| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Redirect VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.12.2012, 22:03
| #1 |
| |  Google Redirect Virus Hallo! Ich habe seit Wochen oder Monaten diesen Google Redirect Virus. Ich habe Firefox neu installiert, TDSSKiller ausprobiert, Malwarebytes laufen lassen, unbekannte Software deinstalliert, die Registry mit CCCleaner gereinigt etc. Nichts hat etwas geändert. Das Board hier scheint mir die einzige Möglichkeit... Kann mir hier bitte jemand helfen?!  Dirk OTL Logfile OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.12.2012 21:43:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frida\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 59,32% Memory free 8,00 Gb Paging File | 6,23 Gb Available in Paging File | 77,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,98 Gb Total Space | 24,26 Gb Free Space | 30,33% Space Free | Partition Type: NTFS Drive D: | 170,90 Gb Total Space | 146,98 Gb Free Space | 86,00% Space Free | Partition Type: NTFS Drive E: | 345,19 Gb Total Space | 189,99 Gb Free Space | 55,04% Space Free | Partition Type: NTFS Drive G: | 237,54 Gb Total Space | 79,75 Gb Free Space | 33,57% Space Free | Partition Type: NTFS Drive H: | 60,55 Gb Total Space | 42,99 Gb Free Space | 71,00% Space Free | Partition Type: NTFS Computer Name: FRIDA-PC | User Name: Frida | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.30 21:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frida\Desktop\OTL.exe PRC - [2012.12.11 20:39:52 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 20:39:44 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.11 20:39:44 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.10 20:11:50 | 007,416,320 | ---- | M] (Google Inc.) -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\MusicManager.exe PRC - [2012.12.09 23:50:43 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.04.13 09:48:35 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.11.30 16:42:30 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Frida\AppData\Local\Apps\2.0\8BAZYAXY.59Y\61W89LOC.QZG\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2010.02.13 11:17:57 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ========== Modules (No Company Name) ========== MOD - [2012.12.10 20:00:40 | 000,344,064 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll MOD - [2012.12.10 20:00:28 | 000,231,936 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll MOD - [2012.12.10 19:59:52 | 000,117,248 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\libaacdec.dll MOD - [2012.12.10 19:59:50 | 000,253,440 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\libid3tag.dll MOD - [2012.12.09 23:50:43 | 002,240,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2012.12.09 23:50:43 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2012.12.09 23:50:43 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2012.11.29 09:26:21 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.16 07:28:07 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll MOD - [2012.11.16 07:27:50 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll MOD - [2012.11.16 07:27:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.16 07:27:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.16 07:27:35 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f2fb3f4856c403795db6db3f354f1f0b\System.Deployment.ni.dll MOD - [2012.11.16 07:27:34 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll MOD - [2012.11.16 07:27:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012.11.16 07:27:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.16 07:27:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.16 07:27:21 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.16 07:27:18 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.09.25 16:53:12 | 000,026,624 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll MOD - [2012.09.25 16:53:02 | 010,683,392 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll MOD - [2012.09.25 16:53:02 | 001,681,408 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll MOD - [2012.09.25 16:53:00 | 007,741,952 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\QtGui4.dll MOD - [2012.09.25 16:52:58 | 002,248,192 | ---- | M] () -- C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\QtCore4.dll MOD - [2010.11.30 16:42:26 | 000,368,640 | ---- | M] () -- C:\Users\Frida\AppData\Local\Apps\2.0\8BAZYAXY.59Y\61W89LOC.QZG\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 18:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.10.26 03:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.24 21:29:05 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.12 00:25:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.11 20:39:52 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 20:39:44 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.10 00:19:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.04.13 09:48:35 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.13 11:17:57 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 20:39:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 20:39:55 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.10.26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.26 02:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.03.30 19:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.18 06:40:06 | 000,019,520 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudnflt.sys -- (ssudnflt) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.14 17:52:12 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio) DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.10.22 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.04.27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 15:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo) DRV:64bit: - [2010.04.27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2010.03.29 21:03:04 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaura.sys -- (avmaura) DRV:64bit: - [2010.03.09 11:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.03.02 20:06:46 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.03.02 20:06:45 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.02.13 13:01:57 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2010.02.13 11:17:57 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010.07.01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- E:\Progz\Unlocker Deleter\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=ie9hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 E0 B0 34 A8 B7 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Progz\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Frida\Program Files (x86)\DNA\plugins\npbtdna.dll File not found FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Frida\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Frida\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.30 20:50:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.31 21:49:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.10.31 22:31:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Frida\Program Files (x86)\DNA [2012.12.30 20:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frida\AppData\Roaming\mozilla\Extensions [2012.12.30 20:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.02.15 16:32:44 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Frida\AppData\Local\Apps\2.0\8BAZYAXY.59Y\61W89LOC.QZG\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [MusicManager] C:\Users\Frida\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.) O4 - Startup: C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan - Verknüpfung.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com)) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E003BEC7-AB34-448B-9E19-315998E3BD06}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f3e0efe6-e21e-11e0-90fd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f3e0efe6-e21e-11e0-90fd-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.30 21:43:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frida\Desktop\OTL.exe [2012.12.30 20:59:31 | 000,000,000 | ---D | C] -- C:\Users\Frida\Desktop\CCBackup [2012.12.30 20:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.12.30 20:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.30 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Frida\AppData\Roaming\Mozilla [2012.12.30 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Frida\AppData\Local\Mozilla [2012.12.30 20:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.30 13:15:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.12.30 13:13:06 | 000,000,000 | ---D | C] -- C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager [2012.12.30 13:13:00 | 000,000,000 | ---D | C] -- C:\Users\Frida\AppData\Local\Programs [2012.12.20 23:35:34 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2012.12.20 23:35:34 | 000,102,368 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2012.12.18 23:09:53 | 000,000,000 | ---D | C] -- C:\Users\Frida\AppData\Local\My Games [2012.12.18 23:02:07 | 000,000,000 | ---D | C] -- C:\Users\Frida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012.12.18 20:46:48 | 000,000,000 | ---D | C] -- C:\Users\Frida\Documents\Amazon Downloader Logs [2012.12.17 23:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.30 21:43:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frida\Desktop\OTL.exe [2012.12.30 21:42:50 | 000,000,000 | ---- | M] () -- C:\Users\Frida\defogger_reenable [2012.12.30 21:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.30 21:17:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-352812124-1343125394-2634519851-1000UA.job [2012.12.30 21:01:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.30 20:58:17 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.30 20:50:27 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.12.30 20:32:40 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.30 20:32:40 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.30 20:32:17 | 003,841,030 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.30 20:32:17 | 001,605,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.30 20:32:17 | 001,131,714 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.30 20:32:17 | 001,002,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.30 20:32:17 | 000,006,256 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.30 20:25:18 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.30 20:25:16 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\qazxst.job [2012.12.30 20:25:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.30 20:25:06 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys [2012.12.30 18:07:17 | 000,000,221 | ---- | M] () -- C:\Users\Frida\Desktop\GRID.url [2012.12.30 13:17:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-352812124-1343125394-2634519851-1000Core.job [2012.12.25 22:20:01 | 000,000,747 | ---- | M] () -- C:\Users\Frida\Desktop\Samsung Kies (Lite).lnk [2012.12.24 23:59:34 | 001,951,030 | ---- | M] () -- C:\Users\Frida\Desktop\EMS_Time_Attack_Champion-_winner_list.pdf [2012.12.24 21:31:38 | 000,000,222 | ---- | M] () -- C:\Users\Frida\Desktop\RaceRoom Racing Experience.url [2012.12.21 20:59:44 | 000,412,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.18 23:02:07 | 000,000,220 | ---- | M] () -- C:\Users\Frida\Desktop\Sid Meier's Civilization V.url [2012.12.11 20:39:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.11 20:39:55 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.04 12:54:39 | 000,914,509 | ---- | M] () -- C:\Users\Frida\Desktop\Lohnzettel.pdf [2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.01 06:49:26 | 003,663,213 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.30 21:42:50 | 000,000,000 | ---- | C] () -- C:\Users\Frida\defogger_reenable [2012.12.30 20:58:16 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.30 20:50:27 | 000,001,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.12.30 20:50:27 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.12.30 18:07:17 | 000,000,221 | ---- | C] () -- C:\Users\Frida\Desktop\GRID.url [2012.12.30 13:12:48 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-352812124-1343125394-2634519851-1000UA.job [2012.12.30 13:12:47 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-352812124-1343125394-2634519851-1000Core.job [2012.12.25 22:20:01 | 000,000,747 | ---- | C] () -- C:\Users\Frida\Desktop\Samsung Kies (Lite).lnk [2012.12.24 23:59:34 | 001,951,030 | ---- | C] () -- C:\Users\Frida\Desktop\EMS_Time_Attack_Champion-_winner_list.pdf [2012.12.24 21:31:38 | 000,000,222 | ---- | C] () -- C:\Users\Frida\Desktop\RaceRoom Racing Experience.url [2012.12.18 23:02:07 | 000,000,220 | ---- | C] () -- C:\Users\Frida\Desktop\Sid Meier's Civilization V.url [2012.12.04 12:54:39 | 000,914,509 | ---- | C] () -- C:\Users\Frida\Desktop\Lohnzettel.pdf [2012.04.24 13:22:25 | 000,139,264 | RHS- | C] () -- C:\Windows\SysWow64\KBDEST5.dll [2011.10.26 02:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.10.26 02:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.11 10:14:00 | 000,006,238 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.13 09:48:36 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.13 09:48:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.11.14 22:36:08 | 000,003,584 | ---- | C] () -- C:\Users\Frida\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.14 20:49:39 | 000,007,597 | ---- | C] () -- C:\Users\Frida\AppData\Local\resmon.resmoncfg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.18 22:09:46 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Amazon [2012.04.22 22:09:29 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Ashampoo [2010.08.09 14:49:55 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Auslogics [2010.11.18 12:48:56 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\avidemux [2012.12.30 21:09:28 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Azureus [2010.02.15 16:29:51 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Bierbuden Autoupdate [2010.02.16 13:08:32 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Canneverbe Limited [2012.06.12 19:48:53 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Canon [2010.12.23 10:04:51 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\CD-LabelPrint [2012.09.18 21:33:46 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\com.amazon.music.uploader [2012.12.30 21:09:29 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\DAEMON Tools Lite [2010.03.29 21:26:49 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\DNA [2012.12.02 20:21:58 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Dropbox [2012.05.03 15:11:07 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\e-academy Inc [2012.05.02 23:43:55 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\GetRightToGo [2011.03.29 11:37:28 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\IrfanView [2011.04.25 10:20:35 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Jumping Bytes [2010.03.26 12:26:47 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Leadertech [2010.02.15 19:17:44 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Mathsoft [2010.09.20 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Need for Speed World [2010.02.15 18:45:08 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Notepad++ [2012.02.29 18:47:35 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Origin [2010.11.24 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\PTC [2011.04.13 09:48:34 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\PunkBuster [2010.09.20 19:52:08 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Raptr [2012.11.18 22:43:25 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Samsung [2012.05.02 20:32:23 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Temp [2010.02.18 19:06:08 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Thunderbird [2010.11.24 18:35:22 | 000,000,000 | ---D | M] -- C:\Users\Frida\AppData\Roaming\Tracker Software ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.12.2012 21:43:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frida\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 59,32% Memory free
8,00 Gb Paging File | 6,23 Gb Available in Paging File | 77,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 79,98 Gb Total Space | 24,26 Gb Free Space | 30,33% Space Free | Partition Type: NTFS
Drive D: | 170,90 Gb Total Space | 146,98 Gb Free Space | 86,00% Space Free | Partition Type: NTFS
Drive E: | 345,19 Gb Total Space | 189,99 Gb Free Space | 55,04% Space Free | Partition Type: NTFS
Drive G: | 237,54 Gb Total Space | 79,75 Gb Free Space | 33,57% Space Free | Partition Type: NTFS
Drive H: | 60,55 Gb Total Space | 42,99 Gb Free Space | 71,00% Space Free | Partition Type: NTFS
Computer Name: FRIDA-PC | User Name: Frida | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073892D2-D59D-4F4F-AD10-EC2C20BC50B8}" = rport=139 | protocol=6 | dir=out | app=system |
"{088D5B8E-959D-41AE-AA6B-F53D73662BA5}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C1FCF52-0E2B-4307-AE8A-FDE681564F3E}" = lport=138 | protocol=17 | dir=in | app=system |
"{15580500-B183-46F6-9550-4235E65A4C6D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{19A2EB5E-A190-40F7-82CC-165935320A12}" = lport=139 | protocol=6 | dir=in | app=system |
"{211473EB-AE7D-468B-853F-39DC3627539F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{330379CE-851C-4C1A-98F0-7DC3E56FF9E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{342CC0DD-D1E0-405A-B3C4-4DB8512176C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38E268DE-0740-4533-8224-CE66BE48A91F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{484CA5AB-DFDB-4572-B03E-D7003B036A9C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{548700A1-FA30-4231-B707-9387B71E071C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{60F67135-BFEB-4C45-9B24-2028370CA9DF}" = lport=445 | protocol=6 | dir=in | app=system |
"{61D96173-5E34-4AE5-9E45-DFF996FF85E5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{652CCB18-55B9-4F29-B806-A0D9FFD548BF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7B970C09-5356-4039-A4B4-645429141423}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80F032A6-E50E-4121-B0E9-A52EDE5C03DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8660D2B7-A7D9-4414-91CD-83471C617B75}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C50CBA2-74E6-4D12-B43B-4675710F003A}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B0FD673-8751-4A86-875D-BCB0AEEE047C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{AAF48705-B63F-48FB-8049-CB50A82D8047}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{BDCFA1DD-EB99-405B-AC3D-E589F6C8FBF4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEE9F8A5-23C1-4D1D-9513-B5FD4421D724}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{CC100744-6C42-46A7-84C5-62B8B46BAAFE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D05E8EE3-B06D-4E3C-87F1-74BA4AE9826D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D1E9EA5A-EFD4-492C-896E-A16EAB328D35}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{D4E3C638-D949-40FB-9F53-F391DBADD235}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0F77418-A973-409B-928D-DA6E467A7F56}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BAEFBC6-AC8E-46A1-813C-DBBB0CA778D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{0EE676AC-213C-4E19-BFD5-CA53327DA857}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{168069FC-383A-45DF-9C62-25B082C7B06A}" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"{17668C2F-E3F8-4E56-B3F5-044FB4077C63}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{1CA31CEE-263F-4C69-A9D0-00FD3A691D39}" = protocol=17 | dir=in | app=d:\anno 2070\initengine.exe |
"{1DAE3CD0-E1C7-4DB4-8467-032C389427CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{20AE0417-211D-413C-A0C9-DBF510B85D48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2BF0C531-B769-49BC-ACEA-4BEBB128EAE3}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{359DCC20-31A0-4C49-92BF-46C6162363CF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{35E9F6CC-51F5-457D-A147-2D7F45E536BF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{367BB79E-0A22-4155-A938-EDF5B503EF3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3822D8D3-E3E4-4518-B2DA-7CAC93EDD750}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DFE12B3-D923-467F-BEDE-D1E07A94BE4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3FBF8B76-1EC1-49B1-9A3B-E8B6E1EE5C28}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{43EA8B06-7698-4782-BCB6-A2D1A7A1A56E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C5FD93A-CD70-4409-B008-2BEF52976632}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4EE460BA-F714-415C-8D7D-5E9185DA32A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4EFB75BA-B442-4D64-9EDE-21C067999F87}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{52C751F5-7693-4CDC-9669-CC159FCA3FAB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54D3C2C0-D6CA-45BF-8D4A-42B043AE7A1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{559A98D7-A1FB-4359-80A3-52A59F6EC73A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F37AD5A-2C9E-4353-93E3-BDD95E3DF8A7}" = protocol=6 | dir=in | app=c:\users\frida\appdata\local\apps\2.0\8bazyaxy.59y\61w89loc.qzg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{5FEC7044-B74D-4B0A-9A5A-5BF037A0B211}" = protocol=17 | dir=in | app=d:\anno 2070\autopatcher.exe |
"{6104D690-1B5B-44BD-AFA0-A380A47A89C2}" = protocol=17 | dir=in | app=d:\anno 2070\anno5.exe |
"{68BA8678-54D7-4D5E-ACFF-D1A9926CBC34}" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"{8202C957-1B1D-468D-912B-3CBD50649629}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84249200-2A3A-45BF-BE5F-BE7A0523F60F}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{9092311C-478D-40D6-9C92-2323B8315BFF}" = protocol=6 | dir=in | app=c:\users\frida\appdata\roaming\dropbox\bin\dropbox.exe |
"{9AEA122F-43CC-445B-AF80-8EF2AF8D257A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{9D9E7E72-EAFC-4E2E-9921-21AA05A31296}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9FCF5BAE-ADEC-4497-957B-0FDCB5AE5158}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A07E3269-C467-4DE1-80F5-04D78EB3C7A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AD74BE26-D83F-435D-8093-10C44E9A4DAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0C191D8-667A-4C5E-8516-AA64AE57D3F8}" = protocol=6 | dir=in | app=d:\anno 2070\initengine.exe |
"{B34079A4-0FF1-4ED3-ACEA-58D840B4AD0E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B515BBDC-9849-495A-A1A9-CDA69B8622FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B86E8454-A092-4E82-B17F-3B8BA33E7697}" = protocol=17 | dir=in | app=c:\users\frida\appdata\roaming\dropbox\bin\dropbox.exe |
"{BB331C1C-FFE4-4DD4-B87A-2A54A8431AE7}" = protocol=6 | dir=in | app=d:\anno 2070\anno5.exe |
"{BED3837C-E5ED-476E-A300-B9F66A8066D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3B10466-CA1D-45AE-BF3D-7C59B7825439}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{C8893BA8-81A2-4735-AC9A-18446F9634D6}" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"{CB30F45C-EB92-4161-A063-F5B1F48232AF}" = protocol=17 | dir=in | app=c:\users\frida\appdata\local\apps\2.0\8bazyaxy.59y\61w89loc.qzg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{D28A6DFE-2A24-4CE2-9339-FA4A22E720A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D583D493-E56E-418D-9AFC-3A826B65E03B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D5FC50B5-A975-432C-A33F-EA4E4CE31728}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D6BF40D0-1080-4E52-A9FB-01DDAD12FB32}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF27719F-532F-48A4-8864-ED8F089338DC}" = protocol=17 | dir=in | app=c:\users\frida\appdata\local\apps\2.0\8bazyaxy.59y\61w89loc.qzg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{E2FA29AA-F520-40DF-9DD0-BC1D2EF8D3CF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E3669024-1D4E-498E-967E-17210F02569D}" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"{E5BB26FE-ACD6-462A-BBA8-31E456C95C02}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{EFCECE90-6D34-4E9B-A48A-EC0225A212AE}" = protocol=6 | dir=in | app=c:\users\frida\appdata\local\apps\2.0\8bazyaxy.59y\61w89loc.qzg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{F16599A1-103C-4D51-94C9-81180DF5BC63}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F24E4B0D-DA1A-4844-A4B3-A885E20B35B6}" = protocol=6 | dir=in | app=d:\anno 2070\autopatcher.exe |
"{F5B14257-C98B-4FB5-B798-F9BB96BB37BB}" = protocol=6 | dir=out | app=system |
"{FCAF1BEC-9533-4616-834A-374DDA5ECB0A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{632CA7EA-C4D7-4F50-BEE5-E5E4A78BEC88}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{69A907A8-3736-4EF7-9A1B-6F2EA883B1A8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{84316E41-DA59-47B9-880F-3EC8B54CAA19}C:\users\frida\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\frida\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8C2AD395-CD28-428D-B35A-B85538C7731E}D:\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=d:\maniaplanet\maniaplanet.exe |
"TCP Query User{B7F9F03F-3691-4587-832A-A3C1B829CED2}D:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\tmnationsforever\tmforever.exe |
"TCP Query User{BD1E4136-DCF2-45FD-B6F5-DA0B9C86E82F}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{CDD09E58-02C6-499E-BBA4-9640037BFAA7}D:\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=d:\maniaplanet\maniaplanet.exe |
"UDP Query User{29AAE19A-6610-4AB4-91BD-6CC084ECF3FA}D:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\tmnationsforever\tmforever.exe |
"UDP Query User{71F811A5-CCCE-4517-A115-E8D603A13459}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{895AF627-2494-4733-BA3C-21D81F1E55A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{ED42E049-EA39-4D62-A436-75B151F01FF0}D:\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=d:\maniaplanet\maniaplanet.exe |
"UDP Query User{EFE56023-93AC-4E9A-BB84-6E57E694C1D0}D:\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=d:\maniaplanet\maniaplanet.exe |
"UDP Query User{F3DE8DB1-5FD8-49A7-B424-F9A772EE4065}C:\users\frida\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\frida\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FC51D89C-AD71-4011-AEBF-681356EEF5B2}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{AC3539BE-6ACD-3078-B521-0AC2884720F3}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Logitech Unifying" = Logitech Unifying-Software 2.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SP6" = Logitech SetPoint 6.32
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90985FBE-CACF-4796-8EC8-C6CD2E5BB6A7}" = PureSync
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EEA437C-F436-755C-6B39-1840A33F45CF}" = Catalyst Control Center InstallProxy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D86CEB96-6B1E-4214-ACEA-83EBEFCA1212}_is1" = OGG MP3 Converter v4.1 build 929
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"ManiaPlanet_is1" = ManiaPlanet
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Notepad++" = Notepad++
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenAL" = OpenAL
"PC Fresh_is1" = PC Fresh
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"PureSync" = PureSync 3.0.0
"RealPlayer 15.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"Steam App 12750" = GRID
"Steam App 211500" = RaceRoom Racing Experience
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"TmNationsForever_is1" = TmNationsForever
"Unlocker" = Unlocker 1.9.0
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"MusicManager" = Music Manager
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.12.2012 16:11:05 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0x1060 Startzeit der fehlerhaften Anwendung: 0x01cde6c9c6515cfd
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 0a2a7993-52bd-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:17:55 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0x704 Startzeit der fehlerhaften Anwendung: 0x01cde6cac0508f6f
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: fe945921-52bd-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:17:58 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0xa48 Startzeit der fehlerhaften Anwendung: 0x01cde6cac2519f6a
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 00728f39-52be-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:18:01 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0xc20 Startzeit der fehlerhaften Anwendung: 0x01cde6cac3d7c298
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 01f26906-52be-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:18:04 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0xa5c Startzeit der fehlerhaften Anwendung: 0x01cde6cac578efa9
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 039134b6-52be-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:27:19 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0xc84 Startzeit der fehlerhaften Anwendung: 0x01cde6cc102dd977
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 4e66d588-52bf-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:27:21 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0xb98 Startzeit der fehlerhaften Anwendung: 0x01cde6cc11550419
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 4f8b9ec9-52bf-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:34:33 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0x81c Startzeit der fehlerhaften Anwendung: 0x01cde6cd1394c88d
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 516fc611-52c0-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:41:44 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0xa54 Startzeit der fehlerhaften Anwendung: 0x01cde6ce13701ad3
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 526c287c-52c1-11e2-98b9-001c4af0f3e2
Error - 30.12.2012 16:43:08 | Computer Name = Frida-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SearchIndexer.exe, Version: 7.0.7601.17610,
Zeitstempel: 0x4dc0d019 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17965,
Zeitstempel: 0x506dcae6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000bccd
ID
des fehlerhaften Prozesses: 0x1338 Startzeit der fehlerhaften Anwendung: 0x01cde6ce465472b6
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\SearchIndexer.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 8443a41e-52c1-11e2-98b9-001c4af0f3e2
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 03.05.2012 16:48:52 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 03.05.2012 16:50:16 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 03.05.2012 16:50:27 | Computer Name = Frida-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4612
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 03.05.2012 16:50:30 | Computer Name = Frida-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1084 NULL object. Cannot establish a connection at this time.
Error - 03.05.2012 18:56:11 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
Eine vorhandene Verbindung wurde vom Remotehost geschlossen.
Error - 03.05.2012 18:56:11 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown
Error - 03.05.2012 18:56:11 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 03.05.2012 18:56:11 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 03.05.2012 18:56:11 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
Verbindung wurde vom Remotehost geschlossen.
Error - 03.05.2012 18:56:11 | Computer Name = Frida-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
[ OSession Events ]
Error - 19.12.2010 10:48:08 | Computer Name = Frida-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 339
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.12.2012 16:11:05 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
21 Mal passiert.
Error - 30.12.2012 16:17:55 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
22 Mal passiert.
Error - 30.12.2012 16:17:58 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
23 Mal passiert.
Error - 30.12.2012 16:18:01 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
24 Mal passiert.
Error - 30.12.2012 16:18:04 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
25 Mal passiert.
Error - 30.12.2012 16:27:19 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
26 Mal passiert.
Error - 30.12.2012 16:27:22 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
27 Mal passiert.
Error - 30.12.2012 16:34:33 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
28 Mal passiert.
Error - 30.12.2012 16:41:45 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
29 Mal passiert.
Error - 30.12.2012 16:43:08 | Computer Name = Frida-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
30 Mal passiert.
< End of report >
Achso: mein Sicherheitscenter lässt sich auch nicht mehr aktivieren... |
| Themen zu Google Redirect Virus |
| antivir, application/pdf:, autorun, avira, bho, bonjour, converter, downloader, error, firefox, flash player, gereinigt, google, google redirect virus, helper, install.exe, intranet, mozilla, mp3, nvidia update, object, office 2007, plug-in, realtek, registry, samsung kies, scan, security, senden, software, stick, svchost.exe, tracker, virus, visual studio, windows |
Baum-Darstellung