| |
| |||||||
Log-Analyse und Auswertung: Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.06.2012, 13:04
| #1 | ||
 |  Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST! Bin nicht der einzige dem es genauso geht. Es wird nahezu jede Seite die ich öffne mit dieser Warnung von Avast gewarnt:  Bin gestern von Mozilla auf Chrome umgestiegen, davor wars noch nicht, nach der Chrome Installation gestern Abend auch nicht, aber dann heute früh. Kann es nicht sein, dass dies ein internes Problem von avast! ist was sich bei den meisten Nutzern auf die Software nun ausschlägt? Habe diverse Threads durchgelesen und die Anleitungen befolgt, mein Ergebnis: Malwarebytes: Zitat:
OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.06.2012 12:52:41 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Corpse\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19272) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,57% Memory free 4,21 Gb Paging File | 2,87 Gb Available in Paging File | 68,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78,13 Gb Total Space | 18,73 Gb Free Space | 23,97% Space Free | Partition Type: NTFS Drive D: | 154,76 Gb Total Space | 132,05 Gb Free Space | 85,33% Space Free | Partition Type: NTFS Drive G: | 1,84 Gb Total Space | 1,80 Gb Free Space | 97,72% Space Free | Partition Type: FAT Computer Name: CORPSE-PC | User Name: Corpse | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Corpse\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll () MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll () MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll () MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll () MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll () MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll () MOD - D:\Programme\RarExt.dll () MOD - C:\Windows\System32\igfxTMM.dll () ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe () SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe () SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (vvdsvc) -- C:\Windows\System32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Capture Device Service) -- C:\Programme\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (Motousbnet) -- system32\DRIVERS\Motousbnet.sys File not found DRV - (MotoSwitchService) -- system32\DRIVERS\motswch.sys File not found DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found DRV - (motccgp) -- system32\DRIVERS\motccgp.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (BTCFilterService) -- system32\DRIVERS\motfilt.sys File not found DRV - (Aspi32) -- File not found DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (SIVDRIVER) -- C:\Windows\System32\drivers\SIVX32.sys (Ray Hinchliffe) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{3AA13D88-EDC3-4DD0-A192-03E33261F47C}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=a72d0055-1dc0-11e1-82fe-001e333324b3&q={searchTerms} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C3 4A 3B CB A7 4B CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {3AA13D88-EDC3-4DD0-A192-03E33261F47C} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0F85984E-F815-4E0A-997E-225823124339}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{19A48F4A-939D-4B59-B6AD-84733A13C302}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{3AA13D88-EDC3-4DD0-A192-03E33261F47C}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=a72d0055-1dc0-11e1-82fe-001e333324b3&q={searchTerms} IE - HKCU\..\SearchScopes\{618A9448-1C29-424C-B8DC-5843FE69F892}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{723C64BB-5312-487B-A821-511CA476C942}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\..\SearchScopes\{C6213860-FADC-4A67-9856-43781165F211}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Picasa3\npPicasa3.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Corpse\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Corpse\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.03.24 10:32:46 | 000,000,000 | ---D | M] [2012.06.16 00:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.22 00:28:55 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2012.03.07 19:51:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.07.16 14:16:16 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: VshareComplete plugin for chrome = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\ CHR - Extension: AdBlock = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\ CHR - Extension: avast! WebRep = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: vshare plugin = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: Google Mail = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - D:\Programme\NetXfer\NXIEHelper.dll File not found O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - D:\Programme\NetXfer\NXToolBar.dll File not found O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\System32\MMRTKRNL.EXE (ALCATech GmbH) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON SX525WD Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Alles mit NetXfer herunterladen - D:\Programme\NetXfer\NXAddList.html File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Corpse\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Herunterladen mit NetXfer - D:\Programme\NetXfer\NXAddLink.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.com/s/v/67.17/uploader2.cab (UploadListView Class) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.schueler.cc/uploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {731D29F4-2872-4542-B85F-539610D7C5DB} hxxp://144.122.47.201/NautilusV20.cab (Media Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://vexcast.com/download/vexcast.cab (VodClient Control Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.231.103.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E63C404-3A8C-4DA0-9316-1518313DCAE2}: NameServer = 10.36.72.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3EE94FB-A1BC-4F6D-A8DB-4C35368A1853}: DhcpNameServer = 10.231.103.254 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Corpse\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Corpse\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3f6cc5e1-9d41-11df-94b8-001e333324b3}\Shell\AutoRun\command - "" = G:\sources\sperr32.exe x64 O33 - MountPoints2\{45851271-9c32-11de-9abb-001e333324b3}\Shell\Autoplay\command - "" = H:\usb_driver.exe O33 - MountPoints2\{45851271-9c32-11de-9abb-001e333324b3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\usb_driver.exe O33 - MountPoints2\{45851271-9c32-11de-9abb-001e333324b3}\Shell\explore\Command - "" = H:\usb_driver.exe O33 - MountPoints2\{45851271-9c32-11de-9abb-001e333324b3}\Shell\Open\Command - "" = H:\usb_driver.exe O33 - MountPoints2\{d210c70b-bf44-11df-807c-001e333324b3}\Shell\AutoRun\command - "" = programm.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.16 12:50:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Corpse\Desktop\OTL.exe [2012.06.16 11:53:54 | 000,000,000 | ---D | C] -- C:\Users\Corpse\AppData\Roaming\Malwarebytes [2012.06.16 11:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.16 11:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.16 11:53:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.16 11:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.15 23:16:39 | 000,000,000 | ---D | C] -- C:\Users\Corpse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.06.14 00:15:03 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.06.14 00:15:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.06.14 00:14:55 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.06.14 00:14:44 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.06.14 00:14:43 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012.06.14 00:14:42 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.06.14 00:14:42 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.06.14 00:14:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.06.14 00:14:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.06.14 00:14:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.06.14 00:14:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.06.14 00:14:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.06.14 00:14:39 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.06.14 00:14:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.06.14 00:14:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.06.14 00:14:31 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.06.14 00:14:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.06.14 00:14:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.06.14 00:13:03 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.06.13 07:26:32 | 000,000,000 | ---D | C] -- C:\Users\Corpse\AppData\Local\Macromedia [2012.05.20 15:53:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2012.05.20 15:51:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2012.05.20 15:51:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2012.05.20 15:51:04 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2012.05.20 15:51:04 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2012.05.20 15:51:03 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2012.05.20 15:51:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2012.05.20 15:50:59 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2012.05.20 15:50:59 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2012.05.20 15:50:59 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2012.05.20 15:50:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2012.05.20 15:50:57 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2012.05.20 15:50:42 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2012.05.20 15:50:42 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2012.05.20 15:50:42 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2012.05.20 15:50:42 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2012.05.20 15:50:42 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2012.05.20 15:49:19 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.05.20 15:49:18 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2012.05.20 15:49:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.05.20 15:49:17 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.05.20 15:49:17 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.05.20 15:49:16 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.05.20 15:49:16 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.05.20 15:49:15 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.05.20 15:49:14 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.05.20 15:49:13 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.05.20 15:49:07 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.05.20 15:49:05 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.05.20 15:49:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.05.20 15:48:54 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.05.20 15:48:53 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.05.20 15:48:53 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.05.20 15:48:53 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2012.05.20 15:48:52 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.05.20 15:48:52 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.05.20 15:48:24 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2012.05.20 15:48:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2012.05.20 15:48:17 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll ========== Files - Modified Within 30 Days ========== [2012.06.16 12:50:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Corpse\Desktop\OTL.exe [2012.06.16 12:34:28 | 000,018,949 | ---- | M] () -- C:\Users\Corpse\Desktop\avast.jpg [2012.06.16 12:33:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.16 12:25:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 12:25:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 12:24:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.16 12:24:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.16 12:24:36 | 2136,952,832 | -HS- | M] () -- C:\hiberfil.sys [2012.06.16 12:20:13 | 000,206,180 | ---- | M] () -- C:\Users\Corpse\Desktop\Malware.jpg [2012.06.16 12:20:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488983335-3165548022-3401756928-1000UA.job [2012.06.16 11:53:36 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.16 11:24:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.16 11:21:30 | 000,000,104 | ---- | M] () -- C:\Users\Corpse\Desktop\Internet.lnk [2012.06.15 23:20:10 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488983335-3165548022-3401756928-1000Core.job [2012.06.15 15:33:01 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F62ABF64-133A-4CED-982C-EFB42332A4BB}.job [2012.06.15 01:22:27 | 000,480,966 | ---- | M] () -- C:\Users\Corpse\Desktop\20120614145309632.pdf [2012.06.14 08:08:02 | 000,416,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.13 18:54:40 | 000,637,346 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.13 18:54:40 | 000,594,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.13 18:54:40 | 000,128,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.13 18:54:40 | 000,106,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.13 13:51:29 | 001,056,968 | ---- | M] () -- C:\Users\Corpse\Desktop\img002.jpg [2012.06.13 13:23:48 | 000,170,496 | ---- | M] () -- C:\Users\Corpse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.13 07:23:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.06.13 07:23:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.06.07 13:28:15 | 000,002,633 | ---- | M] () -- C:\Users\Corpse\Desktop\Microsoft Office Excel 2007.lnk [2012.06.06 15:03:54 | 000,595,892 | ---- | M] () -- C:\Users\Corpse\Desktop\Lappland Stationsüberischt2.jpg [2012.06.04 17:12:12 | 000,173,416 | ---- | M] () -- C:\Users\Corpse\Desktop\1.jpg [2012.06.02 12:11:19 | 000,042,802 | ---- | M] () -- C:\Users\Corpse\Desktop\FCB Termine.jpg ========== Files Created - No Company Name ========== [2012.06.16 12:34:28 | 000,018,949 | ---- | C] () -- C:\Users\Corpse\Desktop\avast.jpg [2012.06.16 12:20:12 | 000,206,180 | ---- | C] () -- C:\Users\Corpse\Desktop\Malware.jpg [2012.06.16 11:53:36 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.16 11:21:30 | 000,000,104 | ---- | C] () -- C:\Users\Corpse\Desktop\Internet.lnk [2012.06.15 23:15:32 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488983335-3165548022-3401756928-1000UA.job [2012.06.15 23:15:31 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488983335-3165548022-3401756928-1000Core.job [2012.06.15 01:22:14 | 000,480,966 | ---- | C] () -- C:\Users\Corpse\Desktop\20120614145309632.pdf [2012.06.13 13:51:24 | 001,056,968 | ---- | C] () -- C:\Users\Corpse\Desktop\img002.jpg [2012.06.06 15:04:33 | 000,595,892 | ---- | C] () -- C:\Users\Corpse\Desktop\Lappland Stationsüberischt2.jpg [2012.06.04 16:59:15 | 000,173,416 | ---- | C] () -- C:\Users\Corpse\Desktop\1.jpg [2012.06.02 12:11:13 | 000,042,802 | ---- | C] () -- C:\Users\Corpse\Desktop\FCB Termine.jpg [2012.05.20 15:50:48 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2012.05.20 15:50:48 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2012.05.20 15:50:48 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.09.09 22:49:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011.06.20 15:03:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.09.30 11:58:08 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll ========== Files - Unicode (All) ========== [2012.01.02 17:45:18 | 000,000,000 | ---D | M](C:\Windows\System32\??????) -- C:\Windows\System32\Ǹƪ�皌 [2012.01.02 17:45:18 | 000,000,000 | ---D | M](C:\Windows\System32\??????) -- C:\Windows\System32\Ǹƪ�皌 [2012.01.02 17:45:18 | 000,000,000 | ---D | C](C:\Windows\System32\??????) -- C:\Windows\System32\Ǹƪ�皌 [2012.01.02 17:45:18 | 000,000,000 | ---D | C](C:\Windows\System32\??????) -- C:\Windows\System32\Ǹƪ�皌 ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1AAB2E68 < End of report > Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.06.2012 12:52:41 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Corpse\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,57% Memory free
4,21 Gb Paging File | 2,87 Gb Available in Paging File | 68,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 18,73 Gb Free Space | 23,97% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 132,05 Gb Free Space | 85,33% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 1,80 Gb Free Space | 97,72% Space Free | Partition Type: FAT
Computer Name: CORPSE-PC | User Name: Corpse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "D:\Programme\OTSPLAY.EXE" "%1" /play /surf
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA2D4F3-8FF7-44C7-B3C6-D4BB93645DE6}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{16872EBF-5020-4A25-A144-7CE3319BB574}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{22B256CF-3AE7-4122-972F-2E4F64876AD4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24AA7BBD-3801-4C2C-90B7-9574C369333E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{26F8725A-CBFD-4934-8DE3-37654B83DFF8}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2A4BFAE1-AFE9-450A-AA99-77E09C048BD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3254A54E-BF41-498B-A2D0-2FF555CFC6C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{325B95A5-0EB3-4401-A414-F59FA0F72531}" = rport=2869 | protocol=6 | dir=out | app=system |
"{3430089F-73CD-4E96-86D8-B044CC9DC1E7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{40B00EE3-CFDF-4B49-9AAC-BDF1D69718D3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{50CF488A-7416-4761-82A5-94472DC4E9CE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{56B8B109-9280-432F-A072-77755DD48B60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5CE3CD80-8917-46CF-AC51-73FE662B45B7}" = lport=139 | protocol=6 | dir=in | app=system |
"{5D7AF2B6-423B-432A-83E4-82E9D2B877AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66433C9D-7B2B-47D9-BF72-6703DFED080E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68113C7B-867E-43B5-9C8D-35AB53D8C0E6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{71638A12-E310-4999-B975-7F826F49414E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{716E8905-BA25-40E5-9F98-A4D092464DDE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71D22B38-5734-4E41-93E6-8567C2DF355D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72B91D31-5D3A-41B7-B5C9-E55DE797F83E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89520A13-F261-4346-BA2D-D12F81B807FD}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A0F38B9-7FC8-4010-BD13-8832BA86DBD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9BFD4A75-408F-49EA-A7F2-BAC310B97FBA}" = rport=445 | protocol=6 | dir=out | app=system |
"{9C12BE58-3E28-483A-A902-E592F846D89B}" = lport=138 | protocol=17 | dir=in | app=system |
"{9CDF6327-56AC-4F26-B7EE-E2D2FA7D44A5}" = rport=138 | protocol=17 | dir=out | app=system |
"{9CEEF1F9-B327-48EF-97CD-28E051B6BB4F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2354897-C122-4FD3-B04F-44D5B541B25A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB6B4586-6660-41BA-A37B-B32AA9225CBA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AEF7C9B3-B27F-43C4-80E7-8E51D970AC1F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B488EA18-9BD8-4767-BF4D-C8F59F66338F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C248606A-0946-4033-84AD-ECCF0BECD8EC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D2B88BA3-AB69-4234-AD49-0CF0E6B4F8E2}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3B2D8DA-6CE5-492C-834A-F83F7B2DCCF6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DAE7128B-EAD4-4BFF-B005-3EDFE318FEE7}" = lport=445 | protocol=6 | dir=in | app=system |
"{E0FC9D35-A041-4F39-A236-0F3214298B7D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8DBB4B3-4F6A-4C55-A859-223E1A217E6C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EA47A22E-E713-4253-BBFD-1A75EFD4136D}" = rport=137 | protocol=17 | dir=out | app=system |
"{F2CFB205-0FC6-4249-93DD-13D239BFAC4A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D64EA83-7A94-439B-8E36-CD97E43EB726}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{12D43D94-37A8-49C6-BE1B-BC0B2F68B24D}" = protocol=17 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{1E67938D-8835-444E-9E6B-E767649E46BC}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{1EEAB2AD-525F-4F69-AFDF-66B9A384920D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29E5B723-36B8-4734-8CFE-A4405CE4B7C6}" = protocol=17 | dir=in | app=d:\programme\fahren lernen\vogel.fahrenlernenmax.exe |
"{3635CEDF-2103-40B4-BA08-8B8D26ADCBB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{379C5ACF-7961-49BD-AADF-0092B31EF10E}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{46FFF1B9-83BD-4F4B-A067-409A78D5F566}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{54232142-0CDB-4AE7-B99E-CC1F25400A9C}" = protocol=17 | dir=in | app=d:\tobit clipinc\server\clipinc-server.exe |
"{5568A8DE-8EBC-4108-A2BC-4B68AE9BFB5B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5E0D436B-F3B0-4CE1-B8AC-D1D5C85AF79E}" = protocol=17 | dir=in | app=d:\tobit clipinc\player\clipinc-player.exe |
"{6198E3BA-A489-4B54-954C-2370F2D8E900}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{66B6D797-AE6F-46A9-8B78-A565D6882A5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{692B7ACB-84C3-4B77-B6F4-9B39E8B7DD35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{69E118FB-87AE-4A8A-AED8-369E9319B606}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{7004593D-EE09-480E-B46E-56FE18CB2CB6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{74037436-BD4E-48A0-87AB-FE561A84E2A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7549DD45-E798-4691-96AF-A69A6CD6335E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8808EEE3-6788-4802-9C88-4A4B3FEBF956}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8A592B60-745B-483F-87FB-2F67ED84C6BF}" = protocol=6 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{8B41803A-2570-4453-A021-BE27C544FCB2}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{9309C948-0A54-427C-9D40-013C04F20222}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{94204239-B8F7-4B8D-B38B-9B2419C553CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{97380D70-DAD2-4E8F-BC87-9ADDF429369D}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{978F07D8-0AE5-4B25-8CF0-844E753E81F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99777A71-9DCB-4778-A382-656C78C568EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A91A6B74-1DCD-4F36-8DFC-11B053D178F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD82828D-56DD-405A-AE99-FBFE030C2974}" = protocol=6 | dir=in | app=d:\programme\fahren lernen\vogel.fahrenlernenmax.exe |
"{AE3E1897-A8DC-4B12-8AD2-4EB70134874A}" = protocol=6 | dir=in | app=d:\tobit clipinc\player\clipinc-player.exe |
"{B6DC2FFA-66BC-4B8B-AA33-517CA2EF566B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B7255B7B-7A9C-4F64-AF7D-2B8F17347574}" = protocol=17 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{B79DCDE7-0E12-422D-98F9-F6D8550377ED}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{BF3ACD0E-4814-40FB-8C25-E05B1A17EBDF}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{BFE8C55B-5F0D-4DED-87A3-E4CC26882FC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0B97A6C-154E-495D-B391-DA702C37001D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C164AF06-B04B-40BA-807D-2AF49FE330B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C865C782-0962-4DF0-9767-F9EDE0456D31}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CB343227-8D39-4B29-BD7E-733E3E43256C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD5D0399-9140-44DE-A905-FCBF140E326F}" = protocol=6 | dir=in | app=d:\tobit clipinc\server\clipinc-server.exe |
"{DD2C657C-4D55-4E9C-8807-2B47121D96A7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{DD415AA4-C371-4D39-9454-EE53D5358C8D}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{E399E971-3BB7-42B4-B38E-D3538E7D3957}" = protocol=6 | dir=out | app=system |
"{E4AF887D-9B13-421E-A41B-3683E9D6C356}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EBCF96F7-2CCD-4F3E-98B4-279365C9439C}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{F22FA501-D0C2-47F6-8182-93D4FE28FC41}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{FB2104DA-0E28-43E6-B219-F699442E45D0}" = protocol=6 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{FEE5B602-276F-4257-8C9D-C61C46007095}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{12709427-099B-4EC7-9604-91B80318233D}D:\programme\icq7.2\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq7.2\icq.exe |
"TCP Query User{1BC00D7F-76F4-475D-8D3D-226AF7C3CE64}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{1CB02CD3-8C93-473B-858D-E58FCE41470C}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"TCP Query User{227BB986-AB0C-4DF5-ACA3-4FCB9EDB83FC}D:\programme\icq7.4\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq7.4\icq.exe |
"TCP Query User{241E0067-D7D2-4DF7-8952-961150FB75BD}G:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=g:\programme\icq6.5\icq.exe |
"TCP Query User{2BBA756A-AE8A-424B-9F1B-B05962E43004}D:\programme\new folder\pythonw.exe" = protocol=6 | dir=in | app=d:\programme\new folder\pythonw.exe |
"TCP Query User{3529E68F-CEFD-4299-B8DD-9282EF4A3F87}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{3A296799-228D-484A-9318-68CD68C3DEF6}D:\programme\edonkey2000\edonkey2000.exe" = protocol=6 | dir=in | app=d:\programme\edonkey2000\edonkey2000.exe |
"TCP Query User{3C1BCDC7-7C39-4CE3-9A8E-3E7D030BAC50}D:\programme\qip.exe" = protocol=6 | dir=in | app=d:\programme\qip.exe |
"TCP Query User{51A71F7D-60A1-4A2A-A70A-F46CB9E2AF45}D:\programme\edonkey2000\edonkey2000.exe" = protocol=6 | dir=in | app=d:\programme\edonkey2000\edonkey2000.exe |
"TCP Query User{5CA2D2F9-52E8-4D2D-8750-6A13F6DEBAD9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{6117C3C7-9B44-4F78-949D-63D622135662}C:\users\corpse\desktop\virtualdj_trial.exe" = protocol=6 | dir=in | app=c:\users\corpse\desktop\virtualdj_trial.exe |
"TCP Query User{62B0D099-3234-4963-9A94-0C3C9010789A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{650DCB4C-8C24-4444-86A0-D6868D98FD79}D:\programme\netxfer\nettransport.exe" = protocol=6 | dir=in | app=d:\programme\netxfer\nettransport.exe |
"TCP Query User{6998FF88-2A19-4F25-A6B8-A358FFE0F88C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{700472A0-C10D-47FB-A9B5-4AA2935BE60A}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{7985E7F6-101E-40C8-91E5-CEF34BB81BCC}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{79C520D8-BF9E-4CA0-A08C-B1CC069BD53C}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{8161A610-BB0D-49D5-8889-F94DB9994A22}D:\programme\icq7.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"TCP Query User{83FDDF00-25DD-4FA1-ACFC-45BA05068B49}C:\Program Files\SopCast\adv\SopAdver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{89110A0A-AB09-4E41-9DA8-BC86C34F4875}C:\Program Files\SopCast\SopCast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{89DE579F-2629-445C-8034-BD97B63E5E60}D:\programme\emule\emule.exe" = protocol=6 | dir=in | app=d:\programme\emule\emule.exe |
"TCP Query User{930655AE-F37A-48D3-87E1-1921A9019B10}D:\programme\icq7.4\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq7.4\icq.exe |
"TCP Query User{972D871D-89F5-4A66-843E-ED505630476B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9F58731D-E898-46E1-8969-AF7F82310169}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A050E01C-C69C-44EB-8BBF-199DA98E22E1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{A6E34236-38B2-4971-A6F3-9A7B77AB38C5}D:\programme\tvants\tvants.exe" = protocol=6 | dir=in | app=d:\programme\tvants\tvants.exe |
"TCP Query User{A6E9B3F5-659E-4511-805D-B8E4BAE980BF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A870C1F5-D539-447C-A8F8-8756D1FD8B1F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B1941E5E-E4AD-482E-AA32-E569432DC827}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{BA1588E7-F299-45D4-935A-3C11B2F1346D}D:\programme\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\adv\sopadver.exe |
"TCP Query User{C7327112-A6F5-4B41-9547-39716D2018EE}D:\qip.exe" = protocol=6 | dir=in | app=d:\qip.exe |
"TCP Query User{CEF1C55F-73FC-4393-A937-21E10EDA5145}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe |
"TCP Query User{DA6F6C28-92E9-4F47-A221-3C505B33B953}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe |
"TCP Query User{E3318D68-4886-448F-A203-44F0E18998FB}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"TCP Query User{E3F0ED04-AF4D-42D0-863E-45FBAC7363CD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{EDBBD282-35E6-4D97-82E6-4EE9C9D45F36}D:\programme\qip.exe" = protocol=6 | dir=in | app=d:\programme\qip.exe |
"TCP Query User{F3225202-6D52-41DE-BDD3-412990FF2989}D:\programme\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\programme\orbitdownloader\orbitnet.exe |
"TCP Query User{FACC4F24-B490-4952-9D29-7C359F2CE55F}F:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=f:\programme\icq6.5\icq.exe |
"TCP Query User{FBF0DA60-278A-4F83-BE25-AA0DB33EBD4F}C:\program files\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"TCP Query User{FFF942E3-4533-4E56-8451-B480374ACEBC}D:\qip.exe" = protocol=6 | dir=in | app=d:\qip.exe |
"UDP Query User{0A2A8715-673E-4F79-AAC4-35932B10C8F6}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{0F4B51E5-1593-4C13-A99B-7F2CC5819DA4}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{0F4CA9D9-DB81-41AE-8D96-4D3D39D13418}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{126C9C7D-6F35-43ED-9742-9CFA9E0982BE}C:\users\corpse\desktop\virtualdj_trial.exe" = protocol=17 | dir=in | app=c:\users\corpse\desktop\virtualdj_trial.exe |
"UDP Query User{1D759CDC-4F65-47AB-A083-2E45447FDBA3}D:\programme\icq7.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"UDP Query User{24B5682C-DC4D-4959-8503-0C8BA5DC4401}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2F4C6EA6-F6C6-49A3-9301-7299E005451E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4175AFE1-1EF7-47DD-895B-CCB8F371C497}D:\programme\icq7.4\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq7.4\icq.exe |
"UDP Query User{4703ED23-243F-4B52-9E85-459D9A939BE6}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{492408F1-5F0E-4CCF-AF68-02E0A0E903A5}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{4AD630C7-3950-4EAA-8B5E-B648BF653EA7}D:\programme\edonkey2000\edonkey2000.exe" = protocol=17 | dir=in | app=d:\programme\edonkey2000\edonkey2000.exe |
"UDP Query User{4B4723C8-836C-49C0-87C8-543618B78776}D:\programme\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\programme\orbitdownloader\orbitnet.exe |
"UDP Query User{56649427-6727-427D-B933-7514C7A2E98E}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe |
"UDP Query User{5CEA2C96-1CD4-445A-990E-2BAEB27181BD}D:\programme\edonkey2000\edonkey2000.exe" = protocol=17 | dir=in | app=d:\programme\edonkey2000\edonkey2000.exe |
"UDP Query User{5DDE5E2F-3B1E-4110-A411-762B88B4B55A}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{6181FCCD-D4E6-463E-B643-24F6672FD174}D:\qip.exe" = protocol=17 | dir=in | app=d:\qip.exe |
"UDP Query User{6DD06A08-FDE5-4D0F-8C5C-7FF117A599FB}D:\programme\netxfer\nettransport.exe" = protocol=17 | dir=in | app=d:\programme\netxfer\nettransport.exe |
"UDP Query User{6F3D3DA0-187A-41FE-AE62-1A30E5ECB051}F:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=f:\programme\icq6.5\icq.exe |
"UDP Query User{737E9B30-F62F-481D-8265-62C7D96BACE9}G:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=g:\programme\icq6.5\icq.exe |
"UDP Query User{7E4B5476-C16F-47AA-8981-956447E6A2E0}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{81BFEAC5-41D7-4354-B425-CF3D69C82CA3}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{8C118708-3159-44D0-853D-ADEDEF14A22C}D:\programme\new folder\pythonw.exe" = protocol=17 | dir=in | app=d:\programme\new folder\pythonw.exe |
"UDP Query User{8DEB1B5B-8C2A-49AE-94B0-883BF185B8FD}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{916CF280-582D-4BE8-B753-2BCBA62794BA}D:\programme\qip.exe" = protocol=17 | dir=in | app=d:\programme\qip.exe |
"UDP Query User{98D371F6-D959-4953-825A-1D458CB06D2F}C:\Program Files\SopCast\SopCast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{99898C64-342E-4C38-91FF-BD7AE1A5E687}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9CE6C0C6-0250-43BE-96C4-B0B87DDC19BB}D:\programme\icq7.2\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq7.2\icq.exe |
"UDP Query User{ACBDB03E-7595-4F16-8E7B-9D982D257452}D:\qip.exe" = protocol=17 | dir=in | app=d:\qip.exe |
"UDP Query User{B8DE40C2-8157-468A-AFC6-DAA1A621D923}D:\programme\icq7.4\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq7.4\icq.exe |
"UDP Query User{BD6A0E51-248D-4697-8627-6F566CC71EF4}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{C1EBEC61-8938-4287-A69A-62A077DEAB32}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{C331B1CA-A00B-4F29-975D-27E9A4A28056}D:\programme\emule\emule.exe" = protocol=17 | dir=in | app=d:\programme\emule\emule.exe |
"UDP Query User{C6BFEA88-EFA7-409C-B81C-85665740C2B0}D:\programme\qip.exe" = protocol=17 | dir=in | app=d:\programme\qip.exe |
"UDP Query User{CE8521DE-4183-4DD7-A963-212C19F0B85A}D:\programme\tvants\tvants.exe" = protocol=17 | dir=in | app=d:\programme\tvants\tvants.exe |
"UDP Query User{D978FF09-4D74-443F-85DF-8720D9F25C4E}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe |
"UDP Query User{DF2AC7ED-3C0F-48CA-AEFF-3ABD575392A1}C:\Program Files\SopCast\adv\SopAdver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{DF78DAA8-5273-4361-B392-3690934835D5}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E1E95350-56DE-4F84-B879-F8B3A5621C64}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F47E9187-DA0E-423B-A515-88783AF70045}C:\program files\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files\free music zilla\fmzilla.exe |
"UDP Query User{FB4035F6-65A7-405B-974F-A5C5A8AD389B}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"UDP Query User{FC6DB8F1-B5D9-4061-BED4-0D75329A4758}D:\programme\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\adv\sopadver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06FE635A-BE8C-4208-91A9-FB6E641A4F52}" = ArcSoft Panorama Maker 4 Pro
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14BF164E-80A4-422E-BE43-39FB759666C2}_is1" = Avi to Mpeg 3.2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = Realtek WLAN driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E37712F2-BAB4-4B1C-973D-6CDBA5075C8E}" = Microsoft Image Composite Editor
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"avast" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX525WD Series" = EPSON SX525WD Series Printer Uninstall
"EPSON SX525WD Series Manual" = EPSON SX525WD Series Handbuch
"EPSON SX525WD Series Network Guide" = EPSON SX525WD Series Netzwerk-Handbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HotspotShield" = Hotspot Shield 2.53
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mixxx (1.10.0)" = Mixxx 1.10.0
"MP3-Cutter" = MP3-Cutter
"nfsCloudsHD New Free Screensaver_is1" = NewFreeScreensaver nfsCloudsHD
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"PhotoScape" = PhotoScape
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SopCast" = SopCast 3.4.7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboPlot_is1" = TurboPlot v3.7e
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player 1.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinAce Archiver" = WinAce Archiver
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Antivirus Events ]
Error - 25.08.2009 15:13:39 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description =
Error - 25.08.2009 15:14:03 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description =
Error - 25.08.2009 15:14:16 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description =
Error - 25.08.2009 15:14:34 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description =
Error - 25.08.2009 15:15:09 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description =
Error - 02.09.2009 09:52:08 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description =
Error - 13.09.2009 03:18:56 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description =
Error - 17.10.2009 12:03:26 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description =
Error - 13.04.2010 10:06:19 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description =
Error - 07.05.2010 18:25:09 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 03.11.2011 02:52:19 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.11.2011 02:46:23 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.11.2011 14:02:29 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.11.2011 14:10:35 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.11.2011 06:51:08 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.11.2011 05:30:02 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.11.2011 14:56:37 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.11.2011 04:52:43 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.11.2011 02:54:00 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2011 02:52:31 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 18.01.2012 12:16:02 | Computer Name = Corpse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 56 seconds with 0 seconds of active time. This session ended with a crash.
Error - 20.03.2012 10:21:05 | Computer Name = Corpse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15.06.2012 13:57:47 | Computer Name = Corpse-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 15.06.2012 14:52:13 | Computer Name = Corpse-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 15.06.2012 14:52:16 | Computer Name = Corpse-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 15.06.2012 16:58:35 | Computer Name = Corpse-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 15.06.2012 16:58:39 | Computer Name = Corpse-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 15.06.2012 16:58:40 | Computer Name = Corpse-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 16.06.2012 04:28:46 | Computer Name = Corpse-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 16.06.2012 06:26:13 | Computer Name = Corpse-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 16.06.2012 06:26:13 | Computer Name = Corpse-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 16.06.2012 06:26:13 | Computer Name = Corpse-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
CCleaner Zitat:
un nu? |
|
18.06.2012, 13:59
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST! Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
| Themen zu Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST! |
| adblock, alternate, antivirus, any video converter, autorun, blockiert, browser, bösartige webseite, converter, dateisystem, downloader, error, firefox, flash player, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, hotspot, hotspot shield, iexplore.exe, install.exe, installation, langs, logfile, microsoft office word, mp3, office 2007, plug-in, problem, programm, realtek, registry, rundll, searchscopes, security, senden, software, svchost.exe, vista, webseite blockiert |
Linear-Darstellung
