Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google Weiterleitung zu rocketnews

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.07.2012, 20:03   #1
aloiv
 
Google Weiterleitung zu rocketnews - Standard

Google Weiterleitung zu rocketnews



Hallo,
habe mittlerweile zum zweiten Mal das Problem, dass Google mich über rocketnews weiterleitet, weiß jedoch nicht mehr wie ich es beim 1. Mal gelöst habe.
Hab mir auch die anderen Beiträge über rocketnews durchgelesen und dann den Malwarebytes Scan gemacht:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.22.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
viiv. ~ :: VIIV-PC [Administrator]

22.07.2012 19:28:42
mbam-log-2012-07-22 (19-28-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213783
Laufzeit: 4 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\viiv. ~\AppData\Local\Temp\KMP_3.3.0.33.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
nachdem das Problem immer noch vorhanden war, habe ich auch den OTL Scan gemacht:

Code:
ATTFilter
OTL logfile created on: 22.07.2012 19:41:56 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\viiv. ~\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 48,71% Memory free
7,82 Gb Paging File | 5,63 Gb Available in Paging File | 71,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 141,51 Gb Free Space | 59,34% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 119,33 Gb Free Space | 35,87% Space Free | Partition Type: NTFS
 
Computer Name: VIIV-PC | User Name: viiv. ~ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\viiv. ~\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\viiv. ~\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TiMiniService) -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (Trend Micro Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://finiteincantatem.yooco.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com"
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\viiv. ~\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\viiv. ~\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.13 04:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.22 19:17:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.29 17:36:25 | 000,000,000 | ---D | M]
 
[2012.01.11 20:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viiv. ~\AppData\Roaming\mozilla\Extensions
[2012.07.22 19:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\viiv. ~\AppData\Roaming\mozilla\Firefox\Profiles\esovc4wp.default\extensions
[2012.07.22 19:17:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\viiv. ~\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\viiv. ~\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\viiv. ~\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\viiv. ~\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\viiv. ~\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\viiv. ~\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\viiv. ~\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\viiv. ~\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Google Update] "C:\Users\viiv. ~\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\viiv. ~\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\viiv. ~\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D3D27E6-E20E-4C19-8787-25B7481003F0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.22 19:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 19:27:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.22 19:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.22 19:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.07.22 14:39:31 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\.thumbnails
[2012.07.22 13:53:15 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\.gimp-2.6
[2012.07.22 11:54:31 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{C4B5F12F-6447-4B12-9A7B-2B23F4111791}
[2012.07.22 11:54:20 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{35737A57-27B6-4D8B-8CBE-CF7502A52F9E}
[2012.07.22 01:15:27 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.07.22 01:15:27 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Roaming\Adobe Mini Bridge CS5.1
[2012.07.22 01:08:37 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\Documents\Adobe Scripts
[2012.07.22 01:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.07.22 01:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.07.22 01:02:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.07.22 01:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.07.21 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Roaming\Adobe
[2012.07.21 23:21:21 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.21 23:21:21 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.21 23:18:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\syncdb
[2012.07.21 21:16:42 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\Documents\gegl-0.0
[2012.07.21 20:43:08 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{767460DE-AFB6-4425-913F-0F18D66473BD}
[2012.07.21 20:42:47 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{FCD45868-EE14-4C81-95A8-A4C0624A9C45}
[2012.07.21 18:58:40 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\Documents\The KMPlayer
[2012.07.21 17:30:15 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\Adobe
[2012.07.21 17:21:27 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\Fonts
[2012.07.21 17:20:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.07.21 17:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.07.21 08:42:20 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{6BA21C77-0315-4098-A899-47ACCF6B0390}
[2012.07.21 08:42:10 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{D763D3E4-9F3C-46AA-ACAD-268D66A16055}
[2012.07.20 22:56:55 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\Documents\queenyroden
[2012.07.20 13:48:57 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{82857EBC-2756-4C55-8D58-61FF510704ED}
[2012.07.20 13:48:35 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{6EAE1293-669A-4BAE-87AB-8DA8974ACFFA}
[2012.07.20 00:33:22 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{946C316B-8412-4126-A497-D31E211B2EB3}
[2012.07.19 12:32:46 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{9DE2BDA8-23EA-4C61-9266-B130527ECCB0}
[2012.07.19 12:32:25 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{3A58AB93-DF7A-450C-B9D5-B4960A3F036C}
[2012.07.19 00:31:59 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{240EA528-8171-48F3-87BD-1F35297A5B5A}
[2012.07.19 00:31:38 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{0845F710-462C-4976-9094-39998104338C}
[2012.07.18 12:31:07 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{90479F63-F4DA-4412-9DB4-18D0D68D7917}
[2012.07.18 12:30:51 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{B9559ABF-A527-4D6A-AD29-7202A0796832}
[2012.07.18 00:30:24 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{E9282261-53F9-4A8A-AD9C-F3D966A39557}
[2012.07.18 00:30:03 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{D5895A20-5B6F-4118-9D51-F3F1B22BB6D5}
[2012.07.17 17:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.17 17:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.17 12:29:50 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{699BF8B9-45F2-4DCE-9890-381C2C79187A}
[2012.07.17 12:29:29 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{E071BE03-857C-4D71-93C4-FD4CA2A72D83}
[2012.07.17 00:29:03 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{A510EEE6-1E25-4987-8C12-3CA51C9BFF40}
[2012.07.17 00:28:42 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{54921DE1-56D9-4FB3-9D5D-E70FDAFCC825}
[2012.07.16 12:28:28 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{CF0BC29B-2676-4E3E-BA89-16FA752FF851}
[2012.07.16 12:28:14 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{E516150E-C74C-43B5-BBB0-CBE83CCBCF60}
[2012.07.16 00:05:59 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{C26DEA55-E288-4F60-8A15-04A7FB7F9E2E}
[2012.07.15 17:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.07.15 12:05:36 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{7F201A25-FB03-406F-993B-8B71A1EB973B}
[2012.07.15 12:05:15 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{80567AA3-8264-425E-81B7-806CE3F30FD3}
[2012.07.14 14:22:38 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{03A5F296-88FA-416F-BBA4-EB19DEA30743}
[2012.07.14 14:22:17 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{B40C1D19-35CC-47D8-B566-3F27D0571164}
[2012.07.14 02:21:51 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{44223B02-2ACE-41A1-A971-FB6C1A336949}
[2012.07.14 02:21:29 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{C1E00467-3F58-4345-8548-3333D4154675}
[2012.07.13 14:21:16 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{1CF3CDFE-C127-45D3-BF09-D57BB92220E6}
[2012.07.13 14:20:54 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{ACC8E2D2-57A7-4128-B417-560B1DF61581}
[2012.07.12 20:10:14 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{79FEFCF5-9B4A-43F9-BB19-A84F2090F489}
[2012.07.12 20:09:55 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{12311551-3167-402F-AC2F-D1149A64FD41}
[2012.07.12 02:36:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 02:36:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 02:36:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 02:36:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 02:36:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 02:36:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 02:36:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 02:36:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 02:36:43 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 02:36:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 02:36:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 02:36:42 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 02:36:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 23:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.07.11 23:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.07.11 23:54:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.07.11 23:54:20 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.07.11 23:54:20 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.07.11 23:54:20 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.11 23:54:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.11 23:54:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.11 23:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.07.11 23:33:08 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{B92CA8F4-164A-4402-8E91-8F606C934616}
[2012.07.11 23:32:47 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{CF4E2EC6-8C0C-4E60-8603-EBB6BFCB74BC}
[2012.07.11 11:38:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 11:38:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 11:38:39 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 11:38:36 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.11 11:38:36 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 11:32:31 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{4ADFB404-0A45-4502-82F5-CD955CC23FD4}
[2012.07.11 11:32:10 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{FDA0B720-2844-4B98-8568-11227ED18263}
[2012.07.10 22:28:37 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{17436651-B86F-4483-B417-75F5D2C5FFAE}
[2012.07.10 22:28:15 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{BB6FCD61-64C3-4904-BF75-B5BFB7E86A61}
[2012.07.10 21:15:22 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\Documents\Meine empfangenen Dateien
[2012.07.10 10:27:50 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{C41D2CCD-1554-49BB-9598-F1E232EAE590}
[2012.07.10 10:27:28 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{42F5234B-77EE-4677-A319-03D9FA509C26}
[2012.07.10 02:27:11 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{2538B88B-FAB8-4B84-A641-59AC77A62690}
[2012.07.10 01:29:31 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{611D3748-AEA1-40C5-A923-A1E281ED01EB}
[2012.07.09 13:29:00 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{6DBB0D01-0E8E-4C54-B5FC-72920CE35B45}
[2012.07.09 13:28:49 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{CBEBC15E-B090-485E-9320-AC92CE59421A}
[2012.07.08 17:47:12 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{B133F237-BDE0-4E30-A5EB-CDDBAC62D25C}
[2012.07.08 17:46:50 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{6ACBEC9E-E07B-4C34-AB0D-1A893A64864B}
[2012.07.07 16:52:39 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{8612F16C-D59B-43E8-A2AF-625CCDA9D698}
[2012.07.07 16:52:29 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{0E0675B1-A16E-4758-9216-B3643B9B1D55}
[2012.07.07 01:40:29 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{2C488CE9-C8AE-4E2B-AE4A-D71205DF5BB6}
[2012.07.06 13:39:55 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{124A69A7-4552-4505-AEBD-EA07DAE82D17}
[2012.07.06 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{A63E9055-42ED-4634-8E6F-265EC1DE0B7F}
[2012.07.06 01:53:45 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.06 01:39:08 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{30474E1D-823B-414B-9C0D-F585BD5D8B47}
[2012.07.05 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{9C2318B6-5DC9-49B9-BA75-D757FBADD6C6}
[2012.07.05 13:38:07 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{07AD8527-A798-4C8B-BAEA-F315A4CC02EC}
[2012.07.05 01:14:22 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{DCE93B50-77F1-41DE-92FF-9C0F04FCB109}
[2012.07.05 01:14:00 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{C4EECB5F-0663-4DF9-A6B9-00B6E9B0A919}
[2012.07.04 13:13:34 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{E7B0B29B-285A-46F6-AB76-7088B548F2D5}
[2012.07.04 13:13:11 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{4685F1F8-45C7-4016-A653-0A7B918CCBBA}
[2012.07.03 16:36:52 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{50156043-8541-4E9B-BC98-7D2545954BAD}
[2012.07.03 16:36:41 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{DE639E80-7626-4A84-A906-94D512C96140}
[2012.07.02 12:12:04 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{E58DE949-2749-4432-A901-610F4DBA0585}
[2012.07.02 12:11:42 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{6578E305-168A-4620-A32D-2E8A0F4FA8B5}
[2012.07.02 00:11:17 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{AD58E87D-304D-4E7E-99AB-BC1F8AAD29FF}
[2012.07.02 00:10:56 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{FE9D2F4B-5CB2-4D66-87AD-65295744EC6F}
[2012.07.01 11:18:02 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{FFC38A6B-467F-428D-BE4E-3058D0048FD8}
[2012.07.01 11:17:40 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{848F9C9B-05EA-401B-AB7F-7BB681657673}
[2012.06.30 23:17:15 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{692AAD95-9C06-4264-B816-FE75585426C0}
[2012.06.30 23:16:54 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{42233E98-D0E9-4375-8275-44E404F34670}
[2012.06.30 21:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2012.06.30 11:16:28 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{ADD2E1A1-C703-4CC2-9094-AA259023E4A3}
[2012.06.30 11:16:06 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{0D3B2B7B-591D-44B1-BA6C-7F5BF90ED22A}
[2012.06.29 21:32:05 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{BF7DAA42-EEDB-433A-B09E-84631486A5E0}
[2012.06.29 21:31:44 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{73AB1198-A8EE-4CB3-BFB9-33334AA92BCB}
[2012.06.29 09:31:18 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{0F19BDBD-A9ED-4A80-A1A2-4C59B39AA715}
[2012.06.29 09:30:56 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{377C8F58-F37D-428B-8EEA-2F5937257887}
[2012.06.28 13:54:47 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{E6D2E8D1-23AD-436E-8E57-9EDAC952C178}
[2012.06.28 13:54:34 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{66B964D1-21D9-4435-BF73-246E975FAD35}
[2012.06.27 22:26:37 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{80015CC7-C81E-4CCC-AEBD-CB72F5C43677}
[2012.06.27 22:26:15 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{30ABEDAC-0C0A-4793-BE97-AA74D15F5098}
[2012.06.27 10:25:50 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{B880A34A-2A00-4216-A97F-039F1F6AEBF9}
[2012.06.27 10:25:28 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{E0F5210F-CD66-4C94-AB11-FB0FB08A19C0}
[2012.06.26 16:16:40 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{CF682EE1-61CC-4413-970E-88D593B9AE3F}
[2012.06.26 16:16:15 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{9FFDEDA1-C629-48FC-910D-30A13CEED0B3}
[2012.06.25 13:18:08 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{B2C1D337-FCB2-4252-9CF0-BCF14B24669A}
[2012.06.25 13:17:58 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{73888F95-8E9A-40A3-9CCD-D07A5E077DE2}
[2012.06.24 14:03:23 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{82A23C8C-1610-4C01-9834-49633F82ED86}
[2012.06.24 14:03:02 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{0CFCA70B-91F9-49F0-AD57-01332075DF2F}
[2012.06.24 02:02:36 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{BCF86CA0-E763-4DB3-AF60-7A9A7B7A75EE}
[2012.06.24 02:02:15 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{5E508C64-CAB9-4AD5-8E8F-9182FF0C212D}
[2012.06.23 14:01:37 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{A81C660F-1F15-4F19-82A5-7B3ACE6E559E}
[2012.06.23 14:01:27 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{0767AA4B-9799-444A-BFDE-D3AA8C1909C0}
[2012.06.22 23:24:25 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{856BF210-DAF1-422B-B354-124C58B02775}
[2012.06.22 23:24:14 | 000,000,000 | ---D | C] -- C:\Users\viiv. ~\AppData\Local\{AE2EB2B1-3D89-455C-9F07-47DC04606996}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.22 19:44:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 19:44:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 19:37:37 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.07.22 19:37:21 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Gycywfhx.job
[2012.07.22 19:37:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 19:37:11 | 3150,995,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.22 19:35:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3347743913-1427352598-1234706148-1001UA.job
[2012.07.22 19:27:29 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.22 19:18:00 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.22 18:57:56 | 004,901,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.22 17:45:16 | 000,001,456 | ---- | M] () -- C:\Users\viiv. ~\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.07.22 17:07:00 | 000,204,718 | ---- | M] () -- C:\Users\viiv. ~\.recently-used.xbel
[2012.07.22 14:03:37 | 001,529,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.22 14:03:37 | 000,665,812 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.22 14:03:37 | 000,627,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.22 14:03:37 | 000,133,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.22 14:03:37 | 000,110,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.22 11:53:32 | 000,002,406 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.07.22 11:53:03 | 000,001,521 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.07.22 01:42:09 | 000,000,132 | ---- | M] () -- C:\Users\viiv. ~\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.07.21 23:21:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.21 23:21:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.17 17:05:15 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.15 17:08:36 | 000,001,041 | ---- | M] () -- C:\Users\viiv. ~\Desktop\KMPlayer.lnk
[2012.07.14 05:35:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3347743913-1427352598-1234706148-1001Core.job
[2012.07.12 20:32:41 | 000,002,414 | ---- | M] () -- C:\Users\viiv. ~\Desktop\Google Chrome.lnk
[2012.07.11 23:54:05 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.11 23:54:05 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.30 21:35:19 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012.06.30 17:47:36 | 000,128,177 | ---- | M] () -- C:\Users\viiv. ~\AppData\Local\recently-used.xbel
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.22 19:27:29 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.22 19:18:00 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.07.22 19:17:59 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.22 17:07:00 | 000,204,718 | ---- | C] () -- C:\Users\viiv. ~\.recently-used.xbel
[2012.07.22 01:43:14 | 000,001,456 | ---- | C] () -- C:\Users\viiv. ~\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.07.22 01:42:09 | 000,000,132 | ---- | C] () -- C:\Users\viiv. ~\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.07.22 01:06:42 | 000,001,095 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012.07.22 01:06:06 | 000,001,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2012.07.22 01:04:29 | 000,001,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2012.07.22 01:04:10 | 000,001,284 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012.07.22 01:03:03 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012.07.22 01:02:58 | 000,001,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012.07.22 01:02:26 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.06.30 21:35:19 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012.06.30 17:47:36 | 000,128,177 | ---- | C] () -- C:\Users\viiv. ~\AppData\Local\recently-used.xbel
[2012.05.09 18:15:22 | 000,135,168 | RHS- | C] () -- C:\Windows\SysWow64\cscriptp.dll
[2012.01.19 20:30:01 | 000,000,132 | ---- | C] () -- C:\Users\viiv. ~\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.12 21:17:32 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.07 08:12:52 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.07 08:12:49 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.07 08:12:47 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.07 08:10:35 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 22.07.2012 19:41:56 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\viiv. ~\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 48,71% Memory free
7,82 Gb Paging File | 5,63 Gb Available in Paging File | 71,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 141,51 Gb Free Space | 59,34% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 119,33 Gb Free Space | 35,87% Space Free | Partition Type: NTFS
 
Computer Name: VIIV-PC | User Name: viiv. ~ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB1AB40-ABD1-4CA5-8951-79D8990E4AF3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{0C36E0C3-7ECD-49B7-BF92-38419C6E15C0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0E10F857-61FE-4689-80C1-576ACFEFE11C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0EAF2EDB-CB8A-452A-8A78-9F252DA82598}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{16679470-07D7-4ED4-B908-DA9FA9369DE1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1778E635-3B73-40C1-822F-C55D4917AF6E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1BA3045A-F3DF-46A8-A18F-1AF127B14C3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{218E292D-BFA9-4CE5-A68A-E4F2C2F9E0EF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2C03B014-9AB0-415B-8E38-A0ED40189BA7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{417FE207-8BF9-4B5A-A9E3-8CBCFC78E2C1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{459B0DF5-1B1E-44C3-9C3F-51EB27702995}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{469CDC81-59A5-424A-91F4-0C4F8F439F5D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4AD2C1E0-FB3D-405E-AA1C-0C124799C98A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{5CC9518E-E6B8-4221-ABD6-E0AADC1EA5CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{603A1AB6-ACA3-47C0-B94D-C2C45BD90DE8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6BAE2BDC-F364-480F-BF6F-06FB1C2891D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{749256FD-3528-413A-BC31-321CE4D0522E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{81F628F1-0956-487A-96CA-2A8BEDE9F09F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8F9BC0A9-D7EB-44FF-B490-832E98F43A0A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9F0A0199-C032-40E9-A9CC-A8FDEC48816C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A1B07C6E-6649-4914-A9D6-62F84A129CCD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{C4C887A0-169D-4C39-8C76-EDDB9B53DD2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CCA07209-DA37-4791-AE90-DE696BB70336}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D774CF43-2631-4522-917B-82889282A1E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E152F9C3-B3DF-41EB-963C-A79F1A5A7E6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E645FCA4-2988-4ECB-9D51-EDA140BF95C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E7E5F7EA-1158-43B0-8D94-5D69B0F358BB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F60CA8D6-67C4-4F4F-A987-174C21E15109}" = lport=23687 | protocol=6 | dir=in | name=windows core service | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C40E2C-5A31-487A-97E9-90743027C6A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0A57C191-DF73-4561-99AB-72E59FB0FDAA}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{0B37E723-8212-498C-AD84-BDB11E84F0D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1F5D3833-529A-46D0-AF75-AE4CFA825D72}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{26DE738D-3527-4707-926D-94B87311F82B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3264F322-DEFE-43D5-98F7-82DD906E0457}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3265E279-53A8-4A91-863D-2D8982E81E0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A495358-B3C2-4367-9756-35323296471D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{3A603710-8879-434E-8405-5322D64D139B}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{3EE38B4C-9460-4E2F-A55B-67AA3B783163}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{43BA09BE-E365-4DB0-AD35-047A683A7D88}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | 
"{470F6FB5-7CBE-4EB6-BAD0-B5214334D5D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4C817A3A-2B03-4FF2-AA3F-D0DD51F5E139}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4EF2EC07-CC8A-47CB-95BF-897DEBCE2146}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{544170D0-7643-49FF-BF8D-732B0165D8C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{5AF0B782-8809-4549-976C-136A96B10D3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5F76392E-E46B-4F94-84B8-B9D90A38A389}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{63C23D88-9C26-4CA1-88FD-3F866588A9C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6992923D-0193-4320-B392-0AB6A3804A8C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6D708476-AFD4-4C95-B5F0-BE359477785C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{6E63222E-2883-4F2F-AC31-7ED360F99CFB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6E7B4AB1-4BA0-4211-B3C1-288A21F0824B}" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"{7B3D0650-C273-4232-BA27-DFF3FAD4D47D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{83852E68-E6B6-46A9-BC10-A4DDDF1E96C8}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | 
"{908ACBF8-B84B-42BA-855F-7CA61D078D05}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{98C61BE8-5D2E-4403-9E7F-D3CAF625236D}" = protocol=6 | dir=out | app=system | 
"{9E54C368-F396-4B73-B2AA-05B48B6CAD44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A2DECD41-9274-4597-A2D0-1E6E5F9BCA3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B64AE3E2-A9FF-4715-8AE5-EC9A7BEA0527}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{BB0992E5-A44D-4147-B906-B23BCB7033BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CCFE2C47-DBD7-4194-8B17-41B486602279}" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"{D138053C-3A4A-47C7-B809-C34C34DBC211}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F1A7FEE3-50EB-4427-B35A-1D217783F9C7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{F42CA3ED-D5E3-4E07-83C9-AB8A5ACF402C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{F7D9226F-7E81-4DBD-9724-F5B8E88281BD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FB2A5E09-3A72-4B84-9C98-00B8603BF8A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB4AB022-C94A-4207-A955-485EB179ACCA}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | 
"{FF701E86-12CC-44C9-B8DB-B95036263F3F}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe | 
"TCP Query User{F4E7E05C-786B-4516-B3DD-46D227B056CE}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{A71452F1-750D-49D6-81D7-E74686255A00}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.56
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.56
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP495 series Benutzerregistrierung" = Canon MP495 series Benutzerregistrierung
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.00.1467" = Opera 12.00
"Origin" = Origin
"PhotoScape" = PhotoScape
"ProInst" = Intel PROSet Wireless
"The KMPlayer" = The KMPlayer (remove only)
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.05.2012 07:46:27 | Computer Name = viiv-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 12.05.2012 07:46:27 | Computer Name = viiv-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 12.05.2012 07:46:27 | Computer Name = viiv-PC | Source = Bonjour Service | ID = 100
Description = 
 
Error - 15.05.2012 13:24:09 | Computer Name = viiv-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows Live Messenger" konnte nicht
 heruntergefahren werden.
 
Error - 20.05.2012 09:51:34 | Computer Name = viiv-PC | Source = Application Hang | ID = 1002
Description = Programm FreeYouTubeToMP3Converter.exe, Version 3.11.19.412 kann nicht
 mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: d44    Startzeit: 01cd368de92f5b86    Endzeit: 11    Anwendungspfad: 
C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

Berichts-ID:
   
 
Error - 20.05.2012 19:38:40 | Computer Name = viiv-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PhotoScape.exe, Version: 1.0.0.1297,
 Zeitstempel: 0x4f4c6f44  Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17755,
 Zeitstempel: 0x4f0412de  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000a1662  ID des fehlerhaften
 Prozesses: 0x1960  Startzeit der fehlerhaften Anwendung: 0x01cd36e1891a8ad6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\PhotoScape\PhotoScape.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\syswow64\SHELL32.dll  Berichtskennung: ed233239-a2d4-11e1-b387-5404a63bb93d
 
Error - 20.05.2012 19:38:58 | Computer Name = viiv-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PhotoScape.exe, Version: 1.0.0.1297,
 Zeitstempel: 0x4f4c6f44  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc015000f  Fehleroffset: 0x000847db  ID des fehlerhaften
 Prozesses: 0x1960  Startzeit der fehlerhaften Anwendung: 0x01cd36e1891a8ad6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\PhotoScape\PhotoScape.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: f8300844-a2d4-11e1-b387-5404a63bb93d
 
Error - 31.05.2012 13:48:35 | Computer Name = viiv-PC | Source = Application Hang | ID = 1002
Description = Programm FreeYouTubeToMP3Converter.exe, Version 3.11.19.412 kann nicht
 mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: c64    Startzeit: 01cd3f52d1cf8d2e    Endzeit: 100    Anwendungspfad:
 C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

Berichts-ID:
   
 
Error - 15.06.2012 16:07:23 | Computer Name = viiv-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b4a9  ID des fehlerhaften Prozesses: 0x151c  Startzeit der fehlerhaften Anwendung:
 0x01cd4b24a2018d47  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 b7cf1a0a-b725-11e1-b846-5404a63bb93d
 
Error - 17.06.2012 17:26:04 | Computer Name = viiv-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0x1050  Startzeit der fehlerhaften Anwendung:
 0x01cd4caf5a3addde  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 0ae2957e-b8c3-11e1-bf17-5404a63bb93d
 
[ System Events ]
Error - 21.04.2012 07:03:22 | Computer Name = viiv-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 21.04.2012 07:03:22 | Computer Name = viiv-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "netprofm" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 21.04.2012 07:03:22 | Computer Name = viiv-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Netzwerklistendienst" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1069
 
Error - 21.04.2012 07:03:22 | Computer Name = viiv-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 21.04.2012 07:03:22 | Computer Name = viiv-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 04.05.2012 13:11:50 | Computer Name = viiv-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 07.05.2012 08:12:12 | Computer Name = viiv-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.05.2012 09:31:56 | Computer Name = viiv-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 13.05.2012 09:36:16 | Computer Name = viiv-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 15.05.2012 07:32:07 | Computer Name = viiv-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
hab nicht wirklich eine Ahnung von dem Ganzen und bräuchte deshalb dringend Hilfe..

Alt 22.07.2012, 22:18   #2
Chris4You
 
Google Weiterleitung zu rocketnews - Standard

Google Weiterleitung zu rocketnews



Hi,

OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
[2012.05.09 18:15:22 | 000,135,168 | RHS- | C] () -- C:\Windows\SysWow64\cscriptp.dll
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:REG
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01

:Commands
[purity]
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Danach MAM updaten und FULLSCAN!

chris
__________________

__________________

Alt 23.07.2012, 01:34   #3
aloiv
 
Google Weiterleitung zu rocketnews - Standard

Google Weiterleitung zu rocketnews



Danke für deine Antwort, aber ist es normal dass das Programm einfriert und "Keine Rückmeldung" schreibt?
glaub nicht, oder?
__________________

Alt 23.07.2012, 09:02   #4
Chris4You
 
Google Weiterleitung zu rocketnews - Standard

Google Weiterleitung zu rocketnews



Hi,

im abgesicherten Modus nochmal probieren (F8 beim Booten)...
Poste dann das LOg bzw. Boote den Rechner selbst...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 23.07.2012, 18:07   #5
aloiv
 
Google Weiterleitung zu rocketnews - Standard

Google Weiterleitung zu rocketnews



hm ebenfalls versucht, schreibt:
"Processing Registry data 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]..."
und macht genau gar nichts mehr..


Alt 24.07.2012, 07:47   #6
Chris4You
 
Google Weiterleitung zu rocketnews - Standard

Google Weiterleitung zu rocketnews



Hi,

ok, er sollte bis dahin durchgelaufen sein, bitte MAM updaten und Fullscan und erstelle und poste ein neues OTL-Log.

Das Sicherheitscenter ist wahrscheinlich noch deaktiviert... (das sollte durch diese Anweisung bei der er hängenbleibt aktiviert werden)...

chris
__________________
--> Google Weiterleitung zu rocketnews

Antwort

Themen zu Google Weiterleitung zu rocketnews
akamai, antivir, avira, bho, bonjour, desktop, dringend, error, excel, firefox, flash player, focus, gfnexsrv.exe, google, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, logfile, microsoft office word, mozilla, ntdll.dll, nvidia update, nvpciflt.sys, office 2007, pandora.tv, problem, programm, realtek, registry, rocketnews, scan, searchscopes, security, senden, software, svchost.exe, usb 2.0, usb 3.0



Ähnliche Themen: Google Weiterleitung zu rocketnews


  1. Google Redirect Virus (Rocketnews & co.)
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (5)
  2. Weiterleitung auf rocketnews im Browser
    Log-Analyse und Auswertung - 30.07.2012 (4)
  3. Google/Bing ... redirect Virus rocketnews
    Log-Analyse und Auswertung - 23.07.2012 (27)
  4. Google leitet auf rocketnews.com weiter. tr/pirminay.sax
    Log-Analyse und Auswertung - 09.07.2012 (21)
  5. Windows Sichertscenter lässt sich nicht mehr starten sowie Weiterleitung auf Rocketnews
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (21)
  6. Google/rocketnews.com Problem
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (10)
  7. Virenscan folgender fund TR/Agent.fcv und weiterleitung bei google auf rocketnews
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (13)
  8. Weiterleitung auf rocketnews
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  9. rocketnews virus; weiterleitung über google suche auf fremde falsche seiten
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (1)
  10. Weiterleitung in der Suchmaschine auf leere Seiten mit der Kennung Rocketnews
    Log-Analyse und Auswertung - 14.06.2012 (2)
  11. Google Weiterleitung - Rocketnews: Virus?
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (11)
  12. google rocketnews
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (33)
  13. Weiterleitung Rocketnews und andere Seiten
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (1)
  14. Weiterleitung bei Googlesuche zu Rocketnews
    Plagegeister aller Art und deren Bekämpfung - 18.05.2012 (1)
  15. Weiterleitung bei google (bing etc.)-Suche auf falsche Seite "rocketnews.com/...."
    Plagegeister aller Art und deren Bekämpfung - 13.05.2012 (2)
  16. Suchmaschine: Weiterleitung auf falsche/andere als gewünschte Seiten "rocketnews" (Fehlleitung)
    Log-Analyse und Auswertung - 26.04.2012 (17)
  17. Weiterleitung zu Epoclick, Gomeo, google analytics, google websites, google anderer länder
    Plagegeister aller Art und deren Bekämpfung - 10.05.2011 (6)

Zum Thema Google Weiterleitung zu rocketnews - Hallo, habe mittlerweile zum zweiten Mal das Problem, dass Google mich über rocketnews weiterleitet, weiß jedoch nicht mehr wie ich es beim 1. Mal gelöst habe. Hab mir auch die - Google Weiterleitung zu rocketnews...
Archiv
Du betrachtest: Google Weiterleitung zu rocketnews auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.