple Mobile Device Support	Apple Inc.	24.05.2012	24,3MB	5.1.1.4
Apple Software Update	Apple Inc.	22.04.2012	2,38MB	2.1.3.127
Assassin's Creed Revelations	Ubisoft	19.12.2011		1.01
Avira Free Antivirus	Avira	12.09.2012	124MB	12.0.0.1199
Batman: Arkham Asylum	Eidos Interactive Limited	03.08.2012		1.0.0.0
Batman: Arkham City™	WB Games	27.11.2011		1.0.0000.131
Bonjour	Apple Inc.	24.05.2012	1,02MB	3.0.0.10
CCleaner	Piriform	24.10.2012		3.24
CDBurnerXP	CDBurnerXP	16.06.2012	12,1MB	4.4.1.3184
DivX-Setup	DivX, LLC	25.06.2012		2.6.1.9
Dropbox	Dropbox, Inc.	02.06.2012		1.4.7
EA Download Manager UI	Electronic Arts	23.09.2010		6.0.4.124
EVEREST Home Edition v2.20	Lavalys Inc	20.08.2012		2.20
Free YouTube Download version 3.1.31.706	DVDVideoSoft Ltd.	22.07.2012	87,1MB	3.1.31.706
Free YouTube to MP3 Converter version 3.8	DVDVideoSoft Limited.	03.11.2010	32,0MB	
FUSSBALL MANAGER 12	Electronic Arts	21.03.2012	6,56GB	1.0.0.3
Google Chrome	Google Inc.	03.10.2010		21.0.1180.83
Grand Theft Auto IV	Rockstar Games	29.10.2010		1.00.0000
HotPotatoes v 6.3.0.4	HalfBaked	12.09.2012		
IrfanView (remove only)	Irfan Skiljan	01.11.2012	1,50MB	4.32
iTunes	Apple Inc.	24.05.2012	156MB	10.6.1.7
Java(TM) 6 Update 37	Oracle	09.09.2012	95,7MB	6.0.370
Logitech Touch Mouse Server 1.0	Logitech Inc.	05.06.2012		1.0
Lost Horizon	Deep Silver	29.08.2012		1.00
Malwarebytes Anti-Malware Version 1.65.1.1000	Malwarebytes Corporation	29.10.2012	19,4MB	1.65.1.1000
Mein CEWE FOTOBUCH	CEWE COLOR AG u Co. OHG	31.10.2012	238MB	4.8.5
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	21.09.2010	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	21.09.2010	2,93MB	4.0.30319
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	21.02.2012	31,3MB	3.5.92.0
Microsoft Games for Windows Marketplace	Microsoft Corporation	27.11.2011	6,03MB	3.5.50.0
Microsoft Primary Interoperability Assemblies 2005	Microsoft Corporation	04.10.2010	7,71MB	8.0.50727.42
Microsoft Silverlight	Microsoft Corporation	03.09.2012	83,0MB	5.1.10411.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	26.01.2012	252KB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	03.08.2012	2,38MB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	02.11.2011	234KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	04.10.2010	240KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	16.09.2010	596KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	27.11.2011	1,19MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	14.05.2012	12,2MB	10.0.40219
Mozilla Maintenance Service	Mozilla	13.10.2012	216KB	16.0.1
Mozilla Thunderbird 16.0.1 (x86 de)	Mozilla	13.10.2012	42,1MB	16.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	11.10.2010	35,0KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	11.10.2010	1,33MB	4.20.9876.0
NVIDIA PhysX	NVIDIA Corporation	03.08.2012	120MB	9.09.0814
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH	29.08.2012		11.0.0.14
QuickTime	Apple Inc.	24.05.2012	73,2MB	7.72.80.56
Rockstar Games Social Club	Rockstar Games	29.10.2010		1.00.0000
Skype Toolbars	Skype Technologies S.A.	29.10.2010	7,83MB	5.0.4126
Skype™ 5.10	Skype Technologies S.A.	16.08.2012	36,2MB	5.10.116
SopCast 3.5.0	www.sopcast.com	04.03.2012		3.5.0
Ubisoft Game Launcher	UBISOFT	23.09.2010		1.0.0.0
Uninstall 1.0.0.1		03.11.2010	10,5MB	
Windows Live ID Sign-in Assistant	Microsoft Corporation	27.11.2011	5,51MB	6.500.3165.0
Windows Media Player Firefox Plugin	Microsoft Corp	14.08.2012	296KB	1.0.0.8
WinRAR		10.11.2010		
Zarb in OpenOffice 4.1	Hans Zybura Software	12.09.2012	4,12MB	4.1
         
danke für das bearbeiten!
__________________

Alt 02.11.2012, 17:55   #4
kira
/// Helfer-Team
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



Systembereinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8ED79CB93711742258EEFB508EB1445D&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.startup.homepage: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.2
FF - prefs.js..keyword.URL: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=8ED79CB93711742258EEFB508EB1445D&q="
[2011.04.18 13:00:45 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.18 13:00:50 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\engine@conduit.com
[2012.10.29 17:39:34 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2010.09.22 20:01:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\vshare@toolbar
[2012.10.29 17:39:33 | 000,000,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found.
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q File not found
O4 - HKCU..\RunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Users\jrcpower\AppData\Local\adawarebp" /s /q File not found
O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found

:Files
C:\Users\jrcpower\AppData\Roaming\LavasoftStatistics
C:\ProgramData\Lavasoft
C:\Users\jrcpower\AppData\Roaming\LavasoftStatistics
C:\ProgramData\Lavasoft
C:\Users\jrcpower\AppData\Local\adawarebp
C:\ProgramData\Ad-Aware Browsing Protection
C:\Users\jrcpower\AppData\Roaming\Ad-Aware Antivirus
C:\Users\jrcpower\AppData\Roaming\Babylon

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
alte Java Version Deinstallieren, neue installieren:
Code:
ATTFilter
Java(TM) 6 Update 37
         
Java-Version prüfen ggf aktualisieren:-> klick hier!
Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

3.
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

4.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während der Online-Scans deaktivieren:
    Anti-Virus-Programm und Firewall.
  • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
  • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
    Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
  • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
  • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.


  • .

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
  • Eset Online Scanner (NOD32)
    • Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
    • Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
    • Dein Anti-Virus-Programm während des Scans deaktivieren.
    • Button "ESET Online Scanner" drücken.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
    • Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
    • Einen Haken bei "Remove found threads" und "Scan archives" machen.
    • Start drücken.
    • Signaturen werden heruntergeladen.
    • Der Scan beginnt automatisch.
    • Wenn fertig, das Protokoll speichern und mir posten.
      -> List of found threats
      -> Export to text file
      -> Back
      -> Delete quarantäne files
    • Finish drücken.
    • Browser schließen.
    • Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
    • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

6.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 03.11.2012, 13:39   #5
jrcpower
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



hallo,

vorneweg: die probleme sind noch da.
die umleitung erfolgt weiter
und das windows sicherheitscenter lässt sich nicht aktivieren.
muss ich wohl den pc neu aufsetzen, oder?

hier noch die files /logs

eset

Code:
ATTFilter
C:\Users\jrcpower\Downloads\flash-downloader (1).exe	a variant of Win32/InstallShare.A application	cleaned by deleting - quarantined
C:\Users\jrcpower\Downloads\flash-downloader (2).exe	a variant of Win32/InstallShare.A application	cleaned by deleting - quarantined
C:\Users\jrcpower\Downloads\flash-downloader.exe	a variant of Win32/InstallShare.A application	cleaned by deleting - quarantined
H:\JRCPOWER-PC\Backup Set 2012-11-01 140804\Backup Files 2012-11-01 140804\Backup files 6.zip	a variant of Win32/InstallShare.A application	deleted - quarantined
         
otl logs

extra

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.11.2012 13:21:51 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jrcpower\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 68,54% Memory free
12,50 Gb Paging File | 11,61 Gb Available in Paging File | 92,92% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 5,17 Gb Free Space | 16,55% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 92,14 Gb Free Space | 45,70% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 310,30 Gb Free Space | 66,64% Space Free | Partition Type: FAT32
 
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "D:\Programme\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "D:\Programme\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AAD733-6BBC-4086-B790-C1C767E2B107}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0801CF89-F964-424F-9629-B2709504A824}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0CCE81DA-FD75-45F0-AA83-10DB325ED270}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{121ED337-38B8-4DA4-A34F-9071C74B1982}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{1577C8F1-37C3-49AB-88FC-C596AA836FA6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{22255C3A-4543-461A-A605-344C0C425097}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2D6C0C1E-E7FC-42D6-A957-9384C8401D9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{348476BE-44E2-4242-9DD8-90391F630AA9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3ADD6153-6DF2-411B-910C-494FA592A391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E1C49A3-7233-4FBA-B25F-0E3DEDF6C04A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4403E5C8-0E98-4FDE-AAA0-2A2DABD3A43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47896D60-87A2-47D3-9A4A-D2B9D23C716D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{49C0AB16-73E2-46D1-BCD5-15A5B8074FC9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4C7C21B9-B15F-4E35-81BC-D761CBE04329}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{532684C4-A8C5-4B5F-BAC6-AD2B38FA3C6A}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{5A8D4C9E-8EAD-4A2E-B53B-7960FE1D1A11}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5CBA1931-0687-4445-AEF5-78C5CEFA4B98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{60A569F6-8102-40DA-9719-EDE5E2F71D83}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6B41757F-9869-4B74-BBA2-1CE8961F9CBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6E8FA48F-5769-4A8B-BEE9-10AC081EBBA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7D92A9D8-3BBA-4935-8204-3A8A12F0A8D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{877D7B32-DCC6-45F3-A840-63F190548D9D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{892A32A7-6BA3-48F0-8569-A12D6C02BF7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A4596DB-6943-4915-B008-205505144454}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9CE9092E-AE23-4F1E-812F-F53D76D93406}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9E1FAF71-3FC0-45EF-B7C1-5F481885F01F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F01526C-EE06-464C-95F6-0E8D5CFBBA60}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A1EE8C98-E053-4957-9F19-A2C5C6F1E74B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4BEAD71-68FD-41A3-9A5E-4E7654E8C8AA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B5B618AA-9DA3-448B-B3BF-D78ABBE2AA16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B65DEEBA-828B-4980-8171-353C94C2C9BB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B6A0BE88-18CC-4AAC-B85A-0A4A774D5C29}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BAE1CAF4-9B2E-490E-A6F9-4DC5936BD394}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C7C9F71F-3AFF-4556-A108-532FA685E2B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CB8024CE-99CA-47B3-9960-5549CBE1F00E}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{D139BF72-BED9-47A3-82ED-1CEC7C585EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DF9F644C-AEB9-46F8-916E-FE94EA52FDED}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{EF2E01ED-4FBE-4B9A-B248-892A89561A99}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F1B4C304-B6CC-4C0A-82E9-AE75106C8B33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F4507949-3184-4CB7-B1D4-AC128F8638F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A39F57-8706-49BC-AE25-B47D8859876A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0527F5B5-CB80-4C17-92C0-297F7BD3C5F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{165040B3-D793-42E6-BF95-015C3183AC7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1ADD5FA2-4A04-44FF-AE4F-3276CB718F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{1B891D0D-3877-436F-883E-ED85F6F4A533}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{201D075B-9967-422F-9C5B-8B9DEB1076C0}" = protocol=17 | dir=in | app=d:\spiele\ar\acrmp.exe | 
"{2F634716-0BCC-41F4-96B6-A6257B2369C7}" = protocol=17 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe | 
"{305EBC9D-0414-412A-8740-CE569937F267}" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"{396CB981-09C4-4751-9E85-47694D31C877}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{43F9F702-3C64-4FC2-BCE0-BD87102FA6C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{49705BF8-30E8-45F2-82BB-2D5FAC4FA97A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4A3D9791-4A55-46EE-9FC9-CFE4E3076DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5426D7CE-2337-42D8-94E7-B690F45EB176}" = protocol=6 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe | 
"{550D288C-ECAA-4A87-A3D1-BF04E69C2303}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{570FE4B9-E6C4-4C25-BF38-61B24C5897A1}" = protocol=17 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe | 
"{5E968C66-DDE5-4E6A-9AA6-7F7150CA8920}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5F66AF29-A6B2-498B-9286-D446FA5866DB}" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"{63C5F4F3-FD79-45C2-8A3C-B07654A9125B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{696229D4-B28C-4982-A7BA-7768FC623CF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6B7CCA9D-931F-4735-A51D-035D58926208}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{7A7118CC-2367-4A6B-AF95-8C9E66DA72BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{807F3CEF-DC32-4F26-9BCC-F0AA55123E24}" = protocol=6 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe | 
"{811EB95F-1E4C-4D0F-96F3-211789F457FB}" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"{88071B90-86FC-4A89-B8CF-4DD2B1E65A20}" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"{892412F1-9336-4CE2-BB9C-E81B38A15029}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{89C951F3-269E-40B2-947F-0EED701FED77}" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"{9367FD16-5782-4BBF-810A-DFA8F3A929B5}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe | 
"{93C53593-5A3D-444A-841A-8F67F5226D30}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"{949C6887-E091-4E9D-9143-A83A46D75261}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe | 
"{951F78A4-C28E-4496-AC85-1BB25B2D9694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9F88BE81-B615-4725-A550-989D10F279D5}" = dir=in | app=d:\programme\itunes\itunes.exe | 
"{A468E70B-F0CE-4149-81F3-70513EBE79D4}" = protocol=6 | dir=out | app=system | 
"{A70F4D59-8FCB-4C4C-B747-B3DA902CB454}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B41115EB-E2B9-4572-9D7B-1B7E6D0EDDB0}" = protocol=6 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe | 
"{BB98245E-92BA-464A-944D-FADD96EF2613}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C0072E90-AD95-41B7-8A72-67EA83FF45C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C3AA1C41-E6CC-4C75-994B-EFD261F18F53}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{C7E3CE35-57AF-4EBA-B85B-374853EF4BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CA8070DE-47EA-4F25-AF43-501ABF4F36CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CEC70105-AE4D-4AC7-A2ED-0AB13D2121A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E23C662F-1D88-41C0-B4F3-1A9168BE2C1B}" = protocol=6 | dir=in | app=d:\spiele\ar\acrmp.exe | 
"{E45F4938-2EBD-44C6-855D-BA17AD8A2221}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E512A5E8-88F1-4093-A8E9-1474A66D2091}" = protocol=17 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe | 
"{EEC9C7A6-98DF-48AE-ADFA-563FD903D734}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F14CD823-0F22-40C4-819B-279BA03EFF72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{F42D75CA-1258-4B78-BE56-D0D50AD292A6}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"{F5AAEC62-970B-4E18-BB11-674756AD07B3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{FC5FC8F4-E523-4377-9C8B-EACEAF1A332E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FFCF59FD-4CFC-47B8-AA99-1571599A5ED6}" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"TCP Query User{14A329F8-D93B-4327-9C7A-C34F8EEF2D18}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"TCP Query User{3100C982-3B2C-4925-8DC4-B9037908B753}D:\spiele\ar\acrsp.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"TCP Query User{8BFD81E3-D4D3-4D42-A539-051ED5B473C4}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"TCP Query User{9B13FE7E-FB60-4B5B-823E-98507F919B65}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"TCP Query User{DC44205E-9FC5-48A1-9E65-BA828CF07980}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"TCP Query User{DE5BF792-0880-4540-A997-BFB5130FAD17}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"TCP Query User{F5D68DFE-6CF9-459C-9A42-C19C4F8E8B4A}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe | 
"UDP Query User{00EB192D-2D9A-4808-9AA4-13C67C38DF46}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"UDP Query User{13C20B0A-D696-45BB-B8BC-B1DD26A0035F}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe | 
"UDP Query User{2BE1E0AD-3041-43CF-98AC-4C5AD4731375}D:\spiele\ar\acrsp.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"UDP Query User{3D862BFE-5B6E-4BDD-8E9F-706272CB9CB1}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"UDP Query User{85BB992B-F906-4FDE-BBD8-029F01B0E1C5}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"UDP Query User{8B5CC288-FAB7-45CF-817F-027D03985C82}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"UDP Query User{E85E56C1-8707-4959-BD18-AE9337539809}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2B48B3C5-B596-4822-A148-837B11885CB5}" = Lost Horizon
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
"{95DC4B07-1FA6-36FF-5D57-D73CF3E9B504}" = AMD Fuel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{C91E0E26-FAA3-45A0-B656-02324566F960}" = Zarb in OpenOffice 4.1
"{CBDCD881-26A0-2C09-5AAF-49829727BA0F}" = AMD Drag and Drop Transcoding
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3175897-A6B7-B940-F0D7-877281892786}" = ccc-utility
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IrfanView" = IrfanView (remove only)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SopCast" = SopCast 3.5.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.11.2012 22:43:46 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5024
 
Error - 02.11.2012 22:43:46 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5024
 
Error - 02.11.2012 22:43:47 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.11.2012 22:43:47 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6022
 
Error - 02.11.2012 22:43:47 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6022
 
Error - 02.11.2012 22:43:48 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.11.2012 22:43:48 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7020
 
Error - 02.11.2012 22:43:48 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020
 
Error - 02.11.2012 22:43:49 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.11.2012 22:43:49 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8019
 
Error - 02.11.2012 22:43:49 | Computer Name = jrcpower-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8019
 
[ System Events ]
Error - 03.11.2012 05:33:18 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
Error - 03.11.2012 05:33:18 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 03.11.2012 05:43:16 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 03.11.2012 05:43:31 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 03.11.2012 05:43:34 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 03.11.2012 05:43:34 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
Error - 03.11.2012 05:50:57 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 03.11.2012 05:51:05 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 03.11.2012 05:51:13 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 03.11.2012 05:51:13 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
 
< End of report >
         
--- --- ---


otl
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.11.2012 13:21:51 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jrcpower\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 68,54% Memory free
12,50 Gb Paging File | 11,61 Gb Available in Paging File | 92,92% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 5,17 Gb Free Space | 16,55% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 92,14 Gb Free Space | 45,70% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 310,30 Gb Free Space | 66,64% Space Free | Partition Type: FAT32
 
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\jrcpower\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Temp\AVSETUP_5094e86c\setup.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - D:\Programme\winrar\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AMD FUEL Service) -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AODDriver4.1) -- D:\Programme\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (EverestDriver) -- D:\Programme\EVEREST Home Edition\kerneld.wnt ()
DRV - (ZD1211U(ZyXEL) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 3F 8F F3 A8 B9 CD 01  [binary data]
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.11
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.04 10:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.04 10:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 09:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M]
 
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.03 10:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions
[2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010.11.03 17:07:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.18 13:00:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com
[2011.04.18 13:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com-trash
[2012.11.03 10:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.04 10:36:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2011.10.18 20:03:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.18 20:03:30 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.18 20:03:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.18 20:03:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.18 20:03:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\Itunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{503B3F7C-5DDB-480B-A91E-701861BD2437}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C55F52-4B89-4B02-B6C4-356AC4DEE8DD}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.03 10:45:20 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris
[2012.11.03 10:31:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.01 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\MigWiz
[2012.11.01 14:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.11.01 13:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe
[2012.10.31 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.31 23:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.31 22:42:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.29 17:56:42 | 000,404,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.29 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Downloaded Installations
[2012.10.29 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Malwarebytes
[2012.10.29 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.29 17:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.29 17:19:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.26 18:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
[2012.10.24 23:36:18 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\ElevatedDiagnostics
[2012.10.24 12:34:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite
[2012.10.13 14:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.13 14:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.10 22:37:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 22:36:53 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.10 22:36:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.10 22:36:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 22:36:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 22:36:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 22:36:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 22:36:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 22:36:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 22:36:40 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.10 22:36:39 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.09.12 14:46:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.03 13:10:50 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012.11.03 12:48:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294034856-2273291575-2137914815-1001UA.job
[2012.11.03 10:56:00 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 10:56:00 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 10:55:10 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.03 10:55:10 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.03 10:55:10 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.03 10:55:10 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.03 10:50:57 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\CYPCPMEOI.job
[2012.11.03 10:50:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.03 10:50:35 | 2616,692,736 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.03 10:42:09 | 000,001,240 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg
[2012.11.02 09:42:15 | 000,003,676 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg
[2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe
[2012.11.01 08:58:09 | 000,412,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.31 23:26:26 | 000,211,210 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg
[2012.10.31 23:20:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.29 18:48:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1294034856-2273291575-2137914815-1001Core.job
[2012.10.29 17:56:42 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.24 13:34:12 | 000,086,016 | RHS- | M] () -- C:\Windows\System32\eappprxyz.dll
 
========== Files Created - No Company Name ==========
 
[2012.11.03 11:20:46 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012.11.03 10:42:05 | 000,001,240 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg
[2012.11.02 09:42:13 | 000,003,676 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg
[2012.10.31 23:25:09 | 000,211,210 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg
[2012.10.31 23:20:38 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.24 13:34:12 | 000,086,016 | RHS- | C] () -- C:\Windows\System32\eappprxyz.dll
[2012.10.24 13:34:12 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\CYPCPMEOI.job
[2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.11.11 17:50:03 | 000,036,352 | ---- | C] () -- C:\Windows\System32\uninst_Zyxel.exe
[2011.11.11 17:50:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2011.11.11 17:50:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2011.11.11 17:50:03 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.dll
[2011.11.04 10:43:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.04 10:43:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011.11.04 10:43:00 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.11.04 10:42:41 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.29 13:36:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.07.29 13:35:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.11.07 09:43:12 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.11.07 09:43:12 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.10.29 10:55:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.06.16 10:34:38 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Canneverbe Limited
[2012.10.31 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Dropbox
[2012.07.26 20:08:20 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoft
[2012.07.22 10:20:13 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.16 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Epson
[2010.11.12 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\FrostWire
[2010.09.27 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\GetRightToGo
[2012.10.24 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite
[2012.09.04 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\OpenOffice.org
[2012.08.29 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\ProtectDISC
[2011.10.18 13:32:57 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\PunkBuster
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Thunderbird
[2010.09.23 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


hab leider die textdatei nach dem fix von otl nicht gespeichert....

danke für die hilfe

gruß


Alt 03.11.2012, 21:26   #6
kira
/// Helfer-Team
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



1.
Dir bekannt?:
Code:
ATTFilter
C:\Windows\tasks\CYPCPMEOI.job
         
unter Start> Zubehör> Systemprogramme> Aufgabenplaner
oder
unter Systemsteuerung –> System und Sicherheit –> Verwaltung den Punkt “Aufgabenplanung”
wenn nicht kannst Du löschen

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1294034856-2273291575-2137914815-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - homepage: http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

3.
Nur für 32-Bit-Systeme
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

Anleitung:-> Rootkit-Suche mit Gmer
WENN das Tool GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!

4.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
             
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.
__________________
--> Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis

Geändert von kira (03.11.2012 um 21:37 Uhr)

Alt 07.11.2012, 20:11   #7
jrcpower
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



mbr
Code:
ATTFilter
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 Disk: SAMSUNG_SP2504C rev.VT100-41 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-5 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
1 ntkrnlpa!IofCallDriver[0x82C7CBC5] -> \Device\Harddisk0\DR0[0x863D49A8]
3 CLASSPNP[0x8BF9F59E] -> ntkrnlpa!IofCallDriver[0x82C7CBC5] -> [0x86288F08]
5 ACPI[0x8B9B43D4] -> ntkrnlpa!IofCallDriver[0x82C7CBC5] -> \Device\Ide\IdeDeviceP3T1L0-5[0x85E89030]
kernel: MBR read successfully
user & kernel MBR OK
         
gmer
[code]
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-07 20:10:04
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-5 SAMSUNG_SP2504C rev.VT100-41
Running: 2j5q1n4t.exe; Driver: C:\Users\jrcpower\AppData\Local\Temp\uwddrkoc.sys


---- System - GMER 1.0.15 ----

SSDT            918E8EF6                                                                                                 ZwCreateSection
SSDT            918E8F00                                                                                                 ZwRequestWaitReplyPort
SSDT            918E8EFB                                                                                                 ZwSetContextThread
SSDT            918E8F05                                                                                                 ZwSetSecurityObject
SSDT            918E8F0A                                                                                                 ZwSystemDebugControl
SSDT            918E8E97                                                                                                 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                 82C83A49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                   82CBD4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                      82CC462C 4 Bytes  [F6, 8E, 8E, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                      82CC4988 4 Bytes  [00, 8F, 8E, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                      82CC49CC 4 Bytes  [FB, 8E, 8E, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                      82CC4A48 4 Bytes  [05, 8F, 8E, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                      82CC4A9C 4 Bytes  [0A, 8F, 8E, 91]
.text           ...                                                                                                      
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                 section is writeable [0x92021000, 0x3DBAA0, 0xE8000020]
.vmp2           C:\Windows\system32\drivers\acedrv11.sys                                                                 entry point in ".vmp2" section [0x98F9569D]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\system32\rundll32.exe[1580] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [755DFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1580] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [755DFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1580] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [755DFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1580] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [755DFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\system32\rundll32.exe[1580] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [755DFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000054                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread          System [4:1212]                                                                                          A1B04F2E

---- EOF - GMER 1.0.15 ----
         
--- --- ---


danke

Alt 07.11.2012, 20:51   #8
kira
/// Helfer-Team
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



1.
Vor dem nächsten Schritt, also bevor wir weitermachen:
Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw)
Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks
Mache das jetzt bitte!


2.
Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows 2000 (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise
  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte vorher fragen.
  • Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
    Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 12.11.2012, 15:20   #9
jrcpower
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



Combofix Logfile:

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-12.02 - jrcpower 12.11.2012  15:13:39.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3327.2470 [GMT 1:00]
ausgeführt von:: c:\users\jrcpower\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-12 bis 2012-11-12  ))))))))))))))))))))))))))))))
.
.
2012-11-12 14:17 . 2012-11-12 14:18	--------	d-----w-	c:\users\jrcpower\AppData\Local\temp
2012-11-07 19:07 . 2012-11-07 19:06	89088	----a-w-	c:\windows\system32\mbr.exe
2012-11-06 17:26 . 2012-11-06 17:26	--------	d-----w-	c:\users\jrcpower\AppData\Local\Macromedia
2012-11-04 18:46 . 2012-11-04 18:46	--------	d-----w-	c:\program files\OnlineFotoservice
2012-11-04 18:29 . 2012-11-04 18:52	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-03 13:31 . 2012-11-03 13:32	--------	d-----w-	c:\users\jrcpower\AppData\Local\Diagnostics
2012-11-03 12:41 . 2012-11-03 12:41	--------	d-----w-	c:\users\jrcpower\AppData\Roaming\Avira
2012-11-03 12:39 . 2012-11-03 12:39	--------	d-----w-	c:\program files\Ask.com
2012-11-03 12:39 . 2012-11-03 12:39	--------	d-----w-	c:\users\jrcpower\AppData\Local\APN
2012-11-03 12:38 . 2012-10-04 11:07	133824	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-11-03 12:38 . 2012-09-24 08:58	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-03 12:38 . 2012-09-13 09:58	83792	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-03 12:38 . 2012-11-03 12:38	--------	d-----w-	c:\program files\Avira
2012-11-03 09:31 . 2012-11-03 09:31	--------	d-----w-	C:\_OTL
2012-11-01 13:09 . 2012-11-02 08:42	--------	dc----w-	c:\users\jrcpower\AppData\Local\MigWiz
2012-11-01 13:04 . 2012-11-02 08:51	--------	d-----w-	c:\program files\Mozilla Thunderbird
2012-10-31 22:20 . 2012-10-31 22:20	--------	d-----w-	c:\program files\CCleaner
2012-10-29 16:56 . 2012-11-04 18:52	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-29 16:39 . 2012-10-29 16:39	--------	d-----w-	c:\users\jrcpower\AppData\Local\Downloaded Installations
2012-10-29 16:20 . 2012-10-29 16:20	--------	d-----w-	c:\users\jrcpower\AppData\Roaming\Malwarebytes
2012-10-29 16:19 . 2012-10-29 16:19	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-29 16:19 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-24 22:36 . 2012-11-03 13:32	--------	d-----w-	c:\users\jrcpower\AppData\Local\ElevatedDiagnostics
2012-10-24 12:34 . 2012-10-24 12:34	86016	--sha-r-	c:\windows\system32\eappprxyz.dll
2012-10-24 11:34 . 2012-10-24 11:34	--------	d-----w-	c:\users\jrcpower\AppData\Roaming\K-Pacs-Lite
2012-10-23 11:46 . 2012-10-12 05:56	6918632	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B728FD8-758B-494B-83B6-FECB4816BEF3}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 13:32 . 2012-09-09 08:54	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2010-11-08 16:32	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-14 18:28 . 2012-10-10 21:37	2048	----a-w-	c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-10 21:36	1211760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-10 21:36	3914096	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 21:36	3968880	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-24 16:57 . 2012-10-10 21:37	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-08-22 17:16 . 2012-09-12 13:13	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 13:13	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 13:13	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 13:13	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 14:29	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40 . 2012-10-10 21:36	169984	----a-w-	c:\windows\system32\winsrv.dll
2012-08-20 17:40 . 2012-10-10 21:36	293376	----a-w-	c:\windows\system32\KernelBase.dll
2012-08-20 17:37 . 2012-10-10 21:36	271360	----a-w-	c:\windows\system32\conhost.exe
2012-08-20 17:32 . 2012-10-10 21:36	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 21:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 21:36	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 21:36	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 21:36	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 21:36	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2003-03-21 11:45 . 2012-09-12 13:46	250544	----a-w-	c:\program files\Common Files\keyhelp.ocx
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-19 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-19 01:26	1521872	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-19 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-19 1573584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-10-16 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZyXEL G-220 Utility GUI.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZyXEL G-220 Utility GUI.lnk
backup=c:\windows\pss\ZyXEL G-220 Utility GUI.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^jrcpower^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\jrcpower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^jrcpower^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Touch Mouse Server.lnk]
path=c:\users\jrcpower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk
backup=c:\windows\pss\Logitech Touch Mouse Server.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^jrcpower^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\jrcpower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54	91520	----a-w-	c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09	421736	----a-w-	d:\programme\ITunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56	421888	----a-w-	d:\programme\qt\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-08-06 11:44	642216	----a-w-	d:\programme\ATI.ACE\Core-Static\CLIStart.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 MBAMService;MBAMService;d:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\programme\EVEREST Home Edition\kerneld.wnt [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 ZD1211U(ZyXEL);ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL);c:\windows\system32\DRIVERS\zd1211u.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;d:\programme\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 AODDriver4.1;AODDriver4.1;d:\programme\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 MBAMScheduler;MBAMScheduler;d:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 18:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\jrcpower\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=de_NL&apn_uid=9f06e7f1-e662-426c-864c-ee449f8ce90f&apn_ptnrs=^AGY&apn_sauid=48D3BA67-EFE0-46E4-975B-EE8B93AB6BFC&apn_dtid=^YYYYYY^YY^NL&&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\d:\programme\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1294034856-2273291575-2137914815-1001\Software\SecuROM\License information*]
"datasecu"=hex:eb,9c,6f,d8,01,c6,dc,7f,db,91,cd,99,3a,97,49,47,b7,37,bc,eb,8d,
   2b,c7,f4,c7,a5,c0,0f,b9,98,7d,f4,30,e9,78,27,d9,30,05,a3,7e,ba,fd,73,b0,eb,\
"rkeysecu"=hex:5a,9a,70,98,d4,f4,4d,88,b1,95,00,ee,42,db,7f,ba
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-12  15:19:12
ComboFix-quarantined-files.txt  2012-11-12 14:19
.
Vor Suchlauf: 5.116.796.928 Bytes frei
Nach Suchlauf: 5.027.790.848 Bytes frei
.
- - End Of File - - EEB33D7A928949392005D27C6F5E3C14
         
--- --- ---

Alt 13.11.2012, 04:17   #10
kira
/// Helfer-Team
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



► sind die Probleme behoben worden?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 13.11.2012, 11:55   #11
jrcpower
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



Hallo,

die Probleme wurden behoben!
Jedoch als ich heute morgen den PC gestartet habe, waren sie wieder da.
Das Sicherheitscenter war plötzlich wieder deaktiviert und die Umleitungen waren wieder da. Gestern abend ging alles normal.
Hilft wohl nur den PC platt machen, oder?


Viele Grüße
jrc

Alt 14.11.2012, 05:03   #12
kira
/// Helfer-Team
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



1.
Datei-Überprüfung
Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen.
Prüfende Datei/en:
Code:
ATTFilter
C:\Windows\System32\eappprxyz.dll
         
  • klick auf "Choose File"
  • Lass Deinen Computer nach "" suchen
  • Wenn Du die Datei gefunden hast, klickst du sie an und auf "Scan it"
  • Sollte VirusTotal melden, dass die Datei bereits überpüft wurde ("File already analysed"), lasse sie trotzdem über den Button Reanalyse erneut prüfen.
  • Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen.
  • Wenn das Ergebnis vorliegt - markieren-> kopieren -> hier einfügen - (egal wie es aussieht - nicht auslassen, das komplette Resultat wie angezeigt da reinkopieren! - und dabei auch die Zeilen mit Namen und Größe der Datei, MD5 und SHA1 kopieren) hier posten. Solltest Du die Datei/en nicht finden oder hochladen können, dann teile uns das ebenfalls mit. Solltest Du die Datei/en nicht finden, überprüfe, ob folgende Einstellungen richtig gesetzt sind.
    ► Oder die Ergebnisse markieren mit <Strg><A>-> kopieren mit <Strg><C>-> mit <Strg><V> hier einfügen

Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:
Scanergebnisse mitsamt Dateiname!
Code:
ATTFilter
Datei  File name:
<hier kommt die Dateiname>
Submission date:
2010-10-22 03:34:01 (UTC)
Current status:
queued queued analysing finished
Result:
.....%
    
VT Community

goodware/badware
 Safety score: 100.0% 
Compact
Print results
Antivirus     Version     Last Update     Result
AhnLab-V3    2010.10.22.00    2010.10.21    -
AntiVir    7.10.13.15    2010.10.21    -
Antiy-AVL    2.0.3.7    2010.10.22    -
Authentium    5.2.0.5    2010.10.22    -
Avast    4.8.1351.0    2010.10.21    -
Avast5    5.0.594.0    2010.10.21    -
usw........

...werden geprüft v. mehr wie 40 Online Virus Scanner...also Geduld!!
         
Falls bei der Analyse sich herausstellt,dass die Dateien schädlich sind,lösche noch nicht,weil können unter Umständen dazu führen, dass das System nicht mehr sauber läuft[/quote]

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 14.11.2012, 16:53   #13
jrcpower
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



ICh habe die Datei nicht gefunden! die datei gibt es nur ohne den buchstaben z am schluss: also eappprxy.dll

Code:
ATTFilter
SHA256:	b2accabdd5d8b23e502fe691c1dee4a2c0ea20edcde5b4000557579d56d411ec
SHA1:	38db296bac848eae3b23b6cd9af7980b0ef3bde2
MD5:	666e57b6b51824d1d235f80a3dd70a13
File size:	55.0 KB ( 56320 bytes )
File name:	eappprxy.dll
File type:	Win32 DLL
Detection ratio:	0 / 43
Analysis date:	 2012-11-14 15:38:22 UTC ( 0 Minuten ago ) 
00
Less details
Analysis
Comments
Votes
Additional information
Antivirus	Result	Update
Agnitum	-	20121114
AhnLab-V3	-	20121114
AntiVir	-	20121114
Antiy-AVL	-	20121113
Avast	-	20121114
AVG	-	20121114
BitDefender	-	20121114
ByteHero	-	20121110
CAT-QuickHeal	-	20121114
ClamAV	-	20121114
Commtouch	-	20121114
Comodo	-	20121114
DrWeb	-	20121114
Emsisoft	-	20121114
eSafe	-	20121112
ESET-NOD32	-	20121114
F-Prot	-	20121114
F-Secure	-	20121114
Fortinet	-	20121114
GData	-	20121114
Ikarus	-	20121114
Jiangmin	-	20121114
K7AntiVirus	-	20121114
Kaspersky	-	20121114
Kingsoft	-	20121112
McAfee	-	20121114
McAfee-GW-Edition	-	20121114
Microsoft	-	20121114
Norman	-	20121112
nProtect	-	20121114
Panda	-	20121114
PCTools	-	20121114
Rising	-	20121114
Sophos	-	20121114
SUPERAntiSpyware	-	20121114
Symantec	-	20121114
TheHacker	-	20121113
TotalDefense	-	20121113
TrendMicro	-	20121114
TrendMicro-HouseCall	-	20121114
VBA32	-	20121114
VIPRE	-	20121114
ViRobot	-	20121114
         
hier die otl logs
otl.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.11.2012 16:42:32 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jrcpower\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 67,89% Memory free
12,50 Gb Paging File | 11,08 Gb Available in Paging File | 88,67% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 4,58 Gb Free Space | 14,67% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 92,43 Gb Free Space | 45,84% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 327,24 Gb Free Space | 70,28% Space Free | Partition Type: FAT32
 
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.13 16:50:18 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.11.13 16:50:15 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe
PRC - [2012.10.19 02:26:06 | 001,573,584 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.08.06 11:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.04.06 03:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.04.06 03:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012.08.17 23:28:54 | 012,236,824 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
MOD - [2012.08.17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012.08.17 23:27:36 | 000,526,872 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll
MOD - [2012.08.17 23:27:35 | 000,104,984 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll
MOD - [2012.08.17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012.08.17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012.08.17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- D:\Programme\winrar\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.13 16:50:18 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.11.04 19:52:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.01 14:04:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.06 11:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.06 03:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Programme\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\jrcpower\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys -- (AODDriver4.01)
DRV - [2012.11.13 16:50:35 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.11.13 16:50:35 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.11.13 16:50:34 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012.04.06 06:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.04.06 06:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.04.06 02:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.03.05 15:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- D:\Programme\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.05.06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.08.04 10:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.07.16 11:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2005.08.16 14:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZD1211U.sys -- (ZD1211U(ZyXEL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 3F 8F F3 A8 B9 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{AA4B9C3F-7F66-4975-AB57-17B0B384B733}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=9f06e7f1-e662-426c-864c-ee449f8ce90f&apn_sauid=48D3BA67-EFE0-46E4-975B-EE8B93AB6BFC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.11
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.10.100015
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=de_NL&apn_uid=9f06e7f1-e662-426c-864c-ee449f8ce90f&apn_ptnrs=^AGY&apn_sauid=48D3BA67-EFE0-46E4-975B-EE8B93AB6BFC&apn_dtid=^YYYYYY^YY^NL&&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.04 10:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.04 10:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 09:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M]
 
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.13 16:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions
[2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011.04.18 13:00:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com
[2011.04.18 13:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com-trash
[2012.11.03 13:40:02 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\toolbar@ask.com
[2012.08.06 16:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js
[2012.11.14 13:13:09 | 000,002,413 | ---- | M] () -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\searchplugins\askcom.xml
[2012.11.03 10:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.04 10:36:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2011.10.18 20:03:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.18 20:03:30 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.18 20:03:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.18 20:03:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.18 20:03:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\Itunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Avira Toolbar = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.10.29869_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.11.12 15:17:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{503B3F7C-5DDB-480B-A91E-701861BD2437}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C55F52-4B89-4B02-B6C4-356AC4DEE8DD}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.14 16:14:45 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012.11.14 13:50:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012.11.14 13:50:55 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012.11.14 13:50:55 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2012.11.14 13:50:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012.11.14 13:50:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2012.11.14 13:50:54 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012.11.14 13:50:54 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012.11.14 13:50:54 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012.11.14 13:50:54 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2012.11.14 13:50:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2012.11.14 13:50:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2012.11.14 13:50:54 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2012.11.14 13:50:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012.11.14 13:50:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012.11.14 13:50:54 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2012.11.14 13:46:27 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.14 13:46:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.14 13:46:03 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.14 13:46:02 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.14 13:46:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.14 13:45:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.14 13:45:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.14 13:45:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.14 13:45:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.14 13:45:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.14 13:45:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.14 13:45:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.14 13:45:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.14 13:45:13 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.11.14 13:09:25 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.14 13:09:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.14 13:09:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.14 13:09:22 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.14 13:09:20 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.14 13:09:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.14 13:09:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.12 15:19:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.12 15:19:13 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\temp
[2012.11.12 15:12:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.12 15:12:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.12 15:12:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.12 15:05:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.12 15:05:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.12 13:58:08 | 005,000,730 | R--- | C] (Swearware) -- C:\Users\jrcpower\Desktop\ComboFix.exe
[2012.11.06 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Macromedia
[2012.11.04 19:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\OnlineFotoservice
[2012.11.04 19:29:14 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.03 14:31:00 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Diagnostics
[2012.11.03 13:41:36 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Avira
[2012.11.03 13:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.03 13:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.11.03 13:39:11 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\APN
[2012.11.03 13:38:59 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.03 13:38:59 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.03 13:38:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.11.03 13:38:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.11.03 13:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.11.03 10:45:20 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris
[2012.11.03 10:31:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.01 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\MigWiz
[2012.11.01 14:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.11.01 13:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe
[2012.10.31 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.31 23:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.31 22:42:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.29 17:56:42 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.29 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Downloaded Installations
[2012.10.29 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Malwarebytes
[2012.10.29 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.29 17:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.29 17:19:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.24 23:36:18 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\ElevatedDiagnostics
[2012.10.24 12:34:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite
[2012.09.12 14:46:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.14 16:14:43 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.14 16:13:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.14 16:13:38 | 000,000,440 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.11.14 13:58:40 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.14 13:58:40 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.14 13:53:29 | 000,413,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.14 13:52:49 | 2616,692,736 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.14 13:49:50 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.14 13:49:50 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.14 13:49:50 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.14 13:49:50 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.13 16:50:35 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.13 16:50:35 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.11.13 16:50:34 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.13 11:47:53 | 000,005,306 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121113_114711.reg
[2012.11.12 15:17:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.12 13:58:17 | 005,000,730 | R--- | M] (Swearware) -- C:\Users\jrcpower\Desktop\ComboFix.exe
[2012.11.07 20:06:24 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.11.07 17:25:00 | 000,302,592 | ---- | M] () -- C:\Users\jrcpower\Desktop\2j5q1n4t.exe
[2012.11.04 19:52:09 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.04 19:52:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.03 13:39:30 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.03 13:10:50 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012.11.03 10:42:09 | 000,001,240 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg
[2012.11.02 09:42:15 | 000,003,676 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg
[2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe
[2012.10.31 23:26:26 | 000,211,210 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg
[2012.10.31 23:20:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.24 13:34:12 | 000,086,016 | RHS- | M] () -- C:\Windows\System32\eappprxyz.dll
[2012.10.18 18:59:05 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files Created - No Company Name ==========
 
[2012.11.14 13:46:28 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 13:46:02 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.13 11:47:46 | 000,005,306 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121113_114711.reg
[2012.11.12 15:12:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.12 15:12:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.12 15:12:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.12 15:12:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.12 15:12:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.07 20:07:47 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.11.07 17:24:59 | 000,302,592 | ---- | C] () -- C:\Users\jrcpower\Desktop\2j5q1n4t.exe
[2012.11.04 19:29:15 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.03 13:39:30 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.03 11:20:46 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012.11.03 10:42:05 | 000,001,240 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg
[2012.11.02 09:42:13 | 000,003,676 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg
[2012.10.31 23:25:09 | 000,211,210 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg
[2012.10.31 23:20:38 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.24 13:34:12 | 000,086,016 | RHS- | C] () -- C:\Windows\System32\eappprxyz.dll
[2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.11.11 17:50:03 | 000,036,352 | ---- | C] () -- C:\Windows\System32\uninst_Zyxel.exe
[2011.11.11 17:50:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2011.11.11 17:50:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2011.11.11 17:50:03 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.dll
[2011.11.04 10:43:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.04 10:43:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011.11.04 10:43:00 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.11.04 10:42:41 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.29 13:36:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.07.29 13:35:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.10.29 10:55:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.06.16 10:34:38 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Canneverbe Limited
[2012.10.31 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Dropbox
[2012.11.13 11:50:12 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoft
[2012.02.16 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Epson
[2010.11.12 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\FrostWire
[2010.09.27 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\GetRightToGo
[2012.10.24 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite
[2012.09.04 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\OpenOffice.org
[2012.08.29 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\ProtectDISC
[2011.10.18 13:32:57 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\PunkBuster
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Thunderbird
[2010.09.23 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


otl.extras
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.11.2012 16:42:32 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jrcpower\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 67,89% Memory free
12,50 Gb Paging File | 11,08 Gb Available in Paging File | 88,67% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 4,58 Gb Free Space | 14,67% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 92,43 Gb Free Space | 45,84% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 327,24 Gb Free Space | 70,28% Space Free | Partition Type: FAT32
 
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AAD733-6BBC-4086-B790-C1C767E2B107}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0801CF89-F964-424F-9629-B2709504A824}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0CCE81DA-FD75-45F0-AA83-10DB325ED270}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{121ED337-38B8-4DA4-A34F-9071C74B1982}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{1577C8F1-37C3-49AB-88FC-C596AA836FA6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{22255C3A-4543-461A-A605-344C0C425097}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2D6C0C1E-E7FC-42D6-A957-9384C8401D9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{348476BE-44E2-4242-9DD8-90391F630AA9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3ADD6153-6DF2-411B-910C-494FA592A391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E1C49A3-7233-4FBA-B25F-0E3DEDF6C04A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4403E5C8-0E98-4FDE-AAA0-2A2DABD3A43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47896D60-87A2-47D3-9A4A-D2B9D23C716D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{49C0AB16-73E2-46D1-BCD5-15A5B8074FC9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4C7C21B9-B15F-4E35-81BC-D761CBE04329}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{532684C4-A8C5-4B5F-BAC6-AD2B38FA3C6A}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{5A8D4C9E-8EAD-4A2E-B53B-7960FE1D1A11}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5CBA1931-0687-4445-AEF5-78C5CEFA4B98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{60A569F6-8102-40DA-9719-EDE5E2F71D83}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6B41757F-9869-4B74-BBA2-1CE8961F9CBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6E8FA48F-5769-4A8B-BEE9-10AC081EBBA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7D92A9D8-3BBA-4935-8204-3A8A12F0A8D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{877D7B32-DCC6-45F3-A840-63F190548D9D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{892A32A7-6BA3-48F0-8569-A12D6C02BF7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A4596DB-6943-4915-B008-205505144454}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9CE9092E-AE23-4F1E-812F-F53D76D93406}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9E1FAF71-3FC0-45EF-B7C1-5F481885F01F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F01526C-EE06-464C-95F6-0E8D5CFBBA60}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A1EE8C98-E053-4957-9F19-A2C5C6F1E74B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4BEAD71-68FD-41A3-9A5E-4E7654E8C8AA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B5B618AA-9DA3-448B-B3BF-D78ABBE2AA16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B65DEEBA-828B-4980-8171-353C94C2C9BB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B6A0BE88-18CC-4AAC-B85A-0A4A774D5C29}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BAE1CAF4-9B2E-490E-A6F9-4DC5936BD394}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C7C9F71F-3AFF-4556-A108-532FA685E2B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CB8024CE-99CA-47B3-9960-5549CBE1F00E}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{D139BF72-BED9-47A3-82ED-1CEC7C585EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DF9F644C-AEB9-46F8-916E-FE94EA52FDED}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{EF2E01ED-4FBE-4B9A-B248-892A89561A99}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F1B4C304-B6CC-4C0A-82E9-AE75106C8B33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F4507949-3184-4CB7-B1D4-AC128F8638F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A39F57-8706-49BC-AE25-B47D8859876A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0527F5B5-CB80-4C17-92C0-297F7BD3C5F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{165040B3-D793-42E6-BF95-015C3183AC7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1ADD5FA2-4A04-44FF-AE4F-3276CB718F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{1B891D0D-3877-436F-883E-ED85F6F4A533}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{201D075B-9967-422F-9C5B-8B9DEB1076C0}" = protocol=17 | dir=in | app=d:\spiele\ar\acrmp.exe | 
"{2F634716-0BCC-41F4-96B6-A6257B2369C7}" = protocol=17 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe | 
"{305EBC9D-0414-412A-8740-CE569937F267}" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"{396CB981-09C4-4751-9E85-47694D31C877}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{43F9F702-3C64-4FC2-BCE0-BD87102FA6C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{49705BF8-30E8-45F2-82BB-2D5FAC4FA97A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4A3D9791-4A55-46EE-9FC9-CFE4E3076DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5426D7CE-2337-42D8-94E7-B690F45EB176}" = protocol=6 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe | 
"{550D288C-ECAA-4A87-A3D1-BF04E69C2303}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{570FE4B9-E6C4-4C25-BF38-61B24C5897A1}" = protocol=17 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe | 
"{5E968C66-DDE5-4E6A-9AA6-7F7150CA8920}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5F66AF29-A6B2-498B-9286-D446FA5866DB}" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"{63C5F4F3-FD79-45C2-8A3C-B07654A9125B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{696229D4-B28C-4982-A7BA-7768FC623CF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6B7CCA9D-931F-4735-A51D-035D58926208}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{7A7118CC-2367-4A6B-AF95-8C9E66DA72BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{807F3CEF-DC32-4F26-9BCC-F0AA55123E24}" = protocol=6 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe | 
"{811EB95F-1E4C-4D0F-96F3-211789F457FB}" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"{88071B90-86FC-4A89-B8CF-4DD2B1E65A20}" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"{892412F1-9336-4CE2-BB9C-E81B38A15029}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{89C951F3-269E-40B2-947F-0EED701FED77}" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"{9367FD16-5782-4BBF-810A-DFA8F3A929B5}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe | 
"{93C53593-5A3D-444A-841A-8F67F5226D30}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"{949C6887-E091-4E9D-9143-A83A46D75261}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe | 
"{951F78A4-C28E-4496-AC85-1BB25B2D9694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9F88BE81-B615-4725-A550-989D10F279D5}" = dir=in | app=d:\programme\itunes\itunes.exe | 
"{A468E70B-F0CE-4149-81F3-70513EBE79D4}" = protocol=6 | dir=out | app=system | 
"{A70F4D59-8FCB-4C4C-B747-B3DA902CB454}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B41115EB-E2B9-4572-9D7B-1B7E6D0EDDB0}" = protocol=6 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe | 
"{BB98245E-92BA-464A-944D-FADD96EF2613}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C0072E90-AD95-41B7-8A72-67EA83FF45C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C3AA1C41-E6CC-4C75-994B-EFD261F18F53}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{C7E3CE35-57AF-4EBA-B85B-374853EF4BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CA8070DE-47EA-4F25-AF43-501ABF4F36CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CEC70105-AE4D-4AC7-A2ED-0AB13D2121A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E23C662F-1D88-41C0-B4F3-1A9168BE2C1B}" = protocol=6 | dir=in | app=d:\spiele\ar\acrmp.exe | 
"{E45F4938-2EBD-44C6-855D-BA17AD8A2221}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E512A5E8-88F1-4093-A8E9-1474A66D2091}" = protocol=17 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe | 
"{EEC9C7A6-98DF-48AE-ADFA-563FD903D734}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F14CD823-0F22-40C4-819B-279BA03EFF72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{F42D75CA-1258-4B78-BE56-D0D50AD292A6}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"{F5AAEC62-970B-4E18-BB11-674756AD07B3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{FC5FC8F4-E523-4377-9C8B-EACEAF1A332E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FFCF59FD-4CFC-47B8-AA99-1571599A5ED6}" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"TCP Query User{14A329F8-D93B-4327-9C7A-C34F8EEF2D18}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"TCP Query User{3100C982-3B2C-4925-8DC4-B9037908B753}D:\spiele\ar\acrsp.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"TCP Query User{8BFD81E3-D4D3-4D42-A539-051ED5B473C4}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"TCP Query User{9B13FE7E-FB60-4B5B-823E-98507F919B65}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"TCP Query User{DC44205E-9FC5-48A1-9E65-BA828CF07980}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"TCP Query User{DE5BF792-0880-4540-A997-BFB5130FAD17}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"TCP Query User{F5D68DFE-6CF9-459C-9A42-C19C4F8E8B4A}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe | 
"UDP Query User{00EB192D-2D9A-4808-9AA4-13C67C38DF46}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"UDP Query User{13C20B0A-D696-45BB-B8BC-B1DD26A0035F}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe | 
"UDP Query User{2BE1E0AD-3041-43CF-98AC-4C5AD4731375}D:\spiele\ar\acrsp.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"UDP Query User{3D862BFE-5B6E-4BDD-8E9F-706272CB9CB1}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"UDP Query User{85BB992B-F906-4FDE-BBD8-029F01B0E1C5}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"UDP Query User{8B5CC288-FAB7-45CF-817F-027D03985C82}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"UDP Query User{E85E56C1-8707-4959-BD18-AE9337539809}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2B48B3C5-B596-4822-A148-837B11885CB5}" = Lost Horizon
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
"{95DC4B07-1FA6-36FF-5D57-D73CF3E9B504}" = AMD Fuel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{C91E0E26-FAA3-45A0-B656-02324566F960}" = Zarb in OpenOffice 4.1
"{CBDCD881-26A0-2C09-5AAF-49829727BA0F}" = AMD Drag and Drop Transcoding
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3175897-A6B7-B940-F0D7-877281892786}" = ccc-utility
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup" = DivX-Setup
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IrfanView" = IrfanView (remove only)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SopCast" = SopCast 3.5.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.11.2012 17:52:25 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9001
 
Error - 12.11.2012 17:52:25 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9001
 
Error - 12.11.2012 17:52:26 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.11.2012 17:52:26 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10000
 
Error - 12.11.2012 17:52:26 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10000
 
Error - 12.11.2012 17:52:27 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.11.2012 17:52:27 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10998
 
Error - 12.11.2012 17:52:27 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10998
 
Error - 12.11.2012 17:52:28 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.11.2012 17:52:28 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11997
 
Error - 12.11.2012 17:52:28 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11997
 
[ System Events ]
Error - 13.11.2012 12:03:21 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 14.11.2012 08:01:28 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 14.11.2012 08:01:43 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 14.11.2012 08:01:46 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 14.11.2012 08:01:46 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
Error - 14.11.2012 08:53:30 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 14.11.2012 08:53:43 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 14.11.2012 08:53:45 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 14.11.2012 08:53:45 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
Error - 14.11.2012 11:13:37 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
 
< End of report >
         
--- --- ---

Alt 14.11.2012, 16:54   #14
jrcpower
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



ICh habe die Datei nicht gefunden! die datei gibt es nur ohne den buchstaben z am schluss: also eappprxy.dll

Code:
ATTFilter
SHA256:	b2accabdd5d8b23e502fe691c1dee4a2c0ea20edcde5b4000557579d56d411ec
SHA1:	38db296bac848eae3b23b6cd9af7980b0ef3bde2
MD5:	666e57b6b51824d1d235f80a3dd70a13
File size:	55.0 KB ( 56320 bytes )
File name:	eappprxy.dll
File type:	Win32 DLL
Detection ratio:	0 / 43
Analysis date:	 2012-11-14 15:38:22 UTC ( 0 Minuten ago ) 
00
Less details
Analysis
Comments
Votes
Additional information
Antivirus	Result	Update
Agnitum	-	20121114
AhnLab-V3	-	20121114
AntiVir	-	20121114
Antiy-AVL	-	20121113
Avast	-	20121114
AVG	-	20121114
BitDefender	-	20121114
ByteHero	-	20121110
CAT-QuickHeal	-	20121114
ClamAV	-	20121114
Commtouch	-	20121114
Comodo	-	20121114
DrWeb	-	20121114
Emsisoft	-	20121114
eSafe	-	20121112
ESET-NOD32	-	20121114
F-Prot	-	20121114
F-Secure	-	20121114
Fortinet	-	20121114
GData	-	20121114
Ikarus	-	20121114
Jiangmin	-	20121114
K7AntiVirus	-	20121114
Kaspersky	-	20121114
Kingsoft	-	20121112
McAfee	-	20121114
McAfee-GW-Edition	-	20121114
Microsoft	-	20121114
Norman	-	20121112
nProtect	-	20121114
Panda	-	20121114
PCTools	-	20121114
Rising	-	20121114
Sophos	-	20121114
SUPERAntiSpyware	-	20121114
Symantec	-	20121114
TheHacker	-	20121113
TotalDefense	-	20121113
TrendMicro	-	20121114
TrendMicro-HouseCall	-	20121114
VBA32	-	20121114
VIPRE	-	20121114
ViRobot	-	20121114
         
hier die otl logs
otl.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.11.2012 16:42:32 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jrcpower\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 67,89% Memory free
12,50 Gb Paging File | 11,08 Gb Available in Paging File | 88,67% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 4,58 Gb Free Space | 14,67% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 92,43 Gb Free Space | 45,84% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 327,24 Gb Free Space | 70,28% Space Free | Partition Type: FAT32
 
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.13 16:50:18 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.11.13 16:50:15 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe
PRC - [2012.10.19 02:26:06 | 001,573,584 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.08.06 11:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.04.06 03:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.04.06 03:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012.08.17 23:28:54 | 012,236,824 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
MOD - [2012.08.17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012.08.17 23:27:36 | 000,526,872 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll
MOD - [2012.08.17 23:27:35 | 000,104,984 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll
MOD - [2012.08.17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012.08.17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012.08.17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- D:\Programme\winrar\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.13 16:50:18 | 000,561,952 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.11.04 19:52:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.01 14:04:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.06 11:23:08 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- D:\Programme\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.06 03:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Programme\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\jrcpower\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys -- (AODDriver4.01)
DRV - [2012.11.13 16:50:35 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.11.13 16:50:35 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.11.13 16:50:34 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012.04.06 06:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.04.06 06:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.04.06 02:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.03.05 15:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- D:\Programme\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.05.06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.08.04 10:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.07.16 11:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2005.08.16 14:50:50 | 000,278,016 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZD1211U.sys -- (ZD1211U(ZyXEL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 3F 8F F3 A8 B9 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{AA4B9C3F-7F66-4975-AB57-17B0B384B733}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=9f06e7f1-e662-426c-864c-ee449f8ce90f&apn_sauid=48D3BA67-EFE0-46E4-975B-EE8B93AB6BFC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.11
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.10.100015
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=de_NL&apn_uid=9f06e7f1-e662-426c-864c-ee449f8ce90f&apn_ptnrs=^AGY&apn_sauid=48D3BA67-EFE0-46E4-975B-EE8B93AB6BFC&apn_dtid=^YYYYYY^YY^NL&&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.04 10:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.04 10:37:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 09:54:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.01 14:04:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.01 14:04:01 | 000,000,000 | ---D | M]
 
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.13 16:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions
[2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.01.12 09:31:27 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011.04.18 13:00:44 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com
[2011.04.18 13:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\piclens@cooliris.com-trash
[2012.11.03 13:40:02 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\toolbar@ask.com
[2012.08.06 16:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js
[2012.11.14 13:13:09 | 000,002,413 | ---- | M] () -- C:\Users\jrcpower\AppData\Roaming\Mozilla\Firefox\Profiles\q1mceeeq.default\searchplugins\askcom.xml
[2012.11.03 10:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.04 10:36:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.09.04 10:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.09.04 10:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.09.09 09:54:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2011.10.18 20:03:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.18 20:03:30 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.18 20:03:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.18 20:03:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.18 20:03:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8ED79CB93711742258EEFB508EB1445D
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\jrcpower\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\Itunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Avira Toolbar = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.10.29869_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\jrcpower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.11.12 15:17:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{503B3F7C-5DDB-480B-A91E-701861BD2437}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0C55F52-4B89-4B02-B6C4-356AC4DEE8DD}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.14 16:14:45 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012.11.14 13:50:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012.11.14 13:50:55 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012.11.14 13:50:55 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2012.11.14 13:50:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012.11.14 13:50:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2012.11.14 13:50:54 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012.11.14 13:50:54 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012.11.14 13:50:54 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012.11.14 13:50:54 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2012.11.14 13:50:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2012.11.14 13:50:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2012.11.14 13:50:54 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2012.11.14 13:50:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012.11.14 13:50:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012.11.14 13:50:54 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2012.11.14 13:46:27 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.14 13:46:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.14 13:46:03 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.14 13:46:02 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.14 13:46:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.14 13:45:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.14 13:45:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.14 13:45:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.14 13:45:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.14 13:45:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.14 13:45:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.14 13:45:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.14 13:45:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.14 13:45:13 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.11.14 13:09:25 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.14 13:09:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.14 13:09:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.14 13:09:22 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.14 13:09:20 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.14 13:09:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.14 13:09:18 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.12 15:19:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.12 15:19:13 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\temp
[2012.11.12 15:12:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.12 15:12:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.12 15:12:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.12 15:05:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.12 15:05:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.12 13:58:08 | 005,000,730 | R--- | C] (Swearware) -- C:\Users\jrcpower\Desktop\ComboFix.exe
[2012.11.06 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Macromedia
[2012.11.04 19:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\OnlineFotoservice
[2012.11.04 19:29:14 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.03 14:31:00 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Diagnostics
[2012.11.03 13:41:36 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Avira
[2012.11.03 13:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.03 13:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.11.03 13:39:11 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\APN
[2012.11.03 13:38:59 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.03 13:38:59 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.03 13:38:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.11.03 13:38:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.11.03 13:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.11.03 10:45:20 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris
[2012.11.03 10:31:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.01 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\MigWiz
[2012.11.01 14:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.11.01 13:25:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe
[2012.10.31 23:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.31 23:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.31 22:42:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.29 17:56:42 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.29 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\Downloaded Installations
[2012.10.29 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\Malwarebytes
[2012.10.29 17:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.29 17:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.29 17:19:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.24 23:36:18 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Local\ElevatedDiagnostics
[2012.10.24 12:34:51 | 000,000,000 | ---D | C] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite
[2012.09.12 14:46:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.14 16:14:43 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.14 16:13:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.14 16:13:38 | 000,000,440 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.11.14 13:58:40 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.14 13:58:40 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.14 13:53:29 | 000,413,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.14 13:52:49 | 2616,692,736 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.14 13:49:50 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.14 13:49:50 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.14 13:49:50 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.14 13:49:50 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.13 16:50:35 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.13 16:50:35 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.11.13 16:50:34 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.13 11:47:53 | 000,005,306 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121113_114711.reg
[2012.11.12 15:17:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.12 13:58:17 | 005,000,730 | R--- | M] (Swearware) -- C:\Users\jrcpower\Desktop\ComboFix.exe
[2012.11.07 20:06:24 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.11.07 17:25:00 | 000,302,592 | ---- | M] () -- C:\Users\jrcpower\Desktop\2j5q1n4t.exe
[2012.11.04 19:52:09 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.04 19:52:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.03 13:39:30 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.03 13:10:50 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012.11.03 10:42:09 | 000,001,240 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg
[2012.11.02 09:42:15 | 000,003,676 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg
[2012.11.01 13:25:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jrcpower\Desktop\OTL.exe
[2012.10.31 23:26:26 | 000,211,210 | ---- | M] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg
[2012.10.31 23:20:38 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.24 13:34:12 | 000,086,016 | RHS- | M] () -- C:\Windows\System32\eappprxyz.dll
[2012.10.18 18:59:05 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files Created - No Company Name ==========
 
[2012.11.14 13:46:28 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 13:46:02 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.13 11:47:46 | 000,005,306 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121113_114711.reg
[2012.11.12 15:12:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.12 15:12:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.12 15:12:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.12 15:12:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.12 15:12:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.07 20:07:47 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.11.07 17:24:59 | 000,302,592 | ---- | C] () -- C:\Users\jrcpower\Desktop\2j5q1n4t.exe
[2012.11.04 19:29:15 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.03 13:39:30 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.03 11:20:46 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012.11.03 10:42:05 | 000,001,240 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121103_104204.reg
[2012.11.02 09:42:13 | 000,003,676 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121102_094210.reg
[2012.10.31 23:25:09 | 000,211,210 | ---- | C] () -- C:\Users\jrcpower\Documents\cc_20121031_232505.reg
[2012.10.31 23:20:38 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.24 13:34:12 | 000,086,016 | RHS- | C] () -- C:\Windows\System32\eappprxyz.dll
[2012.07.27 21:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.01.10 22:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.11.11 17:50:03 | 000,036,352 | ---- | C] () -- C:\Windows\System32\uninst_Zyxel.exe
[2011.11.11 17:50:03 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2011.11.11 17:50:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2011.11.11 17:50:03 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.dll
[2011.11.04 10:43:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.04 10:43:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011.11.04 10:43:00 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.11.04 10:42:41 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.29 13:36:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.07.29 13:35:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.10.29 10:55:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.06.16 10:34:38 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Canneverbe Limited
[2012.10.31 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Dropbox
[2012.11.13 11:50:12 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\DVDVideoSoft
[2012.02.16 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Epson
[2010.11.12 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\FrostWire
[2010.09.27 09:26:09 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\GetRightToGo
[2012.10.24 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\K-Pacs-Lite
[2012.09.04 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\OpenOffice.org
[2012.08.29 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\ProtectDISC
[2011.10.18 13:32:57 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\PunkBuster
[2010.09.21 10:13:51 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Thunderbird
[2010.09.23 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\jrcpower\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


otl.extras
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.11.2012 16:42:32 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jrcpower\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 67,89% Memory free
12,50 Gb Paging File | 11,08 Gb Available in Paging File | 88,67% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31,25 Gb Total Space | 4,58 Gb Free Space | 14,67% Space Free | Partition Type: NTFS
Drive D: | 201,64 Gb Total Space | 92,43 Gb Free Space | 45,84% Space Free | Partition Type: NTFS
Drive H: | 465,64 Gb Total Space | 327,24 Gb Free Space | 70,28% Space Free | Partition Type: FAT32
 
Computer Name: JRCPOWER-PC | User Name: jrcpower | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AAD733-6BBC-4086-B790-C1C767E2B107}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0801CF89-F964-424F-9629-B2709504A824}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0CCE81DA-FD75-45F0-AA83-10DB325ED270}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{121ED337-38B8-4DA4-A34F-9071C74B1982}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{1577C8F1-37C3-49AB-88FC-C596AA836FA6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{22255C3A-4543-461A-A605-344C0C425097}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2D6C0C1E-E7FC-42D6-A957-9384C8401D9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{348476BE-44E2-4242-9DD8-90391F630AA9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3ADD6153-6DF2-411B-910C-494FA592A391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E1C49A3-7233-4FBA-B25F-0E3DEDF6C04A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4403E5C8-0E98-4FDE-AAA0-2A2DABD3A43A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47896D60-87A2-47D3-9A4A-D2B9D23C716D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{49C0AB16-73E2-46D1-BCD5-15A5B8074FC9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4C7C21B9-B15F-4E35-81BC-D761CBE04329}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{532684C4-A8C5-4B5F-BAC6-AD2B38FA3C6A}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{5A8D4C9E-8EAD-4A2E-B53B-7960FE1D1A11}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5CBA1931-0687-4445-AEF5-78C5CEFA4B98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{60A569F6-8102-40DA-9719-EDE5E2F71D83}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6B41757F-9869-4B74-BBA2-1CE8961F9CBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6E8FA48F-5769-4A8B-BEE9-10AC081EBBA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7D92A9D8-3BBA-4935-8204-3A8A12F0A8D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{877D7B32-DCC6-45F3-A840-63F190548D9D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{892A32A7-6BA3-48F0-8569-A12D6C02BF7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A4596DB-6943-4915-B008-205505144454}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9CE9092E-AE23-4F1E-812F-F53D76D93406}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9E1FAF71-3FC0-45EF-B7C1-5F481885F01F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F01526C-EE06-464C-95F6-0E8D5CFBBA60}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A1EE8C98-E053-4957-9F19-A2C5C6F1E74B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4BEAD71-68FD-41A3-9A5E-4E7654E8C8AA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B5B618AA-9DA3-448B-B3BF-D78ABBE2AA16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B65DEEBA-828B-4980-8171-353C94C2C9BB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B6A0BE88-18CC-4AAC-B85A-0A4A774D5C29}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BAE1CAF4-9B2E-490E-A6F9-4DC5936BD394}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C7C9F71F-3AFF-4556-A108-532FA685E2B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CB8024CE-99CA-47B3-9960-5549CBE1F00E}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{D139BF72-BED9-47A3-82ED-1CEC7C585EBB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DF9F644C-AEB9-46F8-916E-FE94EA52FDED}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{EF2E01ED-4FBE-4B9A-B248-892A89561A99}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F1B4C304-B6CC-4C0A-82E9-AE75106C8B33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F4507949-3184-4CB7-B1D4-AC128F8638F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A39F57-8706-49BC-AE25-B47D8859876A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0527F5B5-CB80-4C17-92C0-297F7BD3C5F7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{165040B3-D793-42E6-BF95-015C3183AC7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1ADD5FA2-4A04-44FF-AE4F-3276CB718F37}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{1B891D0D-3877-436F-883E-ED85F6F4A533}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{201D075B-9967-422F-9C5B-8B9DEB1076C0}" = protocol=17 | dir=in | app=d:\spiele\ar\acrmp.exe | 
"{2F634716-0BCC-41F4-96B6-A6257B2369C7}" = protocol=17 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe | 
"{305EBC9D-0414-412A-8740-CE569937F267}" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"{396CB981-09C4-4751-9E85-47694D31C877}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{43F9F702-3C64-4FC2-BCE0-BD87102FA6C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{49705BF8-30E8-45F2-82BB-2D5FAC4FA97A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4A3D9791-4A55-46EE-9FC9-CFE4E3076DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5426D7CE-2337-42D8-94E7-B690F45EB176}" = protocol=6 | dir=in | app=d:\spiele\ph\rockstar games social club\rgsclauncher.exe | 
"{550D288C-ECAA-4A87-A3D1-BF04E69C2303}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{570FE4B9-E6C4-4C25-BF38-61B24C5897A1}" = protocol=17 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe | 
"{5E968C66-DDE5-4E6A-9AA6-7F7150CA8920}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5F66AF29-A6B2-498B-9286-D446FA5866DB}" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"{63C5F4F3-FD79-45C2-8A3C-B07654A9125B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{696229D4-B28C-4982-A7BA-7768FC623CF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6B7CCA9D-931F-4735-A51D-035D58926208}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{7A7118CC-2367-4A6B-AF95-8C9E66DA72BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{807F3CEF-DC32-4F26-9BCC-F0AA55123E24}" = protocol=6 | dir=in | app=d:\spiele\ar\assassinscreedrevelations.exe | 
"{811EB95F-1E4C-4D0F-96F3-211789F457FB}" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"{88071B90-86FC-4A89-B8CF-4DD2B1E65A20}" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"{892412F1-9336-4CE2-BB9C-E81B38A15029}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{89C951F3-269E-40B2-947F-0EED701FED77}" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"{9367FD16-5782-4BBF-810A-DFA8F3A929B5}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe | 
"{93C53593-5A3D-444A-841A-8F67F5226D30}" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"{949C6887-E091-4E9D-9143-A83A46D75261}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\launchgtaiv.exe | 
"{951F78A4-C28E-4496-AC85-1BB25B2D9694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9F88BE81-B615-4725-A550-989D10F279D5}" = dir=in | app=d:\programme\itunes\itunes.exe | 
"{A468E70B-F0CE-4149-81F3-70513EBE79D4}" = protocol=6 | dir=out | app=system | 
"{A70F4D59-8FCB-4C4C-B747-B3DA902CB454}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B41115EB-E2B9-4572-9D7B-1B7E6D0EDDB0}" = protocol=6 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe | 
"{BB98245E-92BA-464A-944D-FADD96EF2613}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C0072E90-AD95-41B7-8A72-67EA83FF45C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C3AA1C41-E6CC-4C75-994B-EFD261F18F53}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe | 
"{C7E3CE35-57AF-4EBA-B85B-374853EF4BED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CA8070DE-47EA-4F25-AF43-501ABF4F36CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CEC70105-AE4D-4AC7-A2ED-0AB13D2121A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E23C662F-1D88-41C0-B4F3-1A9168BE2C1B}" = protocol=6 | dir=in | app=d:\spiele\ar\acrmp.exe | 
"{E45F4938-2EBD-44C6-855D-BA17AD8A2221}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E512A5E8-88F1-4093-A8E9-1474A66D2091}" = protocol=17 | dir=in | app=d:\spiele\ba\binaries\shippingpc-bmgame.exe | 
"{EEC9C7A6-98DF-48AE-ADFA-563FD903D734}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F14CD823-0F22-40C4-819B-279BA03EFF72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{F42D75CA-1258-4B78-BE56-D0D50AD292A6}" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"{F5AAEC62-970B-4E18-BB11-674756AD07B3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{FC5FC8F4-E523-4377-9C8B-EACEAF1A332E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FFCF59FD-4CFC-47B8-AA99-1571599A5ED6}" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"TCP Query User{14A329F8-D93B-4327-9C7A-C34F8EEF2D18}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"TCP Query User{3100C982-3B2C-4925-8DC4-B9037908B753}D:\spiele\ar\acrsp.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"TCP Query User{8BFD81E3-D4D3-4D42-A539-051ED5B473C4}D:\spiele\ar\acrpr.exe" = protocol=6 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"TCP Query User{9B13FE7E-FB60-4B5B-823E-98507F919B65}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"TCP Query User{DC44205E-9FC5-48A1-9E65-BA828CF07980}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"TCP Query User{DE5BF792-0880-4540-A997-BFB5130FAD17}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"TCP Query User{F5D68DFE-6CF9-459C-9A42-C19C4F8E8B4A}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe | 
"UDP Query User{00EB192D-2D9A-4808-9AA4-13C67C38DF46}D:\spiele\arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=d:\spiele\arkham city\binaries\win32\batmanac.exe | 
"UDP Query User{13C20B0A-D696-45BB-B8BC-B1DD26A0035F}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe | 
"UDP Query User{2BE1E0AD-3041-43CF-98AC-4C5AD4731375}D:\spiele\ar\acrsp.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrsp.exe | 
"UDP Query User{3D862BFE-5B6E-4BDD-8E9F-706272CB9CB1}D:\spiele\ph\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\ph\grand theft auto iv\gtaiv.exe | 
"UDP Query User{85BB992B-F906-4FDE-BBD8-029F01B0E1C5}D:\programme\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=d:\programme\logitech touch mouse server\itouch-server-win.exe | 
"UDP Query User{8B5CC288-FAB7-45CF-817F-027D03985C82}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe | 
"UDP Query User{E85E56C1-8707-4959-BD18-AE9337539809}D:\spiele\ar\acrpr.exe" = protocol=17 | dir=in | app=d:\spiele\ar\acrpr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2B48B3C5-B596-4822-A148-837B11885CB5}" = Lost Horizon
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{57520FA0-A73E-4165-BCA2-D71000018301}" = Batman: Arkham City™
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
"{95DC4B07-1FA6-36FF-5D57-D73CF3E9B504}" = AMD Fuel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{C91E0E26-FAA3-45A0-B656-02324566F960}" = Zarb in OpenOffice 4.1
"{CBDCD881-26A0-2C09-5AAF-49829727BA0F}" = AMD Drag and Drop Transcoding
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3175897-A6B7-B940-F0D7-877281892786}" = ccc-utility
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup" = DivX-Setup
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"hotpot_is1" = HotPotatoes v 6.3.0.4
"IrfanView" = IrfanView (remove only)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SopCast" = SopCast 3.5.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.11.2012 17:52:25 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9001
 
Error - 12.11.2012 17:52:25 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9001
 
Error - 12.11.2012 17:52:26 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.11.2012 17:52:26 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10000
 
Error - 12.11.2012 17:52:26 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10000
 
Error - 12.11.2012 17:52:27 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.11.2012 17:52:27 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10998
 
Error - 12.11.2012 17:52:27 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10998
 
Error - 12.11.2012 17:52:28 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12.11.2012 17:52:28 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11997
 
Error - 12.11.2012 17:52:28 | Computer Name = JRCPOWER-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11997
 
[ System Events ]
Error - 13.11.2012 12:03:21 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 14.11.2012 08:01:28 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 14.11.2012 08:01:43 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 14.11.2012 08:01:46 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 14.11.2012 08:01:46 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
Error - 14.11.2012 08:53:30 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 14.11.2012 08:53:43 | Computer Name = jrcpower-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 14.11.2012 08:53:45 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 34001
Description = 
 
Error - 14.11.2012 08:53:45 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
Error - 14.11.2012 11:13:37 | Computer Name = jrcpower-PC | Source = ipnathlp | ID = 30013
Description = 
 
 
< End of report >
         
--- --- ---

Alt 16.11.2012, 07:02   #15
kira
/// Helfer-Team
 
Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Standard

Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis



versuche mal bitte die Datei umbennen
Zitat:
C:\Windows\System32\eappprxyz.dll
geht im normalen Modus nicht, dann im abgesicherten Modus:
Gehe in den abgesicherten modus [F8] (Link bitte unbedingt anklicken & lesen!) von windows
Suche die Datei und benenne sie in einer Erweiterung von .BAD (Beispiel: eappprxyz.dll.BAD
starte dein System neu
berichte mir was Passiert?!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis
andere, anderen, beste, besten, c:\windows\system32\cmd.exe, document, funde, google, google suchergebnisse, grand theft auto, groupon, hochladen, install.exe, keine funde, klick, klicke, laufe, laufen, malwarebytes, power, problem, schannel.dll, seite, seiten, suche, suchergebnisse, taskhost.exe, umgeleitet, umleitung, vorgehen



Ähnliche Themen: Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis


  1. Umleitung nach Klick auf Link in Google Suche
    Log-Analyse und Auswertung - 29.01.2015 (28)
  2. Mein Suchergebnis führt zu Google
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (3)
  3. Browser öffnen bei Klick auf Google Suchergebnis Werbung
    Plagegeister aller Art und deren Bekämpfung - 19.03.2013 (13)
  4. Google Umleitung bei Klick auf Suchergebnisse
    Log-Analyse und Auswertung - 27.12.2012 (8)
  5. Umleitung aller Suchergebnisse (bing, google) im IE und FF
    Plagegeister aller Art und deren Bekämpfung - 26.12.2012 (4)
  6. Umleitung bei klick auf Links in Google
    Log-Analyse und Auswertung - 07.12.2012 (4)
  7. (2x) Umleitung bei Klick auf Google-Suchergebnis
    Mülltonne - 29.11.2012 (1)
  8. Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um
    Log-Analyse und Auswertung - 05.11.2012 (9)
  9. Google suchergebnisse, enden bei Goole [Umleitung]
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (7)
  10. Google Suchergebnis Linksklick funktioniert nicht
    Alles rund um Windows - 03.06.2012 (3)
  11. google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (19)
  12. Google Suchergebnisse leiten beim Klick auf völlig fremde Seiten weiter (meist Werbung)
    Log-Analyse und Auswertung - 20.05.2011 (9)
  13. google Suchergebnisse sind falsch verlinkt, erst beim 3.Versuch wird die richtige Seite geöffnet
    Log-Analyse und Auswertung - 15.04.2011 (54)
  14. google umleitung? (klick bringt mich zu dubiösen Seiten alle Browser)
    Plagegeister aller Art und deren Bekämpfung - 20.07.2010 (1)
  15. Umleitung der Google-Suchergebnisse
    Log-Analyse und Auswertung - 17.02.2009 (9)
  16. Umleitung der Google-Suchergebnisse
    Log-Analyse und Auswertung - 14.02.2007 (5)
  17. Umleitung der Suchergebnisse bei Google, Help!
    Plagegeister aller Art und deren Bekämpfung - 31.01.2006 (35)

Zum Thema Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis - Hallo, ich habe mein Problem auch schon bei anderen hier gelesen. Wenn ich mit Google Seiten suche und dann auf die Suchergebnisse klicke werde ich umgeleitet auf andere Seiten (Groupon - Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis...
Archiv
Du betrachtest: Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.