Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 16.06.2012, 13:04   #1
Corpse
 
Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST! - Böse

Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST!



Bin nicht der einzige dem es genauso geht. Es wird nahezu jede Seite die ich öffne mit dieser Warnung von Avast gewarnt:



Bin gestern von Mozilla auf Chrome umgestiegen, davor wars noch nicht, nach der Chrome Installation gestern Abend auch nicht, aber dann heute früh.

Kann es nicht sein, dass dies ein internes Problem von avast! ist was sich bei den meisten Nutzern auf die Software nun ausschlägt?




Habe diverse Threads durchgelesen und die Anleitungen befolgt, mein Ergebnis:

Malwarebytes:
Zitat:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.16.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Corpse :: CORPSE-PC [Administrator]

16.06.2012 11:55:01
mbam-log-2012-06-16 (11-55-01).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217039
Laufzeit: 21 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=a72d0055-1dc0-11e1-82fe-001e333324b3) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Corpse\AppData\Local\Temp\is-T73MC.tmp\DealioToolbar-stub-1.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Corpse\AppData\Local\Temp\opRgNEDR.dll.part (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)





OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.06.2012 12:52:41 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Corpse\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,57% Memory free
4,21 Gb Paging File | 2,87 Gb Available in Paging File | 68,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 18,73 Gb Free Space | 23,97% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 132,05 Gb Free Space | 85,33% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 1,80 Gb Free Space | 97,72% Space Free | Partition Type: FAT
 
Computer Name: CORPSE-PC | User Name: Corpse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Corpse\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll ()
MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll ()
MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - D:\Programme\RarExt.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (vvdsvc) -- C:\Windows\System32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Capture Device Service) -- C:\Programme\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (EpsonBidirectionalService) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Motousbnet) -- system32\DRIVERS\Motousbnet.sys File not found
DRV - (MotoSwitchService) -- system32\DRIVERS\motswch.sys File not found
DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found
DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found
DRV - (motccgp) -- system32\DRIVERS\motccgp.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (BTCFilterService) -- system32\DRIVERS\motfilt.sys File not found
DRV - (Aspi32) --  File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (SIVDRIVER) -- C:\Windows\System32\drivers\SIVX32.sys (Ray Hinchliffe)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{3AA13D88-EDC3-4DD0-A192-03E33261F47C}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=a72d0055-1dc0-11e1-82fe-001e333324b3&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C3 4A 3B CB A7 4B CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {3AA13D88-EDC3-4DD0-A192-03E33261F47C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0F85984E-F815-4E0A-997E-225823124339}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{19A48F4A-939D-4B59-B6AD-84733A13C302}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{3AA13D88-EDC3-4DD0-A192-03E33261F47C}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=a72d0055-1dc0-11e1-82fe-001e333324b3&q={searchTerms}
IE - HKCU\..\SearchScopes\{618A9448-1C29-424C-B8DC-5843FE69F892}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{723C64BB-5312-487B-A821-511CA476C942}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\..\SearchScopes\{C6213860-FADC-4A67-9856-43781165F211}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Corpse\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Corpse\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.03.24 10:32:46 | 000,000,000 | ---D | M]
 
[2012.06.16 00:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.22 00:28:55 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012.03.07 19:51:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.07.16 14:16:16 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Corpse\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: VshareComplete plugin for chrome = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: AdBlock = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\
CHR - Extension: avast! WebRep = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: vshare plugin = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Google Mail = C:\Users\Corpse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - D:\Programme\NetXfer\NXIEHelper.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - D:\Programme\NetXfer\NXToolBar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\System32\MMRTKRNL.EXE (ALCATech GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON SX525WD Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Alles mit NetXfer herunterladen - D:\Programme\NetXfer\NXAddList.html File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Corpse\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Herunterladen mit NetXfer - D:\Programme\NetXfer\NXAddLink.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.com/s/v/67.17/uploader2.cab (UploadListView Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.schueler.cc/uploader/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {731D29F4-2872-4542-B85F-539610D7C5DB} hxxp://144.122.47.201/NautilusV20.cab (Media Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://vexcast.com/download/vexcast.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.231.103.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E63C404-3A8C-4DA0-9316-1518313DCAE2}: NameServer = 10.36.72.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3EE94FB-A1BC-4F6D-A8DB-4C35368A1853}: DhcpNameServer = 10.231.103.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Corpse\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Corpse\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3f6cc5e1-9d41-11df-94b8-001e333324b3}\Shell\AutoRun\command - "" = G:\sources\sperr32.exe x64
O33 - MountPoints2\{45851271-9c32-11de-9abb-001e333324b3}\Shell\Autoplay\command - "" = H:\usb_driver.exe
O33 - MountPoints2\{45851271-9c32-11de-9abb-001e333324b3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\usb_driver.exe
O33 - MountPoints2\{45851271-9c32-11de-9abb-001e333324b3}\Shell\explore\Command - "" = H:\usb_driver.exe
O33 - MountPoints2\{45851271-9c32-11de-9abb-001e333324b3}\Shell\Open\Command - "" = H:\usb_driver.exe
O33 - MountPoints2\{d210c70b-bf44-11df-807c-001e333324b3}\Shell\AutoRun\command - "" = programm.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.16 12:50:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Corpse\Desktop\OTL.exe
[2012.06.16 11:53:54 | 000,000,000 | ---D | C] -- C:\Users\Corpse\AppData\Roaming\Malwarebytes
[2012.06.16 11:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.16 11:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.16 11:53:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.16 11:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.15 23:16:39 | 000,000,000 | ---D | C] -- C:\Users\Corpse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.06.14 00:15:03 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.14 00:15:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.14 00:14:55 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.14 00:14:44 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.14 00:14:43 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.06.14 00:14:42 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.06.14 00:14:42 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.06.14 00:14:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.14 00:14:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.06.14 00:14:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.14 00:14:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.06.14 00:14:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.06.14 00:14:39 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.06.14 00:14:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.06.14 00:14:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.06.14 00:14:31 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.06.14 00:14:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.14 00:14:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.06.14 00:13:03 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.13 07:26:32 | 000,000,000 | ---D | C] -- C:\Users\Corpse\AppData\Local\Macromedia
[2012.05.20 15:53:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012.05.20 15:51:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2012.05.20 15:51:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2012.05.20 15:51:04 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2012.05.20 15:51:04 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2012.05.20 15:51:03 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2012.05.20 15:51:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2012.05.20 15:50:59 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2012.05.20 15:50:59 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2012.05.20 15:50:59 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2012.05.20 15:50:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2012.05.20 15:50:57 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2012.05.20 15:50:42 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2012.05.20 15:50:42 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2012.05.20 15:50:42 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2012.05.20 15:50:42 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2012.05.20 15:50:42 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2012.05.20 15:49:19 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012.05.20 15:49:18 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012.05.20 15:49:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012.05.20 15:49:17 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012.05.20 15:49:17 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012.05.20 15:49:16 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012.05.20 15:49:16 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012.05.20 15:49:15 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012.05.20 15:49:14 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012.05.20 15:49:13 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012.05.20 15:49:07 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012.05.20 15:49:05 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012.05.20 15:49:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012.05.20 15:48:54 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012.05.20 15:48:53 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012.05.20 15:48:53 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012.05.20 15:48:53 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012.05.20 15:48:52 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.05.20 15:48:52 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012.05.20 15:48:24 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012.05.20 15:48:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012.05.20 15:48:17 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.16 12:50:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Corpse\Desktop\OTL.exe
[2012.06.16 12:34:28 | 000,018,949 | ---- | M] () -- C:\Users\Corpse\Desktop\avast.jpg
[2012.06.16 12:33:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.16 12:25:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.16 12:25:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.16 12:24:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.16 12:24:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.16 12:24:36 | 2136,952,832 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.16 12:20:13 | 000,206,180 | ---- | M] () -- C:\Users\Corpse\Desktop\Malware.jpg
[2012.06.16 12:20:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488983335-3165548022-3401756928-1000UA.job
[2012.06.16 11:53:36 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.16 11:24:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.16 11:21:30 | 000,000,104 | ---- | M] () -- C:\Users\Corpse\Desktop\Internet.lnk
[2012.06.15 23:20:10 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488983335-3165548022-3401756928-1000Core.job
[2012.06.15 15:33:01 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F62ABF64-133A-4CED-982C-EFB42332A4BB}.job
[2012.06.15 01:22:27 | 000,480,966 | ---- | M] () -- C:\Users\Corpse\Desktop\20120614145309632.pdf
[2012.06.14 08:08:02 | 000,416,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.13 18:54:40 | 000,637,346 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.13 18:54:40 | 000,594,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.13 18:54:40 | 000,128,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.13 18:54:40 | 000,106,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.13 13:51:29 | 001,056,968 | ---- | M] () -- C:\Users\Corpse\Desktop\img002.jpg
[2012.06.13 13:23:48 | 000,170,496 | ---- | M] () -- C:\Users\Corpse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.13 07:23:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.13 07:23:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.07 13:28:15 | 000,002,633 | ---- | M] () -- C:\Users\Corpse\Desktop\Microsoft Office Excel 2007.lnk
[2012.06.06 15:03:54 | 000,595,892 | ---- | M] () -- C:\Users\Corpse\Desktop\Lappland Stationsüberischt2.jpg
[2012.06.04 17:12:12 | 000,173,416 | ---- | M] () -- C:\Users\Corpse\Desktop\1.jpg
[2012.06.02 12:11:19 | 000,042,802 | ---- | M] () -- C:\Users\Corpse\Desktop\FCB Termine.jpg
 
========== Files Created - No Company Name ==========
 
[2012.06.16 12:34:28 | 000,018,949 | ---- | C] () -- C:\Users\Corpse\Desktop\avast.jpg
[2012.06.16 12:20:12 | 000,206,180 | ---- | C] () -- C:\Users\Corpse\Desktop\Malware.jpg
[2012.06.16 11:53:36 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.16 11:21:30 | 000,000,104 | ---- | C] () -- C:\Users\Corpse\Desktop\Internet.lnk
[2012.06.15 23:15:32 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488983335-3165548022-3401756928-1000UA.job
[2012.06.15 23:15:31 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1488983335-3165548022-3401756928-1000Core.job
[2012.06.15 01:22:14 | 000,480,966 | ---- | C] () -- C:\Users\Corpse\Desktop\20120614145309632.pdf
[2012.06.13 13:51:24 | 001,056,968 | ---- | C] () -- C:\Users\Corpse\Desktop\img002.jpg
[2012.06.06 15:04:33 | 000,595,892 | ---- | C] () -- C:\Users\Corpse\Desktop\Lappland Stationsüberischt2.jpg
[2012.06.04 16:59:15 | 000,173,416 | ---- | C] () -- C:\Users\Corpse\Desktop\1.jpg
[2012.06.02 12:11:13 | 000,042,802 | ---- | C] () -- C:\Users\Corpse\Desktop\FCB Termine.jpg
[2012.05.20 15:50:48 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012.05.20 15:50:48 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012.05.20 15:50:48 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.09.09 22:49:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.06.20 15:03:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.09.30 11:58:08 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
 
========== Files - Unicode (All) ==========
[2012.01.02 17:45:18 | 000,000,000 | ---D | M](C:\Windows\System32\??????) -- C:\Windows\System32\Ǹƪ�皌
[2012.01.02 17:45:18 | 000,000,000 | ---D | M](C:\Windows\System32\??????) -- C:\Windows\System32\Ǹƪ�皌
[2012.01.02 17:45:18 | 000,000,000 | ---D | C](C:\Windows\System32\??????) -- C:\Windows\System32\Ǹƪ�皌
[2012.01.02 17:45:18 | 000,000,000 | ---D | C](C:\Windows\System32\??????) -- C:\Windows\System32\Ǹƪ�皌
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:1AAB2E68

< End of report >
         
--- --- ---


Extras

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.06.2012 12:52:41 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Corpse\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 39,57% Memory free
4,21 Gb Paging File | 2,87 Gb Available in Paging File | 68,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 18,73 Gb Free Space | 23,97% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 132,05 Gb Free Space | 85,33% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 1,80 Gb Free Space | 97,72% Space Free | Partition Type: FAT
 
Computer Name: CORPSE-PC | User Name: Corpse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "D:\Programme\OTSPLAY.EXE" "%1" /play /surf
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA2D4F3-8FF7-44C7-B3C6-D4BB93645DE6}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{16872EBF-5020-4A25-A144-7CE3319BB574}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{22B256CF-3AE7-4122-972F-2E4F64876AD4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{24AA7BBD-3801-4C2C-90B7-9574C369333E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{26F8725A-CBFD-4934-8DE3-37654B83DFF8}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2A4BFAE1-AFE9-450A-AA99-77E09C048BD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3254A54E-BF41-498B-A2D0-2FF555CFC6C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{325B95A5-0EB3-4401-A414-F59FA0F72531}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{3430089F-73CD-4E96-86D8-B044CC9DC1E7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{40B00EE3-CFDF-4B49-9AAC-BDF1D69718D3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{50CF488A-7416-4761-82A5-94472DC4E9CE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{56B8B109-9280-432F-A072-77755DD48B60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5CE3CD80-8917-46CF-AC51-73FE662B45B7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5D7AF2B6-423B-432A-83E4-82E9D2B877AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{66433C9D-7B2B-47D9-BF72-6703DFED080E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{68113C7B-867E-43B5-9C8D-35AB53D8C0E6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{71638A12-E310-4999-B975-7F826F49414E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{716E8905-BA25-40E5-9F98-A4D092464DDE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{71D22B38-5734-4E41-93E6-8567C2DF355D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{72B91D31-5D3A-41B7-B5C9-E55DE797F83E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{89520A13-F261-4346-BA2D-D12F81B807FD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8A0F38B9-7FC8-4010-BD13-8832BA86DBD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9BFD4A75-408F-49EA-A7F2-BAC310B97FBA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9C12BE58-3E28-483A-A902-E592F846D89B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9CDF6327-56AC-4F26-B7EE-E2D2FA7D44A5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9CEEF1F9-B327-48EF-97CD-28E051B6BB4F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A2354897-C122-4FD3-B04F-44D5B541B25A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AB6B4586-6660-41BA-A37B-B32AA9225CBA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AEF7C9B3-B27F-43C4-80E7-8E51D970AC1F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B488EA18-9BD8-4767-BF4D-C8F59F66338F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C248606A-0946-4033-84AD-ECCF0BECD8EC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D2B88BA3-AB69-4234-AD49-0CF0E6B4F8E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D3B2D8DA-6CE5-492C-834A-F83F7B2DCCF6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DAE7128B-EAD4-4BFF-B005-3EDFE318FEE7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E0FC9D35-A041-4F39-A236-0F3214298B7D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E8DBB4B3-4F6A-4C55-A859-223E1A217E6C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EA47A22E-E713-4253-BBFD-1A75EFD4136D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F2CFB205-0FC6-4249-93DD-13D239BFAC4A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D64EA83-7A94-439B-8E36-CD97E43EB726}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{12D43D94-37A8-49C6-BE1B-BC0B2F68B24D}" = protocol=17 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe | 
"{1E67938D-8835-444E-9E6B-E767649E46BC}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{1EEAB2AD-525F-4F69-AFDF-66B9A384920D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{29E5B723-36B8-4734-8CFE-A4405CE4B7C6}" = protocol=17 | dir=in | app=d:\programme\fahren lernen\vogel.fahrenlernenmax.exe | 
"{3635CEDF-2103-40B4-BA08-8B8D26ADCBB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{379C5ACF-7961-49BD-AADF-0092B31EF10E}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{46FFF1B9-83BD-4F4B-A067-409A78D5F566}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{54232142-0CDB-4AE7-B99E-CC1F25400A9C}" = protocol=17 | dir=in | app=d:\tobit clipinc\server\clipinc-server.exe | 
"{5568A8DE-8EBC-4108-A2BC-4B68AE9BFB5B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{5E0D436B-F3B0-4CE1-B8AC-D1D5C85AF79E}" = protocol=17 | dir=in | app=d:\tobit clipinc\player\clipinc-player.exe | 
"{6198E3BA-A489-4B54-954C-2370F2D8E900}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{66B6D797-AE6F-46A9-8B78-A565D6882A5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{692B7ACB-84C3-4B77-B6F4-9B39E8B7DD35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{69E118FB-87AE-4A8A-AED8-369E9319B606}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{7004593D-EE09-480E-B46E-56FE18CB2CB6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{74037436-BD4E-48A0-87AB-FE561A84E2A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7549DD45-E798-4691-96AF-A69A6CD6335E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8808EEE3-6788-4802-9C88-4A4B3FEBF956}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8A592B60-745B-483F-87FB-2F67ED84C6BF}" = protocol=6 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe | 
"{8B41803A-2570-4453-A021-BE27C544FCB2}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | 
"{9309C948-0A54-427C-9D40-013C04F20222}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{94204239-B8F7-4B8D-B38B-9B2419C553CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{97380D70-DAD2-4E8F-BC87-9ADDF429369D}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{978F07D8-0AE5-4B25-8CF0-844E753E81F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{99777A71-9DCB-4778-A382-656C78C568EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A91A6B74-1DCD-4F36-8DFC-11B053D178F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AD82828D-56DD-405A-AE99-FBFE030C2974}" = protocol=6 | dir=in | app=d:\programme\fahren lernen\vogel.fahrenlernenmax.exe | 
"{AE3E1897-A8DC-4B12-8AD2-4EB70134874A}" = protocol=6 | dir=in | app=d:\tobit clipinc\player\clipinc-player.exe | 
"{B6DC2FFA-66BC-4B8B-AA33-517CA2EF566B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B7255B7B-7A9C-4F64-AF7D-2B8F17347574}" = protocol=17 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe | 
"{B79DCDE7-0E12-422D-98F9-F6D8550377ED}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{BF3ACD0E-4814-40FB-8C25-E05B1A17EBDF}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{BFE8C55B-5F0D-4DED-87A3-E4CC26882FC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0B97A6C-154E-495D-B391-DA702C37001D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C164AF06-B04B-40BA-807D-2AF49FE330B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C865C782-0962-4DF0-9767-F9EDE0456D31}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CB343227-8D39-4B29-BD7E-733E3E43256C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD5D0399-9140-44DE-A905-FCBF140E326F}" = protocol=6 | dir=in | app=d:\tobit clipinc\server\clipinc-server.exe | 
"{DD2C657C-4D55-4E9C-8807-2B47121D96A7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{DD415AA4-C371-4D39-9454-EE53D5358C8D}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"{E399E971-3BB7-42B4-B38E-D3538E7D3957}" = protocol=6 | dir=out | app=system | 
"{E4AF887D-9B13-421E-A41B-3683E9D6C356}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{EBCF96F7-2CCD-4F3E-98B4-279365C9439C}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{F22FA501-D0C2-47F6-8182-93D4FE28FC41}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | 
"{FB2104DA-0E28-43E6-B219-F699442E45D0}" = protocol=6 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe | 
"{FEE5B602-276F-4257-8C9D-C61C46007095}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{12709427-099B-4EC7-9604-91B80318233D}D:\programme\icq7.2\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq7.2\icq.exe | 
"TCP Query User{1BC00D7F-76F4-475D-8D3D-226AF7C3CE64}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{1CB02CD3-8C93-473B-858D-E58FCE41470C}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe | 
"TCP Query User{227BB986-AB0C-4DF5-ACA3-4FCB9EDB83FC}D:\programme\icq7.4\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq7.4\icq.exe | 
"TCP Query User{241E0067-D7D2-4DF7-8952-961150FB75BD}G:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=g:\programme\icq6.5\icq.exe | 
"TCP Query User{2BBA756A-AE8A-424B-9F1B-B05962E43004}D:\programme\new folder\pythonw.exe" = protocol=6 | dir=in | app=d:\programme\new folder\pythonw.exe | 
"TCP Query User{3529E68F-CEFD-4299-B8DD-9282EF4A3F87}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{3A296799-228D-484A-9318-68CD68C3DEF6}D:\programme\edonkey2000\edonkey2000.exe" = protocol=6 | dir=in | app=d:\programme\edonkey2000\edonkey2000.exe | 
"TCP Query User{3C1BCDC7-7C39-4CE3-9A8E-3E7D030BAC50}D:\programme\qip.exe" = protocol=6 | dir=in | app=d:\programme\qip.exe | 
"TCP Query User{51A71F7D-60A1-4A2A-A70A-F46CB9E2AF45}D:\programme\edonkey2000\edonkey2000.exe" = protocol=6 | dir=in | app=d:\programme\edonkey2000\edonkey2000.exe | 
"TCP Query User{5CA2D2F9-52E8-4D2D-8750-6A13F6DEBAD9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{6117C3C7-9B44-4F78-949D-63D622135662}C:\users\corpse\desktop\virtualdj_trial.exe" = protocol=6 | dir=in | app=c:\users\corpse\desktop\virtualdj_trial.exe | 
"TCP Query User{62B0D099-3234-4963-9A94-0C3C9010789A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{650DCB4C-8C24-4444-86A0-D6868D98FD79}D:\programme\netxfer\nettransport.exe" = protocol=6 | dir=in | app=d:\programme\netxfer\nettransport.exe | 
"TCP Query User{6998FF88-2A19-4F25-A6B8-A358FFE0F88C}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{700472A0-C10D-47FB-A9B5-4AA2935BE60A}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | 
"TCP Query User{7985E7F6-101E-40C8-91E5-CEF34BB81BCC}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{79C520D8-BF9E-4CA0-A08C-B1CC069BD53C}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | 
"TCP Query User{8161A610-BB0D-49D5-8889-F94DB9994A22}D:\programme\icq7.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"TCP Query User{83FDDF00-25DD-4FA1-ACFC-45BA05068B49}C:\Program Files\SopCast\adv\SopAdver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{89110A0A-AB09-4E41-9DA8-BC86C34F4875}C:\Program Files\SopCast\SopCast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{89DE579F-2629-445C-8034-BD97B63E5E60}D:\programme\emule\emule.exe" = protocol=6 | dir=in | app=d:\programme\emule\emule.exe | 
"TCP Query User{930655AE-F37A-48D3-87E1-1921A9019B10}D:\programme\icq7.4\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq7.4\icq.exe | 
"TCP Query User{972D871D-89F5-4A66-843E-ED505630476B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{9F58731D-E898-46E1-8969-AF7F82310169}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{A050E01C-C69C-44EB-8BBF-199DA98E22E1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{A6E34236-38B2-4971-A6F3-9A7B77AB38C5}D:\programme\tvants\tvants.exe" = protocol=6 | dir=in | app=d:\programme\tvants\tvants.exe | 
"TCP Query User{A6E9B3F5-659E-4511-805D-B8E4BAE980BF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{A870C1F5-D539-447C-A8F8-8756D1FD8B1F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{B1941E5E-E4AD-482E-AA32-E569432DC827}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{BA1588E7-F299-45D4-935A-3C11B2F1346D}D:\programme\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\adv\sopadver.exe | 
"TCP Query User{C7327112-A6F5-4B41-9547-39716D2018EE}D:\qip.exe" = protocol=6 | dir=in | app=d:\qip.exe | 
"TCP Query User{CEF1C55F-73FC-4393-A937-21E10EDA5145}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe | 
"TCP Query User{DA6F6C28-92E9-4F47-A221-3C505B33B953}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe | 
"TCP Query User{E3318D68-4886-448F-A203-44F0E18998FB}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe | 
"TCP Query User{E3F0ED04-AF4D-42D0-863E-45FBAC7363CD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{EDBBD282-35E6-4D97-82E6-4EE9C9D45F36}D:\programme\qip.exe" = protocol=6 | dir=in | app=d:\programme\qip.exe | 
"TCP Query User{F3225202-6D52-41DE-BDD3-412990FF2989}D:\programme\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\programme\orbitdownloader\orbitnet.exe | 
"TCP Query User{FACC4F24-B490-4952-9D29-7C359F2CE55F}F:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=f:\programme\icq6.5\icq.exe | 
"TCP Query User{FBF0DA60-278A-4F83-BE25-AA0DB33EBD4F}C:\program files\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files\free music zilla\fmzilla.exe | 
"TCP Query User{FFF942E3-4533-4E56-8451-B480374ACEBC}D:\qip.exe" = protocol=6 | dir=in | app=d:\qip.exe | 
"UDP Query User{0A2A8715-673E-4F79-AAC4-35932B10C8F6}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe | 
"UDP Query User{0F4B51E5-1593-4C13-A99B-7F2CC5819DA4}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"UDP Query User{0F4CA9D9-DB81-41AE-8D96-4D3D39D13418}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{126C9C7D-6F35-43ED-9742-9CFA9E0982BE}C:\users\corpse\desktop\virtualdj_trial.exe" = protocol=17 | dir=in | app=c:\users\corpse\desktop\virtualdj_trial.exe | 
"UDP Query User{1D759CDC-4F65-47AB-A083-2E45447FDBA3}D:\programme\icq7.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe | 
"UDP Query User{24B5682C-DC4D-4959-8503-0C8BA5DC4401}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{2F4C6EA6-F6C6-49A3-9301-7299E005451E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4175AFE1-1EF7-47DD-895B-CCB8F371C497}D:\programme\icq7.4\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq7.4\icq.exe | 
"UDP Query User{4703ED23-243F-4B52-9E85-459D9A939BE6}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{492408F1-5F0E-4CCF-AF68-02E0A0E903A5}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | 
"UDP Query User{4AD630C7-3950-4EAA-8B5E-B648BF653EA7}D:\programme\edonkey2000\edonkey2000.exe" = protocol=17 | dir=in | app=d:\programme\edonkey2000\edonkey2000.exe | 
"UDP Query User{4B4723C8-836C-49C0-87C8-543618B78776}D:\programme\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\programme\orbitdownloader\orbitnet.exe | 
"UDP Query User{56649427-6727-427D-B933-7514C7A2E98E}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe | 
"UDP Query User{5CEA2C96-1CD4-445A-990E-2BAEB27181BD}D:\programme\edonkey2000\edonkey2000.exe" = protocol=17 | dir=in | app=d:\programme\edonkey2000\edonkey2000.exe | 
"UDP Query User{5DDE5E2F-3B1E-4110-A411-762B88B4B55A}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{6181FCCD-D4E6-463E-B643-24F6672FD174}D:\qip.exe" = protocol=17 | dir=in | app=d:\qip.exe | 
"UDP Query User{6DD06A08-FDE5-4D0F-8C5C-7FF117A599FB}D:\programme\netxfer\nettransport.exe" = protocol=17 | dir=in | app=d:\programme\netxfer\nettransport.exe | 
"UDP Query User{6F3D3DA0-187A-41FE-AE62-1A30E5ECB051}F:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=f:\programme\icq6.5\icq.exe | 
"UDP Query User{737E9B30-F62F-481D-8265-62C7D96BACE9}G:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=g:\programme\icq6.5\icq.exe | 
"UDP Query User{7E4B5476-C16F-47AA-8981-956447E6A2E0}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | 
"UDP Query User{81BFEAC5-41D7-4354-B425-CF3D69C82CA3}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{8C118708-3159-44D0-853D-ADEDEF14A22C}D:\programme\new folder\pythonw.exe" = protocol=17 | dir=in | app=d:\programme\new folder\pythonw.exe | 
"UDP Query User{8DEB1B5B-8C2A-49AE-94B0-883BF185B8FD}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{916CF280-582D-4BE8-B753-2BCBA62794BA}D:\programme\qip.exe" = protocol=17 | dir=in | app=d:\programme\qip.exe | 
"UDP Query User{98D371F6-D959-4953-825A-1D458CB06D2F}C:\Program Files\SopCast\SopCast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{99898C64-342E-4C38-91FF-BD7AE1A5E687}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{9CE6C0C6-0250-43BE-96C4-B0B87DDC19BB}D:\programme\icq7.2\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq7.2\icq.exe | 
"UDP Query User{ACBDB03E-7595-4F16-8E7B-9D982D257452}D:\qip.exe" = protocol=17 | dir=in | app=d:\qip.exe | 
"UDP Query User{B8DE40C2-8157-468A-AFC6-DAA1A621D923}D:\programme\icq7.4\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq7.4\icq.exe | 
"UDP Query User{BD6A0E51-248D-4697-8627-6F566CC71EF4}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{C1EBEC61-8938-4287-A69A-62A077DEAB32}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{C331B1CA-A00B-4F29-975D-27E9A4A28056}D:\programme\emule\emule.exe" = protocol=17 | dir=in | app=d:\programme\emule\emule.exe | 
"UDP Query User{C6BFEA88-EFA7-409C-B81C-85665740C2B0}D:\programme\qip.exe" = protocol=17 | dir=in | app=d:\programme\qip.exe | 
"UDP Query User{CE8521DE-4183-4DD7-A963-212C19F0B85A}D:\programme\tvants\tvants.exe" = protocol=17 | dir=in | app=d:\programme\tvants\tvants.exe | 
"UDP Query User{D978FF09-4D74-443F-85DF-8720D9F25C4E}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe | 
"UDP Query User{DF2AC7ED-3C0F-48CA-AEFF-3ABD575392A1}C:\Program Files\SopCast\adv\SopAdver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{DF78DAA8-5273-4361-B392-3690934835D5}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E1E95350-56DE-4F84-B879-F8B3A5621C64}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{F47E9187-DA0E-423B-A515-88783AF70045}C:\program files\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files\free music zilla\fmzilla.exe | 
"UDP Query User{FB4035F6-65A7-405B-974F-A5C5A8AD389B}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe | 
"UDP Query User{FC6DB8F1-B5D9-4061-BED4-0D75329A4758}D:\programme\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\adv\sopadver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06FE635A-BE8C-4208-91A9-FB6E641A4F52}" = ArcSoft Panorama Maker 4 Pro
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14BF164E-80A4-422E-BE43-39FB759666C2}_is1" = Avi to Mpeg 3.2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = Realtek WLAN driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E37712F2-BAB4-4B1C-973D-6CDBA5075C8E}" = Microsoft Image Composite Editor
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"avast" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON SX525WD Series" = EPSON SX525WD Series Printer Uninstall
"EPSON SX525WD Series Manual" = EPSON SX525WD Series Handbuch
"EPSON SX525WD Series Network Guide" = EPSON SX525WD Series Netzwerk-Handbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HotspotShield" = Hotspot Shield 2.53
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mixxx (1.10.0)" = Mixxx 1.10.0
"MP3-Cutter" = MP3-Cutter
"nfsCloudsHD New Free Screensaver_is1" = NewFreeScreensaver nfsCloudsHD
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"PhotoScape" = PhotoScape
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SopCast" = SopCast 3.4.7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboPlot_is1" = TurboPlot v3.7e
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player 1.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinAce Archiver" = WinAce Archiver
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 25.08.2009 15:13:39 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 25.08.2009 15:14:03 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 25.08.2009 15:14:16 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 25.08.2009 15:14:34 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 25.08.2009 15:15:09 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 02.09.2009 09:52:08 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 13.09.2009 03:18:56 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 17.10.2009 12:03:26 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 13.04.2010 10:06:19 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 07.05.2010 18:25:09 | Computer Name = Corpse-PC | Source = avast! | ID = 33554522
Description = 
 
[ Application Events ]
Error - 03.11.2011 02:52:19 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.11.2011 02:46:23 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.11.2011 14:02:29 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.11.2011 14:10:35 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.11.2011 06:51:08 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.11.2011 05:30:02 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.11.2011 14:56:37 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.11.2011 04:52:43 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.11.2011 02:54:00 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.11.2011 02:52:31 | Computer Name = Corpse-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 18.01.2012 12:16:02 | Computer Name = Corpse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 56 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.03.2012 10:21:05 | Computer Name = Corpse-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 15.06.2012 13:57:47 | Computer Name = Corpse-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 15.06.2012 14:52:13 | Computer Name = Corpse-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 15.06.2012 14:52:16 | Computer Name = Corpse-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 15.06.2012 16:58:35 | Computer Name = Corpse-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 15.06.2012 16:58:39 | Computer Name = Corpse-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 15.06.2012 16:58:40 | Computer Name = Corpse-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 16.06.2012 04:28:46 | Computer Name = Corpse-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.06.2012 06:26:13 | Computer Name = Corpse-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 16.06.2012 06:26:13 | Computer Name = Corpse-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.06.2012 06:26:13 | Computer Name = Corpse-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---




CCleaner

Zitat:
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 20.05.2009 10.0.22.87
Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 06.11.2009 1,78MB 10.0.12.36
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.06.2012 11.3.300.257
Adobe Reader 9.5.1 - Deutsch Adobe Systems Incorporated 10.04.2012 118,3MB 9.5.1
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 23.05.2009 7,52MB 11.5
Any Video Converter 3.2.7 Any-Video-Converter.com 28.09.2011 91,6MB
ArcSoft Panorama Maker 4 Pro ArcSoft 07.01.2012 271MB
Ashampoo Burning Studio 6 FREE v.6.80 ashampoo GmbH & Co. KG 14.06.2011 30,2MB 6.8.0
avast! Free Antivirus AVAST Software 23.03.2012 150,7MB 7.0.1426.0
Avi to Mpeg 3.2 Avi to Mpeg 24.08.2011 15,5MB 3.0
CCleaner Piriform 22.05.2012 4,71MB 3.19
Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 14.03.2012 128,6MB 2.2.3.0
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) SEIKO EPSON CORPORATION 14.03.2012 0,36MB 1.00.0000
Epson Event Manager SEIKO EPSON CORPORATION 14.03.2012 38,8MB 2.40.0001
EPSON Scan Seiko Epson Corporation 14.03.2012 18,9MB
EPSON SX525WD Series Handbuch 14.03.2012 10,9MB
EPSON SX525WD Series Netzwerk-Handbuch 14.03.2012 10,9MB
EPSON SX525WD Series Printer Uninstall SEIKO EPSON Corporation 14.03.2012
EpsonNet Print SEIKO EPSON CORPORATION 14.03.2012 4,38MB 2.4j
EpsonNet Setup 3.3 SEIKO EPSON CORPORATION 14.03.2012 32,7MB 3.3a
Free YouTube to MP3 Converter version 3.10.6.727 DVDVideoSoft Limited. 02.08.2011
Google Chrome Google Inc. 14.06.2012 192,7MB 19.0.1084.56
Google Earth Google 16.11.2011 92,8MB 6.1.0.5001
Hotspot Shield 2.53 AnchorFree 15.04.2012 7,21MB 2.53
ICQ7.2 ICQ 18.10.2010 4,15MB 7.2
ICQ7.5 ICQ 07.05.2011 7.5
Intel(R) Graphics Media Accelerator Driver 17.05.2009
InterVideo DeviceService InterVideo 19.02.2011 0,24MB 1.0.0
Java(TM) 6 Update 31 Oracle 06.03.2012 95,1MB 6.0.310
Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 15.06.2012 11,7MB 1.61.0.1400
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 14.04.2010 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 20.05.2009 27,8MB
Microsoft Image Composite Editor Microsoft Corporation 14.10.2009 2,61MB 1.1.0
Microsoft Office Enterprise 2007 Microsoft Corporation 30.03.2012 615MB 12.0.6612.1000
Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 7,92MB 14.0.5130.5003
Microsoft Office Live Add-in 1.5 Microsoft Corporation 17.04.2012 0,49MB 2.0.4024.1
Microsoft Silverlight Microsoft Corporation 19.05.2012 34,5MB 5.1.10411.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 04.05.2012 1,74MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 18.10.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 12.04.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 17.06.2010 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,58MB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 07.04.2012 11,0MB 10.0.30319
Mixxx 1.10.0 The Mixxx Team 23.03.2012 1.10.0
MP3-Cutter 08.07.2009
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 23.05.2009 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,34MB 4.20.9876.0
NewFreeScreensaver nfsCloudsHD 08.01.2011 1,15MB
No23 Recorder No23 14.11.2011 3,18MB 2.1.0.3
Notepad++ 20.05.2009 6,52MB 5.3.1
NVIDIA PhysX v8.10.13 NVIDIA Corporation 17.10.2009 119,4MB 8.10.13
OpenOffice.org 3.1 OpenOffice.org 28.06.2009 347MB 3.1.9399
PhotoScape 12.01.2012 27,8MB
Python 2.6.4 Python Software Foundation 03.04.2010 47,9MB 2.6.4150
QIP 2005 8097 Jeak-Edition 17.05.2009 6,74MB
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista Realtek 17.05.2009 0,87MB 1.00.0000
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 13.11.2011 11,1MB 6.0.1.5919
Realtek WLAN driver REALTEK Semiconductor Corp. 17.05.2009 1,97MB Package:1.00.0026
RedMon - Redirection Port Monitor 01.10.2009 787MB
SopCast 3.4.7 www.sopcast.com 02.12.2011 13,1MB 3.4.7
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 18.08.2009 29,7MB 9.0.0
Synaptics Pointing Device Driver Synaptics 14.04.2010 13,9MB 11.2.4.0
Tinypic 3.18 E. Fiedler 10.01.2012 1,55MB Tinypic 3.18
TurboPlot v3.7e G. & H.-J. Dreher 08.01.2012 1,95MB
Uninstall 1.0.0.1 27.07.2010 15,2MB
Virtual DJ - Atomix Productions 26.03.2012
Virtual DJ Pro Full - Atomix Productions 26.03.2012 206MB
VLC media player 1.0.1 VideoLAN Team 22.01.2012 63,1MB 1.0.1
vShare.tv plugin 1.3 vShare.tv, Inc. 02.12.2011 0,58MB 1.3
VshareComplete VshareComplete 02.12.2011 0,77MB
WinAce Archiver e-merge GmbH 10.08.2009 2.69
Winamp Erkennungs-Plug-in Nullsoft, Inc 28.09.2011 0,15MB 1.0.0.1
Windows Live Essentials Microsoft Corporation 05.05.2012 15.4.3555.0308
Windows Media Player Firefox Plugin Microsoft Corp 13.07.2010 0,29MB 1.0.0.8
WinRAR 4.11 (32-Bit) win.rar GmbH 01.03.2012 271MB 4.11.0

un nu?

Alt 18.06.2012, 13:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST! - Standard

Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST!



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST!
adblock, alternate, antivirus, any video converter, autorun, blockiert, browser, bösartige webseite, converter, dateisystem, downloader, error, firefox, flash player, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, hotspot, hotspot shield, iexplore.exe, install.exe, installation, langs, logfile, microsoft office word, mp3, office 2007, plug-in, problem, programm, realtek, registry, rundll, searchscopes, security, senden, software, svchost.exe, vista, webseite blockiert



Ähnliche Themen: Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST!


  1. windows7 bösartige webseite blokiert
    Plagegeister aller Art und deren Bekämpfung - 27.10.2015 (41)
  2. Avast meldet "schädliche Webseite blockiert " - svchost
    Plagegeister aller Art und deren Bekämpfung - 13.06.2015 (18)
  3. Avast meldet ständig bösartige Website blockiert (URL:Mal) - Prozess "svchost.exe"
    Plagegeister aller Art und deren Bekämpfung - 07.04.2015 (9)
  4. Windows 8: Avast blockiert beim Aufrufen von Internetseiten in Firefox ständig scheinbar schädliche Webseite
    Log-Analyse und Auswertung - 13.05.2014 (11)
  5. Winows 7: Avast meldet ständig "Bösartige Website blockiert"
    Log-Analyse und Auswertung - 21.10.2013 (25)
  6. Info: avast! blockiert URL und meldet bösartige website
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (11)
  7. Avast meldet permanent "Bösartige Website blockiert"
    Log-Analyse und Auswertung - 30.06.2013 (5)
  8. Rootkit? Avast: Bösartige Website blockiert, svchost.exe ...
    Log-Analyse und Auswertung - 04.06.2013 (13)
  9. Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast
    Log-Analyse und Auswertung - 11.04.2013 (18)
  10. Avast hat eine infizierte Webseite blockiert!
    Plagegeister aller Art und deren Bekämpfung - 02.03.2013 (16)
  11. Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe
    Log-Analyse und Auswertung - 14.11.2012 (5)
  12. Avast bösartige Webseite geblockt! URL:Mal
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (2)
  13. Avast meldet "Bösartige Webseite blockiert"
    Log-Analyse und Auswertung - 05.10.2012 (7)
  14. avast! hat den Zugriff auf eine infizierte Webseite blockiert
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (23)
  15. avast meldet Bösartige Website Blockiert
    Log-Analyse und Auswertung - 09.07.2012 (7)
  16. Avast: Webseite wurde blockiert, Virus trotzdem empfangen ?
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (1)

Zum Thema Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST! - Bin nicht der einzige dem es genauso geht. Es wird nahezu jede Seite die ich öffne mit dieser Warnung von Avast gewarnt: Bin gestern von Mozilla auf Chrome umgestiegen, davor - Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST!...
Archiv
Du betrachtest: Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.