Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Suchmaschinenumleitung (Google) alle Browser betroffen!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.05.2012, 18:45   #1
Kyoko90
 
Suchmaschinenumleitung (Google) alle Browser betroffen! - Standard

Suchmaschinenumleitung (Google) alle Browser betroffen!



Hallo!
Habe leider seit geraumer Zeit das Problem, dass ich auf andere Seiten umgeleitet werde, wenn ich bei der Google Suche einen Link anklicke.
Die Seiten heißen z.B. rocketnews.com.
Habe mit Malwarebytes einen Scan durchgeführt, allerdings wurde gar nichts gefunden! Ich habe Avira als Virenscanner, dieser findet natürlich auch nichts...
Das Problem beschränkt sich nicht nur auf meinen Standartbrowser Firefox, sondern auch mit Opera oder dem IE hab ich das selbe Problem!

Hier die OTL Logfiles:

Code:
ATTFilter
OTL Extras logfile created on: 16.05.2012 19:34:26 - Run 2
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\****\Downloads
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,41% Memory free
6,00 Gb Paging File | 4,06 Gb Available in Paging File | 67,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 13,99 Gb Free Space | 17,91% Space Free | Partition Type: NTFS
Drive D: | 387,62 Gb Total Space | 231,34 Gb Free Space | 59,68% Space Free | Partition Type: NTFS
Drive J: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ****-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018E06C7-E696-4AB4-9A6F-EB3028818C82}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{075558DE-B7D6-493C-89F6-78A93B7F438A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0794B86C-77E8-4B6B-9907-DCE0FC39D6D4}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{1037099D-828B-4BE4-8C6C-EF5A67785160}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{11F737A2-570B-4AA9-A764-ED40D34A8425}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{14367EBE-C48C-4B9C-B2F9-BB26F083B2E3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{18D81600-1EBB-4EE8-AC87-FE9EDD3CE498}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{19B19CCA-B68B-48E8-AB30-B4FADFE21B1B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1AEA098B-9F18-4C20-9EBF-A0152CEE29A2}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{1C005A50-FA87-4C06-B6EB-B02984C004C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E99EF4A-192C-4C1D-B72A-A35B4962A6EC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1F6B0805-19A4-45AE-8072-917F05944A9D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2388C57D-E684-4A56-8B4E-5BE1F5E15BED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2B92969D-B73C-430C-AA3A-281757F68ADE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2E076301-72B8-4679-B46B-1D0451ED692A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2E4BDC69-17AB-423D-8142-B91EF9586932}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{30451625-405A-40EF-B75A-889E77F47C1C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{34C5F76A-99E3-4965-8238-3A237E7AEB5F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{34FC0758-BE1D-429D-86A1-EE4805EF0ABA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{35676491-1EF4-4F08-83B3-F8B354092B76}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{367CEDBD-EA70-4F82-B144-2A8F44F08F25}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3BACF205-F2FB-464C-927D-0B1D3BE512B6}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{403E3A86-E690-43E8-AD8B-13E9D7561D75}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4124A8F3-12E4-4349-A6F3-F4655A8D3144}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{42F843A5-C08B-4C44-8136-FE1549189071}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{44ADC58D-99EB-45E7-91B9-4BDCEDFC6B06}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4CDF4511-1F95-4966-B9F1-6B65907CDDFB}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{5148F729-C6DB-4168-B005-1E27556F94C6}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{53CE9CDF-D71C-4D3C-9C26-7EF684E21831}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{56250A97-A1E9-4D93-8C53-5FF4E80177F3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5B0630AF-C777-405D-A37E-8671F619C9C8}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5C81A20E-53EF-472F-BAFF-95A964AF68FA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5C9CD73E-EB4B-4BF4-8750-0B3B16D95A43}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5CF52463-7A02-49A5-BF61-9EDD07CDB9C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5FFA0FF0-6358-41F6-A695-1393FE69167C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{61C827AA-2309-4372-9034-45BB983966FA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{69B71F01-F83E-41A4-BFAB-307E17211022}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{6C4D9EAA-302C-4FC2-8B29-FFE87BE9C164}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7603266E-0504-4750-85ED-E2A7EF1DEDDF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7AF1993A-B644-458B-8C60-6C4E6513F940}" = rport=139 | protocol=6 | dir=out | app=system | 
"{83550757-EC4D-4D73-A84E-4828F331A069}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{8713090A-A4BD-45FB-BF54-E6C845FB9290}" = lport=10095 | protocol=6 | dir=in | name=windows core service | 
"{8C15C355-E339-4825-8FC4-43B806CCD950}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{8FD1E0A2-70FA-4A82-AEBE-D24A81141ECA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9084A61F-9635-45E0-911C-9DF53EB9D62B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{997C5D06-211B-4569-94E5-CD0206E173BF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A35A7D36-8579-41A0-A903-469DE3019ECE}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{A5F14092-EA35-41B7-B8EE-1ECEFD0C3B71}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A98BB923-0446-4465-803F-40350E09BA92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AB07B6E3-843B-478F-95EA-D3A98664D765}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AEA2B5B9-E3D3-4767-95FC-3E225E331F7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B0BC7A79-A3AE-4DFA-B5A9-59B9C6370121}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B2801BA8-9F96-4ED1-B8F6-51ED95D59C3B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B939FB50-8933-493B-A9F8-EC46D98A9B01}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B9D5741F-C8DC-46D0-90DA-529E480544BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BA7A64AB-7520-43CA-B354-5D496F55A7B4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{BB0F046B-C614-49B3-9D68-150B25F9E942}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BD445483-3517-4C68-8F14-455DD8CE1664}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BE58B45B-FA52-436A-BA60-DE2668BB955C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C02533E5-2018-4230-BAB4-B7363CCEEE30}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C14BB4A4-941E-4AC2-B336-266D0AFFCD30}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C248C75E-0400-4CC3-B121-737F7BD21A2B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7B29B96-9C1E-41F5-8531-5C8B3FD06491}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD3748E6-40A9-4B26-86F7-E7CA73A5C321}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D1EBBA07-B9C1-4676-8420-077C993145B9}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{DA75DD76-9EC4-4365-A155-B3A9F3E12D5C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DB998A2E-B3E0-45E5-A9F3-5CE9DD0DD4AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E1CB05AE-51D2-4CF8-9EEB-CFF6575A5F27}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{E60AB357-271E-49E0-91C2-F36AA682A20B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E9111C05-933B-4952-AC02-C08B817EF0C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{EBAE4BA7-AAC2-4658-A700-A21D6B9CA515}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EBF85B4C-5735-4C5F-9D30-ACAC63901AC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F22F8870-0614-4FB4-809F-C788C0EECD2C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FCB33B50-E29F-4490-B912-449A43F40ADB}" = lport=3390 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0161C083-B52B-4A0D-AB1D-3C97ECDE43CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{01F88163-8463-4232-9D39-90B80B15AC51}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{029FB005-77A0-49A5-A038-F47ACCB4730B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{037CB916-9BA1-4F33-A542-36DDDED8C3CD}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0BBCB9AF-CDC2-4185-B926-1FD9FADB140A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0E5D14F1-1366-446A-BA85-A078B8BA8F1A}" = dir=in | app=c:\programdata\tversity\media server\mediaserver.exe | 
"{1624214E-9760-410D-9752-F5740432DC39}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1760333E-EE56-439E-9552-2656FB0D9D31}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{273E7B52-096E-4E67-9825-F964CD1EC187}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2993E85F-0F8C-4262-8C30-C7C7DFF7DAA4}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{2B6CF2E2-BA49-4827-993E-BA30B4D42E6C}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{2CD1CFED-9818-4272-A911-59AE539FC837}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{308EEECD-C80B-4584-B405-020141C17C86}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{41954F9D-BE6F-4BE1-AEDA-195BAF955E76}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{44B148DB-8B4A-4B47-8D9B-B7F1FCBC51AC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4C2F48B7-057A-4979-B0C6-06BAD8CA2B23}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{4EC3909E-00C0-4072-9A93-A96364DE7A65}" = protocol=6 | dir=out | app=system | 
"{5718056B-5EFD-4445-B838-8DB988288E79}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{59ACF359-1EE1-434F-BA42-68DF62D33AE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{60A38E17-E285-4C37-AFD8-101800A99F64}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{6D5B4025-F8BF-49F9-81A4-BCDF44BAE63B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F9C6642-3484-4727-BC54-112A44009919}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{74A3F7D6-6D84-4754-948E-96001C03AB42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{762F0B8A-3864-4FFA-A46F-F5BF374321EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7722E893-FDA3-4038-B9AF-4EF2C23DA471}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\evilkniefel\counter-strike\hl.exe | 
"{78FDFB27-3188-4952-8520-3387D1CD61C6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{79CAE910-2253-40B3-AE58-EF99D2F47F91}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{7A1119FD-D82B-4C37-98FB-F721A9EA0C5C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7AADD8BF-D8A8-4FE1-9337-C8EFEF63FB52}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7F1B01C3-4E78-435F-A70E-7A093712BA86}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8024B8E4-D143-4952-987A-B5B26E0E6426}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{87DE1CCF-6E00-4D01-993C-D398BB82727B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{8B0BB081-8D6F-4666-9789-377732065F4C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | 
"{8D7FD4DF-815A-4360-907B-9CB394A36D12}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{906D6478-4750-4990-A03E-82E3BCF893CB}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{9206814B-B67C-46F1-ADC6-29CADC1578AA}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{945FB4FB-6D91-42AA-BC8B-1BEBD6D75266}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{97D0F91E-8D62-49EA-BE18-BF343B653FA1}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{99B8CDAE-6428-4F0A-9EBF-C9CAAC3F3032}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{B67EF663-FE3C-43CF-8874-FC9468DD9B84}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{B9948506-15E6-4611-B015-6FB1209BDE7E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\evilkniefel\counter-strike\hl.exe | 
"{BA3F7EC1-D587-4F5F-A18D-CB20331A8704}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{C1CE8DF9-BED4-4A1C-B407-179F8E9D9331}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C3249963-F9CE-47C4-BC9D-922670651A56}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C380A8A7-F918-4E46-9E9E-BDA373DA7CC2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C6154CEB-82D6-4365-8479-A773A76AF7E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C85B4F18-AC69-4C6D-A83D-CEAD6BDDA881}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C9F163A2-E76D-419B-B19C-A58CA3040F99}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{CAD289B1-A79A-44DC-91AA-47D09EB67B0E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E7C0C779-2EAA-423A-944D-CB33B05B9031}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E92E9772-82C1-4FD1-9133-6307AB5D5CE0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{EA1857EB-0D4E-4CF9-A370-F1D1EEA9EAD7}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{EC93C46E-E96B-41FE-8832-6B8D1F26FA77}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F0381864-CD1B-4343-B114-CA691981DB5A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F6EE040E-D5AB-41AC-AC22-0506C45317CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{0DAACBA3-A6CB-4762-981F-77BC22BDA207}D:\program files\lineage ii\lineageii.exe" = protocol=6 | dir=in | app=d:\program files\lineage ii\lineageii.exe | 
"TCP Query User{28ABFEBF-A85F-43C6-BBEC-44DAC0AAA9A8}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{41CFE3E0-08EC-4644-921E-9746748975F5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{7CD0C9D2-44CF-4762-989B-CEB62F0A197F}C:\program files\drahtwerk\iwebcamera\iwebcameraapp.exe" = protocol=6 | dir=in | app=c:\program files\drahtwerk\iwebcamera\iwebcameraapp.exe | 
"TCP Query User{B1CA2B78-FEC3-4962-92B4-B1DBA674E0B1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{BE7C3A6E-A2E7-4E78-95A2-9F2957CDA0A6}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{E72D3AD5-0D97-4870-96AF-5098B2CE916E}C:\program files\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\qip infium\infium.exe | 
"TCP Query User{FC1F49A0-FE98-4C7D-95EF-B05C9BD235F3}C:\program files\drahtwerk\iwebcamera\iwebcameraapp.exe" = protocol=6 | dir=in | app=c:\program files\drahtwerk\iwebcamera\iwebcameraapp.exe | 
"UDP Query User{0BF84EA7-19FF-491D-9F88-64E2B6E13276}C:\program files\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\qip infium\infium.exe | 
"UDP Query User{2E5177F5-7FC2-49FF-9398-F6C12089533E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{3C8D5F65-2610-48B9-95C7-44732B2222D9}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{46C66520-FBB9-4910-8C27-897E1D7042F9}C:\program files\drahtwerk\iwebcamera\iwebcameraapp.exe" = protocol=17 | dir=in | app=c:\program files\drahtwerk\iwebcamera\iwebcameraapp.exe | 
"UDP Query User{68D52823-C970-4ED5-8461-B1712A9C373D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{6B687369-1504-45B4-9808-5B88E4144212}D:\program files\lineage ii\lineageii.exe" = protocol=17 | dir=in | app=d:\program files\lineage ii\lineageii.exe | 
"UDP Query User{A5768B5B-D248-4B9A-8DD6-4E12DD73DD21}C:\program files\drahtwerk\iwebcamera\iwebcameraapp.exe" = protocol=17 | dir=in | app=c:\program files\drahtwerk\iwebcamera\iwebcameraapp.exe | 
"UDP Query User{B253DC4E-675B-48ED-84CA-B2B21FFE200A}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023E7812-63E0-F0EB-F226-806679332948}" = CCC Help Spanish
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04E87F64-7182-985A-694E-08475EE6F5F1}" = CCC Help English
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1FCF1A-251B-51EC-D674-0BB161BEE8CA}" = CCC Help Thai
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F366B10-BED2-4DC0-B8CF-B3DF3AF27B37}" = M3 SAKURA V1.49 Global (GAME PATCH V4.9a)
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1A7A8F56-CDB2-2925-5714-AE602C8C80D0}" = CCC Help Portuguese
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E2C7E1C-7FE0-63F6-5D98-26DD6B419569}" = HydraVision
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2410A9B7-A14A-FCD4-203B-E4266C98A65A}" = CCC Help Polish
"{26024EB6-2EE4-DA42-CDE9-50844AE9CFB9}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D483B8D-7B78-7484-4552-10EFD62D3FD2}" = CCC Help Norwegian
"{2D62D645-8460-6888-9E89-0F93947E0925}" = CCC Help German
"{2EF94C49-4D4F-2137-26C2-4E52E36E54DF}" = Catalyst Control Center InstallProxy
"{2F6633CC-6813-A7E0-F6F1-5F26B8B3E5A7}" = WMV9/VC-1 Video Playback
"{30B950DB-5E14-4186-A1D7-B582B5966087}" = Catalyst Control Center Graphics Previews Vista
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4D961EFC-64B0-5DE7-E2FD-304EF8695922}" = CCC Help Finnish
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4ED65F46-B813-CBE5-2B5A-61444D7ADCDD}" = CCC Help Japanese
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5F15CD04-5682-D6AA-D5E5-F2A6643EF261}" = Catalyst Control Center Graphics Previews Common
"{602E3E16-9BAC-7F39-A156-84F432B421BF}" = ccc-utility
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64C67386-CF44-9E7A-7133-8F9CE8D6C41E}" = ccc-core-static
"{65C45785-4B36-A86B-7FA8-C1BDE8C00442}" = CCC Help Danish
"{6697FE8E-B25C-4D73-633C-7FD08655F795}" = ATI AVIVO Codecs
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FD9F64-38ED-4746-AB58-971CE14032E8}" = CCC Help Chinese Standard
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{814DD2C4-E5A1-B2CA-241B-CEFD1D955592}" = ATI Catalyst Install Manager
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82BF91C4-229F-4447-EC70-D31705D7D2E7}" = CCC Help Hungarian
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84B85258-2B47-571C-0D9C-50051A5EE20B}" = CCC Help Turkish
"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB19FE-9933-192C-ADA4-85211B7B83A5}" = CCC Help Czech
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9345E323-3523-F874-4A7A-C802F554D53A}" = AMD Drag and Drop Transcoding
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A15FEDD-8A58-7A22-2CCC-D89A7512D7D0}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EA81723-22AD-686B-D090-8C1C9A9794D0}" = CCC Help Greek
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABBC8011-1E42-4ADA-9794-574349612CEF}" = iWebcamera
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B213DE3E-F4E9-B9FA-B770-95E1BC8B8D8A}" = CCC Help Chinese Traditional
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C38901F3-ED24-16C8-E1AC-C03AC05AC99F}" = CCC Help Korean
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D51A7556-FA80-9167-7576-C5B103E2B837}" = CCC Help Italian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E13F254C-A426-634A-DEAA-4926F200292C}" = CCC Help French
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBA739C4-DF56-3ADF-79EE-DE39533BBB6A}" = Catalyst Control Center Localization All
"{FBD71CB8-D95B-8DCA-8162-F052F502F382}" = CCC Help Dutch
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.8.0 (Full)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MKVtoolnix" = MKVtoolnix 5.0.1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Pen Tablet Driver" = Bamboo
"TeamViewer 6" = TeamViewer 6
"The KMPlayer" = The KMPlayer (remove only)
"TVersity Codec Pack" = TVersity Codec Pack 1.7
"TVersity Media Server" = TVersity Media Server 1.9.7
"VLC media player" = VLC media player 1.1.11
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"winscp3_is1" = WinSCP 4.3.3
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP Infium" = QIP Infium 3.0.9044
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.05.2012 08:39:26 | Computer Name =***-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 02.05.2012 09:58:28 | Computer Name = ****-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.05.2012 09:58:28 | Computer Name = ****-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 03.05.2012 12:15:50 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 03.05.2012 12:15:50 | Computer Name =***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 03.05.2012 12:18:37 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.05.2012 01:22:50 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.05.2012 01:22:50 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.05.2012 01:46:40 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.05.2012 01:46:40 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Media Center Events ]
Error - 21.11.2011 13:47:28 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:47:28 - Fehler beim Herstellen der Internetverbindung.  18:47:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.11.2011 13:47:37 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:47:33 - Fehler beim Herstellen der Internetverbindung.  18:47:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.12.2011 18:22:21 | Computer Name = ***-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description = 
 
Error - 25.12.2011 18:26:01 | Computer Name = ***-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 15.01.2012 11:39:11 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:39:11 - MCESpotlight-2.cab konnte nicht abgerufen werden (Fehler:
 Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die
 URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort 
nicht verfügbar.  )  
 
Error - 15.01.2012 11:39:25 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 16:39:25 - Broadband-2.enc konnte nicht abgerufen werden (Fehler: 
Die Dateigröße wurde vom Server nicht zurückgegeben. Möglicherweise enthält die 
URL dynamischen Inhalt. Der Inhaltslängenheader ist in der Server-HTTP-Antwort nicht
 verfügbar.  )  
 
Error - 24.02.2012 10:15:28 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 15:15:24 - Fehler beim Herstellen der Internetverbindung.  15:15:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 07.11.2011 11:22:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 07.11.2011 12:35:05 | Computer Name = ***-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.11.2011 12:36:47 | Computer Name = ***-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.11.2011 12:40:34 | Computer Name = ***-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 09.11.2011 13:20:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Media Player-Netzwerkfreigabedienst erreicht.
 
Error - 09.11.2011 13:20:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 09.11.2011 13:20:35 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 19.11.2011 11:46:46 | Computer Name =***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 19.11.2011 11:46:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 19.11.2011 11:47:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 16.05.2012 19:34:25 - Run 2
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\***\Downloads
 Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,41% Memory free
6,00 Gb Paging File | 4,06 Gb Available in Paging File | 67,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 13,99 Gb Free Space | 17,91% Space Free | Partition Type: NTFS
Drive D: | 387,62 Gb Total Space | 231,34 Gb Free Space | 59,68% Space Free | Partition Type: NTFS
Drive J: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARILENA-PC | User Name: Marilena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marilena\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Marilena\AppData\Local\Apps\2.0\NP0DHVTH.5ZT\94HMX0LR.AKG\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe (Curse)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\drahtwerk\iWebcamera\iWebcameraApp.exe (drahtwerk)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\168c6417c92bdddd10809791ed32be3e\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\545f2e1ca544c2a8a39cbf8565e1c709\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8dba8803fad87c39c0afbdce6c19fdd0\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9123843fd33a30164ceb951c98b7ca2a\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\cc3d9cb5c17d1863e3146c2a0d5c9e86\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\9be84470118f84e965ff0f142701efc6\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\9b8dcad25a3be7d4a3f3b8b384f3190a\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\Last.fm\srv_rtaudioplayback.dll ()
MOD - C:\Program Files\Last.fm\ext_messengernotify.dll ()
MOD - C:\Program Files\Last.fm\ext_skypenotify.dll ()
MOD - C:\Program Files\Last.fm\srv_madtranscode.dll ()
MOD - C:\Program Files\Last.fm\srv_httpinput.dll ()
MOD - C:\Program Files\Last.fm\LastFmFingerprint1.dll ()
MOD - C:\Program Files\Last.fm\breakpad.dll ()
MOD - C:\Program Files\Last.fm\Moose1.dll ()
MOD - C:\Program Files\Last.fm\LastFmTools1.dll ()
MOD - C:\Program Files\Last.fm\libfftw3f-3.dll ()
MOD - C:\Program Files\Last.fm\zlibwapi.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\drahtwerk\iWebcamera\iWebcameraFilter.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.deu ()
MOD - C:\Program Files\Last.fm\QtNetwork4.dll ()
MOD - C:\Program Files\Last.fm\QtSql4.dll ()
MOD - C:\Program Files\Last.fm\QtGui4.dll ()
MOD - C:\Program Files\Last.fm\QtXml4.dll ()
MOD - C:\Program Files\Last.fm\QtCore4.dll ()
MOD - C:\Program Files\Last.fm\imageformats\qmng4.dll ()
MOD - C:\Program Files\Last.fm\imageformats\qgif4.dll ()
MOD - C:\Program Files\Last.fm\imageformats\qjpeg4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (tapoas) -- C:\Windows\System32\drivers\tapoas.sys (The OpenVPN Project)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (STIrUsb) -- C:\Windows\System32\drivers\irstusb.sys (SigmaTel, Inc.)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 F7 98 EF 8F 50 CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.09.17 18:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 12:36:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.27 17:09:33 | 000,000,000 | ---D | M]
 
[2012.04.25 12:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marilena\AppData\Roaming\mozilla\Extensions
[2012.05.14 07:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marilena\AppData\Roaming\mozilla\Firefox\Profiles\k4s6aq82.default\extensions
[2012.04.25 12:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.07.12 12:10:48 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.02 14:36:55 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.03 18:51:00 | 000,000,051 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON SX100 Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON SX100 Series LENA] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Marilena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marilena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2396221A-9B00-4B8C-B68F-A37589BC82A9}: DhcpNameServer = 139.7.30.126 139.7.30.125 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DB489CE-9DCA-46F8-9285-ACD655169047}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6FC7C6A-C69C-4931-9AF4-7D314ED0DCE0}: DhcpNameServer = 139.7.30.126 139.7.30.125
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.10.06 17:01:16 | 000,000,044 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{32e2ee5b-fb34-11e0-af8a-0013d46f6456}\Shell - "" = AutoRun
O33 - MountPoints2\{32e2ee5b-fb34-11e0-af8a-0013d46f6456}\Shell\AutoRun\command - "" = K:\TING.EXE
O33 - MountPoints2\{32e2ee94-fb34-11e0-af8a-0013d46f6456}\Shell - "" = AutoRun
O33 - MountPoints2\{32e2ee94-fb34-11e0-af8a-0013d46f6456}\Shell\AutoRun\command - "" = K:\TING.EXE
O33 - MountPoints2\{37c89877-b634-11e0-b07b-0013d46f6456}\Shell - "" = AutoRun
O33 - MountPoints2\{37c89877-b634-11e0-b07b-0013d46f6456}\Shell\AutoRun\command - "" = J:\Setup.exe -- [2011.10.06 17:01:18 | 000,355,920 | R--- | M] (Valve Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.16 15:00:42 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{4F52112A-E45A-4FC4-88DF-3D08581DA8A2}
[2012.05.16 15:00:18 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{481FA14D-6396-4133-A9E9-B7677D69BB43}
[2012.05.16 13:09:11 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Roaming\Malwarebytes
[2012.05.16 13:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.16 13:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.16 13:09:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.16 13:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.16 06:43:06 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{3D2BC556-6D97-4059-A2F5-AACB40B97B46}
[2012.05.16 06:42:24 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{B95703C2-A82C-4A2C-A2D8-26679047D165}
[2012.05.15 10:45:20 | 000,000,000 | ---D | C] -- C:\Users\Marilena\Desktop\lespresso
[2012.05.15 07:47:12 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{3834E888-5E9C-4D4C-9808-DAC312CC7FAC}
[2012.05.15 07:46:38 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{5E6981EC-36AB-43D5-AF44-88EBCCEDF76F}
[2012.05.14 07:22:56 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{403859AB-384D-44EE-8525-B6AA00958270}
[2012.05.14 07:22:41 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{74D37F2A-49E3-4CAB-AC0D-3CC0B8AC9264}
[2012.05.03 18:17:20 | 000,000,000 | ---D | C] -- C:\Users\Marilena\Documents\My Curse
[2012.05.03 18:16:54 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{F77D693E-147C-431C-9FE0-C308156DC6B3}
[2012.05.03 18:16:39 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{59EAF1CF-5D72-47E7-9A56-2ED8493C89CA}
[2012.05.02 17:36:12 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\Skyrim
[2012.05.02 15:59:36 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{E89EF937-9C91-44C6-B91C-9A9823317A31}
[2012.05.02 15:59:23 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{B5218F0C-047C-49D5-812D-1676703DFA3A}
[2012.05.01 14:40:36 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{B8DC2BFD-1D7A-4710-B801-1453C58F56E7}
[2012.05.01 14:40:23 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{BAE9E778-808F-4E60-8614-8F803C47B74E}
[2012.04.28 13:08:53 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{DC2B7E58-83CE-423A-B8D7-DFF7031DE480}
[2012.04.28 13:08:13 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{F6E5D897-C58D-4C30-87D7-ABC18678478B}
[2012.04.27 18:45:24 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{DB320CE3-8431-4F77-9B9F-D4F7888DDC6C}
[2012.04.27 18:44:59 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{21366C35-9641-4E8D-89E0-E046524923E2}
[2012.04.25 12:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.25 12:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.04.25 12:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.25 12:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.25 12:07:44 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{683C0F05-DC9A-487C-9026-B85E66F04165}
[2012.04.25 12:07:31 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{4A2267E3-2258-417F-AAA9-9016664F2120}
[2012.04.24 13:37:15 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{B99554BB-F0C5-4832-9ED8-FF3F2B291FD9}
[2012.04.24 13:37:02 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{D0C4CCCA-E452-4775-AA23-2CE6F7E50737}
[2012.04.22 19:42:51 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{03FE3A8F-C756-4F63-84AC-26BE6CF9F256}
[2012.04.22 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{BA022D20-B5FB-4F4F-B9A0-9CD72CA28851}
[2012.04.20 17:57:49 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{5977CA06-753A-4712-8886-6386B24491BE}
[2012.04.20 17:57:36 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{0C88710C-118D-4153-A74F-EAC447C7E2D1}
[2012.04.18 17:02:50 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{9D28E707-B9E7-4310-ABCC-3E6A2E0A5619}
[2012.04.18 17:02:26 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{D3153744-D498-41F0-AA8E-D218967A4318}
[2012.04.17 15:48:01 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{F89646C7-4B52-4799-A3C4-3909B164144F}
[2012.04.17 15:47:04 | 000,000,000 | ---D | C] -- C:\Users\Marilena\AppData\Local\{7B1B5A26-2BDD-4027-B585-CDC8FC335020}
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.16 19:20:33 | 000,020,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.16 19:20:33 | 000,020,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.16 18:59:46 | 000,000,020 | ---- | M] () -- C:\Windows\0ôž
[2012.05.16 17:13:44 | 000,000,521 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2012.05.16 14:58:42 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.05.16 14:58:41 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\ivggrsofjm.job
[2012.05.16 14:58:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.16 14:58:18 | 2415,566,848 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.16 13:09:09 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.15 22:01:22 | 338,579,762 | ---- | M] () -- C:\Users\Marilena\Desktop\iPhone1,2_4.2.1_8C148_Restore.ipsw
[2012.05.15 10:49:09 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.15 10:49:09 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.15 10:49:09 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.15 10:49:09 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.25 12:41:05 | 000,101,928 | ---- | M] () -- C:\Users\Marilena\Documents\cc_20120425_124058.reg
[2012.04.25 12:38:56 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.25 12:36:36 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.05.16 18:59:45 | 000,000,020 | ---- | C] () -- C:\Windows\0ôž
[2012.05.16 15:07:10 | 015,240,704 | ---- | C] () -- C:\Users\Marilena\Desktop\redsn0w.exe
[2012.05.16 13:09:09 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.15 21:44:35 | 338,579,762 | ---- | C] () -- C:\Users\Marilena\Desktop\iPhone1,2_4.2.1_8C148_Restore.ipsw
[2012.05.15 21:32:13 | 270,559,673 | ---- | C] () -- C:\Users\Marilena\Desktop\iPhone1,2_whited00r51_N.ipsw
[2012.04.25 12:41:02 | 000,101,928 | ---- | C] () -- C:\Users\Marilena\Documents\cc_20120425_124058.reg
[2012.04.25 12:38:56 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.25 12:36:36 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.25 12:36:36 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.10 13:30:16 | 000,126,976 | RHS- | C] () -- C:\Windows\System32\fvewiza.dll
[2012.04.09 15:35:05 | 000,000,132 | ---- | C] () -- C:\Users\Marilena\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.10.16 22:18:57 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.10.13 17:56:08 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.10.13 17:56:07 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.10.13 17:56:06 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.10.13 17:56:06 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.10.13 17:56:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.08.04 13:04:14 | 000,236,824 | ---- | C] () -- C:\Windows\System32\xactengine2_3.dll
[2011.07.10 23:57:03 | 000,000,164 | ---- | C] () -- C:\Windows\avrack.ini
[2011.07.10 23:57:01 | 000,156,672 | ---- | C] () -- C:\Windows\System32\RtlCPAPI.dll
[2011.07.10 23:23:31 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.07.10 21:13:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.10 21:10:44 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.08.11 15:24:20 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

< End of report >
         

Geändert von Kyoko90 (16.05.2012 um 18:58 Uhr)

Alt 17.05.2012, 19:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suchmaschinenumleitung (Google) alle Browser betroffen! - Standard

Suchmaschinenumleitung (Google) alle Browser betroffen!



Zitat:
Habe mit Malwarebytes einen Scan durchgeführt, allerdings wurde gar nichts gefunden!
Trotzdem bitte alle Logs davon posten

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu Suchmaschinenumleitung (Google) alle Browser betroffen!
adobe after effects, avira, bho, bonjour, browser, converter, desktop, error, firefox, flash player, google, helper, hängen, install.exe, jdownloader, langs, malware, monitor.exe, mozilla, mp3, pixel, plug-in, problem, realtek, registry, scan, searchscopes, security, server, software, suchmaschine, svchost.exe, tablet, taskhost.exe, third party, version=1.0, weiterleitung, windows




Ähnliche Themen: Suchmaschinenumleitung (Google) alle Browser betroffen!


  1. Alle Browser verseucht, was tun?
    Plagegeister aller Art und deren Bekämpfung - 07.09.2015 (13)
  2. Alle Browser voller Werbung.
    Plagegeister aller Art und deren Bekämpfung - 18.04.2015 (10)
  3. Schutz vor Freak Attack: Diese Browser sind betroffen
    Nachrichten - 05.03.2015 (0)
  4. Windows 7: Adware oder ähnliches. Browser und steam betroffen
    Log-Analyse und Auswertung - 18.12.2014 (7)
  5. Alle Browser voll mit Werbung
    Log-Analyse und Auswertung - 08.12.2014 (17)
  6. adw cleaner schlägt jedes mal alarm betroffen google chrome
    Plagegeister aller Art und deren Bekämpfung - 15.05.2014 (19)
  7. Google Chrome und alle anderen Browser funktionieren nicht mehr!
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (15)
  8. Alle Browser haben verbindungsprobleme
    Log-Analyse und Auswertung - 30.03.2012 (13)
  9. Alle Browser schmieren ab, wenn ich eine Google-Suche starte
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (4)
  10. Alle Browser stürzen nacheinander ab
    Plagegeister aller Art und deren Bekämpfung - 23.10.2011 (17)
  11. TR/Kazy/mekl.1 - Bin auch betroffen - Alle Dateien weg
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (1)
  12. Browser öffnet Google Seiten oder Werbung, Google Suche funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 20.01.2011 (26)
  13. Alle Web-Browser funktionieren nicht mehr (Internet Explorer, Google Chrome etc.) auser Firefox
    Plagegeister aller Art und deren Bekämpfung - 08.11.2010 (1)
  14. Alle Browser langsam, Internet ok
    Log-Analyse und Auswertung - 03.10.2010 (0)
  15. Alle Browser sehr langsam und nun started Google Chrome nicht mehr
    Log-Analyse und Auswertung - 28.09.2010 (2)
  16. Sind bei Virenbefall alle Dateitypen sofort betroffen?
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (1)
  17. google umleitung? (klick bringt mich zu dubiösen Seiten alle Browser)
    Plagegeister aller Art und deren Bekämpfung - 20.07.2010 (1)

Zum Thema Suchmaschinenumleitung (Google) alle Browser betroffen! - Hallo! Habe leider seit geraumer Zeit das Problem, dass ich auf andere Seiten umgeleitet werde, wenn ich bei der Google Suche einen Link anklicke. Die Seiten heißen z.B. rocketnews.com. Habe - Suchmaschinenumleitung (Google) alle Browser betroffen!...
Archiv
Du betrachtest: Suchmaschinenumleitung (Google) alle Browser betroffen! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.