Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ukash Bundespolizei Infektion - Logs anbei

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 23.11.2012, 12:26   #1
zellerli
 
Ukash Bundespolizei Infektion - Logs anbei - Standard

Ukash Bundespolizei Infektion - Logs anbei



Hallo,

seit gestern habe ich besagten Trojaner (Computer gesperrt, 100€ zahlen).
Meine bisherige Recherche hat ergeben, dass ich wohl OTL-Logs posten muss und dann Anweisungen abwarten sollte. Ich danke schon jetzt für jegliche Hilfe!

Im abgesicherten Modus habe ich mit OTL die folgenden Logs erstellt.
Ich verwende Windows 7, Antivir und den neuesten Firefox.

edit: Ich lerne ja gerne neues und versuche halbwegs zu verstehen, was vorliegt und wie die Lösung funktioniert.
Am Log ist mir vor allem das hier aufgefallen (neuste Files):
Zitat:
[2012.11.22 18:38:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.11.22 18:38:21 | 000,161,280 | ---- | C] (Un4seen Developments) -- C:\Users\Zellerli\wgsdgsdgdsgsd.exe
kommt uhrzeitmäßig auch voll mit der Infektion hin (nach der ich den Rechner ausgeschaltet hab).

edit2: Einige Dateibewegungen (Desktop) rühren daher, dass ich für den Log aufräumen wollte (dachte die Desktopdateien werden extra aufgeführt). Ich habe beim Log auch nur 2Gb Speicher drin gehabt, weil ich die Pause gerade nutze, einen schadhaften Ram-Riegel auszumachen.

OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.11.2012 11:14:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zellerli\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,52% Memory free
3,99 Gb Paging File | 2,95 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,54 Gb Total Space | 137,43 Gb Free Space | 14,91% Space Free | Partition Type: NTFS
Drive G: | 1,81 Gb Total Space | 1,60 Gb Free Space | 88,55% Space Free | Partition Type: FAT
 
Computer Name: LAEMMERSPIEL | User Name: Zellerli | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zellerli\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (MySQL) -- C:\xamppDaten\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xamppDaten\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TDslMgrService) -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BA 81 8B 16 AC 86 CD 01  [binary data]
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\SearchScopes\{606ADCDA-32A4-4BC9-AB42-CEA943C2C9F0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3993BC9E-58B3-43CA-8C8E-ED25C2215BBF&apn_sauid=9BF59E63-0C7C-41C0-8F22-F2870D58D302
IE - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.19 10:46:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.27 17:46:48 | 000,000,000 | ---D | M]
 
[2012.11.19 10:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zellerli\AppData\Roaming\mozilla\Extensions
[2012.11.19 10:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1227684924-1299058479-1627879679-1000..\Run: [Spotify Web Helper] C:\Users\Zellerli\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E51035B1-B4D9-4B2B-A388-C30EB39FD8AC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7295fb20-072b-11e2-873a-6cf0490d7c79}\Shell - "" = AutoRun
O33 - MountPoints2\{7295fb20-072b-11e2-873a-6cf0490d7c79}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.23 11:12:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zellerli\Desktop\OTL.exe
[2012.11.22 18:38:22 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.11.22 18:38:21 | 000,161,280 | ---- | C] (Un4seen Developments) -- C:\Users\Zellerli\wgsdgsdgdsgsd.exe
[2012.11.19 10:46:44 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Mozilla
[2012.11.16 03:38:05 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.16 03:38:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.16 03:33:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.16 03:30:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.16 03:30:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.16 03:30:48 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.16 03:30:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.16 03:30:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.16 03:30:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.16 03:30:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.16 03:30:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.16 03:30:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.16 03:30:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.16 03:30:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.16 03:30:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.16 03:30:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.16 03:30:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.16 03:30:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.16 03:27:15 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.16 03:27:14 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.16 03:27:14 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.16 03:27:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.15 09:19:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.15 09:19:47 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.15 09:19:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.15 09:19:43 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2012.11.15 09:19:42 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2012.11.15 09:19:42 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2012.11.15 09:19:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2012.11.15 09:19:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2012.11.15 09:19:42 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2012.11.15 09:19:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2012.11.15 09:19:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2012.11.15 09:19:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2012.11.15 09:19:41 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2012.11.15 09:19:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2012.11.15 09:19:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2012.11.15 09:19:39 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.15 09:19:39 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.15 09:19:39 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.15 09:19:39 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.15 09:19:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.15 09:19:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.15 09:19:24 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.15 09:19:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.10.27 19:50:23 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\xm1
[2012.10.27 19:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\OriginLab
[2012.10.27 19:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin86Sr0SetupFiles
[2012.10.27 19:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.10.27 19:04:24 | 000,000,000 | ---D | C] -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.10.27 19:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texmaker
[2012.10.27 17:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.06.04 10:31:59 | 001,663,664 | ---- | C] (Blizzard Entertainment) -- C:\Users\Zellerli\InstallWoW.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Zellerli\AppData\Local\*.tmp files -> C:\Users\Zellerli\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.23 11:09:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.23 11:09:45 | 1607,065,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.23 10:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zellerli\Desktop\OTL.exe
[2012.11.22 18:50:45 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 18:50:44 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.22 18:50:34 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.22 18:48:33 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.22 18:38:24 | 000,000,788 | ---- | M] () -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.11.22 18:38:22 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.11.22 18:38:21 | 000,161,280 | ---- | M] (Un4seen Developments) -- C:\Users\Zellerli\wgsdgsdgdsgsd.exe
[2012.11.22 18:18:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.20 02:39:46 | 001,796,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 02:39:46 | 000,770,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.20 02:39:46 | 000,712,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 02:39:46 | 000,173,294 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.20 02:39:46 | 000,141,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.19 10:46:41 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 17:45:29 | 000,080,936 | ---- | M] () -- C:\Users\Zellerli\Documents\2012-03_Beschluss_sicherer_Berufseinstieg_zur_Veroeffentlichung-1.pdf
[2012.11.16 10:04:23 | 000,605,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.27 19:04:25 | 000,000,999 | ---- | M] () -- C:\Users\Zellerli\Desktop\Texmaker.lnk
[2012.10.25 17:28:30 | 001,255,701 | ---- | M] () -- C:\Users\Zellerli\Documents\ts3_clientui-win64-1351090895-2012-10-25 18_28_30.941725.dmp
[2012.10.25 17:28:07 | 001,257,933 | ---- | M] () -- C:\Users\Zellerli\Documents\ts3_clientui-win64-1351090895-2012-10-25 18_28_06.925434.dmp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Zellerli\AppData\Local\*.tmp files -> C:\Users\Zellerli\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.22 18:38:24 | 000,000,788 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.11.22 18:38:23 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.19 10:46:41 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.19 10:46:41 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.16 17:45:29 | 000,080,936 | ---- | C] () -- C:\Users\Zellerli\Documents\2012-03_Beschluss_sicherer_Berufseinstieg_zur_Veroeffentlichung-1.pdf
[2012.11.16 03:38:09 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 03:27:14 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.10.27 19:04:25 | 000,000,999 | ---- | C] () -- C:\Users\Zellerli\Desktop\Texmaker.lnk
[2012.10.25 17:28:30 | 001,255,701 | ---- | C] () -- C:\Users\Zellerli\Documents\ts3_clientui-win64-1351090895-2012-10-25 18_28_30.941725.dmp
[2012.10.25 17:28:06 | 001,257,933 | ---- | C] () -- C:\Users\Zellerli\Documents\ts3_clientui-win64-1351090895-2012-10-25 18_28_06.925434.dmp
[2012.07.05 06:41:33 | 000,314,880 | ---- | C] () -- C:\Users\Zellerli\AppData\Local\vltdi.exe
[2012.05.12 16:30:50 | 000,001,984 | ---- | C] () -- C:\Users\Zellerli\.recently-used.xbel
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.03 16:03:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.04.01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.04.01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.04.01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.03.07 23:51:00 | 000,042,615 | ---- | C] () -- C:\Users\Zellerli\dox-rs16_zurCore.rar
[2011.03.07 23:50:41 | 000,176,962 | ---- | C] () -- C:\Users\Zellerli\Ravenshield_core_160.rar
[2011.03.07 23:49:57 | 000,042,615 | ---- | C] () -- C:\Users\Zellerli\dox-rs16.rar
[2011.03.07 23:45:24 | 000,640,707 | ---- | C] () -- C:\Users\Zellerli\jmt-MiniRS3.rar
[2011.03.07 23:44:16 | 000,454,809 | ---- | C] () -- C:\Users\Zellerli\RS-mi_SuperK.rar
[2010.12.06 00:22:02 | 000,007,608 | ---- | C] () -- C:\Users\Zellerli\AppData\Local\Resmon.ResmonCfg
[2010.10.18 14:15:29 | 000,000,035 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\Opusbext.dat
[2010.10.06 23:52:54 | 003,121,971 | ---- | C] () -- C:\Users\Zellerli\17_gesamt_003_087_klein.pdf
[2010.07.24 16:14:08 | 000,001,155 | ---- | C] () -- C:\Users\Zellerli\AppData\Roaming\SAS7_000.DAT
[2010.05.13 18:28:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.26 21:41:51 | 001,024,270 | ---- | C] () -- C:\Users\Zellerli\strahlungsfelder_11.pdf
[2010.04.19 19:18:55 | 002,699,555 | ---- | C] () -- C:\Users\Zellerli\theo-vorbereitung.zip
[2010.04.15 23:12:24 | 203,279,596 | ---- | C] () -- C:\Users\Zellerli\Queen.rar
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.03.11 21:42:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\.minecraft
[2011.04.25 20:27:51 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Ahnenblatt
[2012.10.20 00:52:56 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Audacity
[2012.07.21 12:58:34 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\calibre
[2010.11.06 20:15:38 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\DAEMON Tools Lite
[2010.05.19 19:56:31 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\DeepBurner
[2012.10.24 09:51:01 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Dropbox
[2011.04.28 09:54:34 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\FileZilla
[2011.01.14 14:15:14 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Foxit Software
[2012.05.12 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\gtk-2.0
[2012.02.27 00:05:27 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\inkscape
[2012.03.21 20:25:57 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Itwye
[2011.03.22 18:33:19 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\JonDo
[2011.05.21 23:08:48 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Leadertech
[2010.09.01 21:23:30 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\LolClient
[2012.06.17 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\LolClient2
[2011.08.17 23:27:22 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Mael
[2010.10.02 16:08:59 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Miranda
[2011.11.12 12:47:44 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Red Alert 3
[2011.12.10 11:43:43 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\SmartTools
[2012.09.15 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Spotify
[2012.11.22 14:39:14 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\StarOffice8
[2011.03.07 23:39:00 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\StatSoft
[2010.12.22 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Stellarium
[2011.07.26 11:44:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Texas Instruments
[2011.07.26 11:32:49 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\TI-Nspire
[2012.01.23 12:00:01 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\Ubisoft
[2011.09.29 16:59:30 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\uTorrent
[2011.08.29 22:55:05 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\wargaming.net
[2012.10.27 19:50:23 | 000,000,000 | ---D | M] -- C:\Users\Zellerli\AppData\Roaming\xm1
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F35A93AD

< End of report >
         
--- --- ---



Extras.txt:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.11.2012 11:14:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zellerli\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,52% Memory free
3,99 Gb Paging File | 2,95 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,54 Gb Total Space | 137,43 Gb Free Space | 14,91% Space Free | Partition Type: NTFS
Drive G: | 1,81 Gb Total Space | 1,60 Gb Free Space | 88,55% Space Free | Partition Type: FAT
 
Computer Name: LAEMMERSPIEL | User Name: Zellerli | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003E65B1-061F-4F8B-86F0-A78F2EF4417D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{04BDAF95-5D7F-401E-A259-F0216E303044}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0592E869-A5DC-4B52-9C48-123D9F93B881}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0ACFFB57-3CC4-4B27-9BAC-2429C8026F4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C8956ED-E466-4E8F-BA92-9425FDE23F94}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{11C451E4-EACC-463C-B815-C0C5B79A21FD}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{1CC5D8BC-5004-453E-B717-BE919613077A}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{1FE6C0B7-A038-459B-8297-542BD96E87FA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{217722DE-AA15-4622-BCDD-F513027389E1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2A862473-278D-4572-B321-94BDE60374BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{36A802B4-1C8A-4A02-8383-6E91B921372D}" = lport=6892 | protocol=17 | dir=in | name=league of legends launcher | 
"{3D0B3A79-5A0F-460F-9883-EB591D440287}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{411DBB40-A24C-47B3-BC50-01FB07D21FD1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{45230AD7-3DF3-4376-84AB-47A40350FA94}" = lport=80 | protocol=6 | dir=in | name=xampp | 
"{4523A691-9AF0-4851-9D11-05234EF0C7DA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{490237B0-8DA6-419F-92D1-52ECEE319F89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4C4ED62D-8FB7-4149-B420-480616C5B311}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4EF58C36-2A23-448C-BCB7-6EF99A1C8DDB}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher | 
"{53B095EE-722D-46B0-969D-768E3F51570E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{57490034-9B79-4E91-95E3-E8BBAF7CB6A2}" = lport=58947 | protocol=17 | dir=in | name=pando media booster | 
"{5D36A21C-96AD-42F0-A75C-9EA93EF5F98E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6400F3D4-8ABC-4701-91F1-1ECE5417E186}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6A37EBBF-8909-4B71-854C-169A71978A93}" = lport=6888 | protocol=17 | dir=in | name=league of legends launcher | 
"{6A58694C-FD00-49BD-BD20-6F2C85F70A19}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{6C48FE14-0CB6-406D-A5A7-F758B440EAEC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C5FBED3-5C65-4DE5-930F-A7F1C27A009D}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{7E9E5C77-86F6-4EC7-98AB-DDE1C4D6F255}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7F8AF62C-A829-4871-A0AE-C49A12CAEF96}" = lport=137 | protocol=17 | dir=in | app=system | 
"{802CA42E-35F7-467B-9B01-05003F326517}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{80EB48F8-13E2-429C-8FDD-6918AA17B052}" = lport=58947 | protocol=6 | dir=in | name=pando media booster | 
"{843FD27E-DA00-48FD-B70B-D7C5E4CBE647}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{85919E83-2DB1-43B1-8395-62A9403ABCA4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{8688E206-2905-4E67-B2FB-A7AEA3E95F03}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{8D4DE0C9-DAF6-41A4-A11D-7785B41366B5}" = rport=80 | protocol=6 | dir=out | name=xampp | 
"{92A142B6-2657-4BD5-B686-CA8558EC2669}" = lport=139 | protocol=6 | dir=in | app=system | 
"{954D849B-68F9-4C85-B172-48CD12700EF5}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{9F15033C-9D53-41E9-BA5F-E88693C8558A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F3D8019-D14B-42C8-B939-EFE738A8693D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9F84E880-3D01-4A1C-B0D3-46A612BD5156}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB8258F1-36B2-4224-8E0B-45485E1575E7}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{AFE48AC7-8B97-4A9D-9BA6-55F63830C901}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B828B1CC-719C-4E44-A994-5756971562C2}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{BAA1393B-3E48-4983-9947-E8043DDA3E50}" = lport=58947 | protocol=6 | dir=in | name=pando media booster | 
"{BB48567F-14DA-4C8B-9609-5805394EA57E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BCC0EDBC-32CB-4227-B05C-A883F7323D6A}" = lport=6888 | protocol=6 | dir=in | name=league of legends launcher | 
"{BD45B64D-8152-4F12-ACD9-6B026DDDF8AA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BDA9CAD8-A935-4EC5-9D66-21296EAC282E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0B5BCC8-F755-428B-8461-36AEC66FFB47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C21D46AB-8466-4DA1-9F3C-AA7E72A35765}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C7140B34-9AD6-4748-AA6A-A5AB7989F1CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CAF864E8-1323-4359-99DB-C26128D191EE}" = lport=6892 | protocol=6 | dir=in | name=league of legends launcher | 
"{CE2B9EB2-54BB-476E-AF97-0551DB46E9F0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF12D3BC-C65E-408F-8676-72F66F1B4675}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CF928608-7689-4DF3-B1A1-69A2DC2B0AF7}" = lport=58947 | protocol=17 | dir=in | name=pando media booster | 
"{D50F8D27-4721-4BC6-9D7C-6F3B7BB6486B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{DC72D35E-95A6-4B54-9532-1781015A6E51}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{DD198D1B-6402-44AD-9F71-267CB5B74DB5}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{E1322A1B-2843-44C9-9DEA-DE8C9C7B3B03}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{E15D4C25-DA62-48CF-BA82-7CE0B4C2CB73}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher | 
"{E44EE432-38FC-4BF7-9932-6A58184E4DAE}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{EABFE8E1-A134-4AE5-A5F4-DD767E496712}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{EC910B25-ADCD-4184-94EB-E98B3FE12FD6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EED24FB2-3F2C-46BA-A8E4-BD5C752D964F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F2F97DAB-6EB4-475E-92BB-2D6601FD1073}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{F8732271-81F4-4AD1-A018-2D86F3DEF761}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F9105229-FC02-4C43-ADD5-16DBF43122BF}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{FA592191-9BAA-4A6D-9252-D14806D2E475}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FF9447FB-2099-4503-8F9A-3C401EBDDD44}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E24798-9132-4A41-A6B8-E871EF7C02E6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"{08EB96EC-3084-456C-8B2E-0D625754D640}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"{0EAFA2E5-8BDE-46E2-B338-5FCE96F4108B}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{10412528-E2A0-45E8-B438-078C1B003485}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{19439B30-E761-450C-9026-A9682B789209}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A562E02-40D4-463C-BE3C-9768E03787DC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"{1AC66571-1A65-467C-B283-348562765CFD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\anno4.exe | 
"{1CCE85DE-6AFB-430C-9ED4-68852776D54E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{22301842-1B9D-4EAE-B001-ED64E22D3394}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{235FE788-10A4-4094-922B-75B95F111013}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{2571AFDD-F545-4992-8BB5-3081339B7887}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{25E317A1-AD9F-4F52-AC8B-F66C7E2B1C36}" = protocol=17 | dir=in | app=c:\users\zellerli\appdata\roaming\dropbox\bin\dropbox.exe | 
"{29ADB9A2-BB69-4CE7-88C1-97FC54DE80EA}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{310F7292-3673-4513-A65B-0C9635FBC39D}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{341B7905-1465-461F-83AB-54D80BD78623}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{34CAD4B2-1D1F-4D1B-822E-EE8F453D5DF2}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{36466367-7C7F-4FA1-887B-245FED326CA2}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{37AD5E77-A17E-4F54-B71E-6AD90741606D}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{37C0EEE3-0619-4ADE-B26D-DE62E251CDE1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe | 
"{38164E45-3C1E-4EE8-854A-50B527CD1803}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{39ED505F-5B89-4B4F-96E1-3209511DC0F7}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{3C8CCF41-6708-4DB8-B70F-38ECF8BCAA9B}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | 
"{3F016C5F-54C2-4E10-9A51-EE49B7F91520}" = protocol=17 | dir=in | app=c:\program files (x86)\ut2k4\system\ut2004.exe | 
"{3FA6FB51-9681-45D8-9AC8-8D33445331D7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe | 
"{442A0033-2094-4108-9391-205DEE8E1D90}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{444C1016-AFFB-48B3-A7E1-E09DEB69EBDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{44FFC111-10DF-4940-A6E7-4661F0B12260}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{463E015E-56F1-4AA6-963F-D23FC764B6C5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{51D53117-4F64-4816-AA91-7A826DB96FBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2.exe | 
"{5797B216-D8EB-4810-B5F3-AE754BD5C32F}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{58A66449-1BFB-4987-9DAC-45B4A8AE425A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5A754C9F-39D4-4BAD-84C0-7E49E068E51B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5C00FDFC-9C2F-4517-8E40-67BE89D633BC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5DCC306C-35FF-4DCA-938D-F9810DA8411C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6E300200-7F30-452F-8044-818BF280326C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{749FB92B-5BF0-4201-AA22-7F20BBB5061D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{74F120E7-B5EC-41A4-A845-313764ED4688}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7B604866-1E22-42A1-8F3C-2B4DC18E96D9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{81586FD4-4A91-4D7A-BEDD-B5B14012CDFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8186C802-8479-4C2A-985D-18EA807ACBF5}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{852D04A9-8FBE-46C6-9313-D0DDA3399256}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\anno4web.exe | 
"{89771538-1550-4543-84A1-1FCDC394DD07}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{8F1932DA-8A8A-4807-8A58-1D9C2EEFA619}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{93D46D9B-4567-45F0-AC87-11284628E19B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{978C20AB-4ED3-4755-AD72-E9ECB4DD74C8}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | 
"{9A02C3DA-0FD9-44AA-9F9D-19DEDE5F597D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe | 
"{9ADBE6DF-716A-4B57-AC90-16A4C905DD7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{9D24E21A-13D0-4FC0-9913-A33734F8AEC7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe | 
"{A1707C1E-B9DC-4797-91E1-59AB9881A3EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A22414D0-D5AC-498E-8263-22971783F950}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A33B86CD-9F41-4484-9E44-E5A7AD2EF3FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2.exe | 
"{A3F1F49B-515E-4D69-89D2-C2519E613B67}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{A51100CC-4222-4DC2-947B-901CD0829FE5}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{A57E067D-EB68-4B51-AC02-AD38F7984781}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A78EBD96-12EE-4DA5-8030-CC263FBC6433}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe | 
"{B20A3F60-11F1-4000-8F73-D3341D069870}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2CD6F03-2266-4D34-8B0F-7BA9BF43CD11}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B335765D-FF7B-426D-B044-4BD03B0DF83D}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{B3C71977-66AC-42B4-9ED0-76FAC173BE8E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B69AE2FB-99F9-44FC-9207-E8CBABB40BC4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\anno4.exe | 
"{B6FC33E1-452F-4D10-A5F0-A7AF8B5C4A2D}" = protocol=6 | dir=in | app=c:\users\zellerli\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B834CFAB-38EE-410A-9A2C-8A0A7EEE26DB}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{B8AD7CA6-DB22-4512-A47C-DF630152AFE1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B8E97628-A3AC-4607-9A94-806ABE2429C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BFDF1575-6070-4B3C-A9B7-70BE9A6E00B4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C3CDED26-D471-4809-8FA1-202F09DFA792}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C44FEA29-80DC-47E4-BC0F-B4FC32309D9C}" = protocol=6 | dir=in | app=c:\program files (x86)\ut2k4\system\ut2004.exe | 
"{C5E6ADC8-65C1-4297-8CE7-23D22A697E0B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C62FA975-A663-43AD-8277-7D088A3A68EF}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{C6BB950E-85B9-460C-983D-8F4F010F2C0A}" = protocol=6 | dir=out | app=system | 
"{C7D670E1-3ED8-443C-8949-1AB6C68C36C1}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"{C8736291-530B-4E43-8320-63E384C4EB1B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\benchmark.exe | 
"{CB9F7A13-99B6-48B2-B320-1FA022CCFBAB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CBE406AA-E81D-41C4-896E-240EE6E2DC59}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CC2F1063-94E0-47CC-A108-63A9C22F5443}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCAB01D5-41D4-4469-BDF7-37C64A0E48CD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CD9E0643-94BB-437B-B989-A7A3D07EF4F9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\benchmark.exe | 
"{CE438225-9DE2-471C-8CA1-7DBCC08A7334}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{CF43A1D5-9664-4115-B384-807FE2BC5139}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D0B6DF0D-8B0F-421B-910D-64BC7B184011}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\anno4web.exe | 
"{D1CC8C48-78D8-406A-BD7E-13EF3C65FCAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D21109DB-7463-4DBD-8F8B-6A29F08FD77E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D324626A-1ED4-4504-A8E7-C95F7D42C313}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{D348747C-A9F9-499E-950B-26F6C089AE06}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D369BB07-249A-4A38-9865-36ECBE2F901C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D71D55E3-4AD0-4925-93BA-9826342BA18A}" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1602 - gold edition\1602.exe | 
"{D9E88595-ACE4-4612-9C59-F4B4E0D1F92E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{DA0E8E94-D66C-405F-B67A-F75B8B67D5F5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DC528CC0-5008-44D6-838F-813E43D01A35}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{E03B4E17-F826-40CB-8FDC-B05A4FA766F5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E344AC1A-4D04-4C69-8F03-BB2261913579}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E71D5DD9-8310-4C10-921F-7A23D743E73F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EAA2890B-9E21-4E0C-A2C1-8BC2989C67FE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe | 
"{EB15CDDC-9DE6-4EA4-B68C-8ACF3B1C2D75}" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1602 - gold edition\1602.exe | 
"{F02851F0-F3C5-45E4-A36D-9EDECB0F5419}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{F0861924-4AC0-480C-8683-288448B97F33}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F417E334-563A-4101-9749-717BFE8B7465}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{F4C6210F-10FC-4A4E-B964-CAC1FC9E01E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{F599DA2D-E505-43BF-9AA2-F2C90FA37967}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F7C41998-4ED6-4758-BB86-D824E412AF3B}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{FABFD627-2EAD-4EE4-A672-F05780C2CE76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{FB853588-B840-49E6-B7F8-5A981928D562}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{FE19D4D1-83B2-468D-B74B-7137C4D023B0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FF2E998F-82F5-44BE-9600-0801AC6EC263}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{03341652-A564-46B8-BE55-C17D927D8C49}C:\xamppdaten\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xamppdaten\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{04082BF3-CDB6-4462-B034-E47B548B6C7C}C:\users\zellerli\downloads\starcraft_2_beta_dede.exe" = protocol=6 | dir=in | app=c:\users\zellerli\downloads\starcraft_2_beta_dede.exe | 
"TCP Query User{0442162C-6275-4F8A-82EC-9432202F146C}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{0CAB75DC-F005-403C-BB6F-84CEB2DF0178}C:\program files (x86)\fox\aliens vs. predator 2\lithtech.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fox\aliens vs. predator 2\lithtech.exe | 
"TCP Query User{0D8CA656-B29F-4BBB-A28F-67DF203957F6}C:\users\zellerli\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\zellerli\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{0E6C4971-5087-4F21-92F7-DC7585B3D1A2}C:\setups spiele\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\setups spiele\downloader_warcraft3_the_frozen_throne_dede.exe | 
"TCP Query User{103D9D6E-D7AC-4CCC-9AC8-409D43E28478}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{10BED12C-A114-4857-AB60-C3B19CA50955}C:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe" = protocol=6 | dir=in | app=c:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe | 
"TCP Query User{163C00DD-4239-4558-B7DB-A71D31740E66}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe | 
"TCP Query User{2014D340-718F-492D-8B65-A205A74CC598}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe | 
"TCP Query User{231CF380-62A0-4342-B4D3-D8AC847F5389}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{27C92E5C-4B2B-4C56-9C27-507C8D86A7CA}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{298DA669-7A10-4283-8B87-592DC6484E1B}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{3A8564F5-EED0-4682-AD18-02BD6301D749}C:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe | 
"TCP Query User{40ABAF44-2EF1-4FCF-AF17-E07FFAE4A840}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
"TCP Query User{40B3268B-194B-48FB-B912-109438E5E475}C:\program files\miranda x64\miranda64.exe" = protocol=6 | dir=in | app=c:\program files\miranda x64\miranda64.exe | 
"TCP Query User{4492AB14-A845-4DDB-AC31-4FB383E9C8C6}C:\program files\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{4D251248-92A7-42F2-A6BD-B948B6D68176}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{4D902F90-6D25-4B38-AAD5-0BAA44D7CFE7}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{4EAC75C0-3901-426F-8BFA-9691D639FE4B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{50C7C93C-76B6-47DD-8BBD-118104432274}C:\setups\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\setups\starcraft_2_eu_de-de.exe | 
"TCP Query User{52ECB185-B2AC-4D47-BE32-077AF75F79AB}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{56E00A92-30F5-4E86-9BB5-39788E22C3AE}C:\lan\bf2_ulf\bf2.exe" = protocol=6 | dir=in | app=c:\lan\bf2_ulf\bf2.exe | 
"TCP Query User{58B2AE24-7977-4429-8E62-E9FE07C406D7}C:\program files (x86)\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flatout2\flatout2.exe | 
"TCP Query User{5E91AD2F-9C20-4037-9C25-673013F008C4}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe | 
"TCP Query User{6C5270BE-A891-4329-8898-96AB33711AFD}C:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"TCP Query User{7537212F-DF51-4242-8566-3D9080E2F4E5}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{77253648-1B95-46FF-BF5A-54E941FDA6D1}C:\program files (x86)\ea games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\command and conquer generals\game.dat | 
"TCP Query User{7A936E8A-6CFF-4E14-8FDA-A9B96C68D0F0}C:\ti\game.exe" = protocol=6 | dir=in | app=c:\ti\game.exe | 
"TCP Query User{7DCD31C1-FB33-4A1A-A13C-BC6039A803B0}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe | 
"TCP Query User{80FDE594-AC7D-458D-9CAF-3338EC86E6C9}C:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe | 
"TCP Query User{831D22DD-BF82-49F9-8C95-0244FD4B471D}C:\program files (x86)\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\battlefield 2\bf2.exe | 
"TCP Query User{85EBB3B6-0A69-43C1-A852-A4604ED0ABE2}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe | 
"TCP Query User{874D29EA-B2AF-4648-9424-2B06E09E8A5C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{8DAD0460-5BCE-4C38-AFBF-C1D249307A18}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{986CBBF3-9533-459C-B514-87BE21693C13}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"TCP Query User{A0BFB125-7C3F-4B85-82C1-6F886AD6A7ED}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{A8175184-3AD6-44BA-BF83-1382E0DE354A}C:\setups spiele\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=6 | dir=in | app=c:\setups spiele\downloader_warcraft3_reign_of_chaos_dede.exe | 
"TCP Query User{AB200B5D-CA30-496B-BF41-5DE2C7E75515}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{B4A9A4A2-4808-43FC-81B3-D1744525CD37}C:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe" = protocol=6 | dir=in | app=c:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe | 
"TCP Query User{B63A236F-C12F-4164-BDAF-67777E2CBE91}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{BC7B28FF-A136-4738-A7C2-52CB79FEACCB}C:\program files (x86)\anno 1602 - gold edition\1602.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1602 - gold edition\1602.exe | 
"TCP Query User{C23EB4B3-49AC-4533-BC0B-86D6EE084243}C:\program files\miranda x64\miranda64.exe" = protocol=6 | dir=in | app=c:\program files\miranda x64\miranda64.exe | 
"TCP Query User{C4845111-1712-4882-AE03-B429F59BBC3B}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{CADDC25C-F135-407E-AABE-AF6E39F7ED1F}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{D7459CD1-D089-4BD8-97C7-F09798E190CA}C:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe | 
"TCP Query User{E2E31DD6-6B2D-4FC2-A50F-C092922FE3F8}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{E3750BC6-993A-4FAA-9B0A-46059EA94F66}C:\lan\bf2_ulf\bf2.exe" = protocol=6 | dir=in | app=c:\lan\bf2_ulf\bf2.exe | 
"TCP Query User{E93E1576-75B6-4722-BE94-50D34142A729}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{EB02FAA6-57BB-4228-BF02-16520586385D}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | 
"TCP Query User{EFB6674F-978A-4D84-8940-53EC5B797C92}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{F1B1FC13-B8F9-4AB4-8C9F-D85C044CDDAD}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe | 
"TCP Query User{FCB2551F-8116-472D-A86B-B604442BA48C}C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=6 | dir=in | app=c:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe | 
"UDP Query User{01880564-2BFE-471C-A7D0-85D33586E7B2}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{02A745F4-C99C-4705-9366-197909B049A0}C:\program files\miranda x64\miranda64.exe" = protocol=17 | dir=in | app=c:\program files\miranda x64\miranda64.exe | 
"UDP Query User{10A0D758-4A87-4590-9C41-499E84070EB8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{1773D523-4F8D-4635-A9DF-67EF31BBFD81}C:\program files (x86)\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\battlefield 2\bf2.exe | 
"UDP Query User{1A19203F-B352-4F93-BF0B-C61289B13293}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{1E466306-9D64-47C2-824D-011CA77413A8}C:\lan\bf2_ulf\bf2.exe" = protocol=17 | dir=in | app=c:\lan\bf2_ulf\bf2.exe | 
"UDP Query User{2D4E0653-377C-486D-BBCC-967A5E7DB958}C:\ti\game.exe" = protocol=17 | dir=in | app=c:\ti\game.exe | 
"UDP Query User{325FE92E-BA01-4139-B889-0781CA19ED9D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{3461833D-B6D8-409E-A215-14C20C6829B4}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{37E1D480-90D6-4CBE-8BBB-81FC40B91061}C:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\support\blizzarddownloader.exe | 
"UDP Query User{3B02417F-23CD-4675-B269-3FBB3374AA14}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe | 
"UDP Query User{3E78C60C-E919-4472-AAB0-01E9499D5823}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{3E929647-C271-44B2-9C9B-5B8515874F1A}C:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe" = protocol=17 | dir=in | app=c:\program files (x86)\red storm entertainment\ravenshield\system\ravenshield.exe | 
"UDP Query User{452319E5-C7E5-434F-9020-D4BAB78EF7DD}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{4694E673-6825-434D-AA1E-A742F88789ED}C:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{56C854B0-F400-43EF-AEFB-A3F156AEA026}C:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15449\sc2.exe | 
"UDP Query User{5C21011F-3132-4C8A-A8BF-70B05D26F7A8}C:\program files (x86)\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flatout2\flatout2.exe | 
"UDP Query User{5F9119DA-3CD5-428A-9C20-16EF74547365}C:\users\zellerli\downloads\starcraft_2_beta_dede.exe" = protocol=17 | dir=in | app=c:\users\zellerli\downloads\starcraft_2_beta_dede.exe | 
"UDP Query User{64CE4C92-690C-44A0-9BA8-36600AB6950A}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{65F4B86D-CBBD-4C90-852D-89D88374641D}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{6D7BDDB4-C8F0-4596-9273-7B026E259BEE}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
"UDP Query User{79506361-521B-4533-8989-F242572E81B7}C:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\addon.exe | 
"UDP Query User{79789828-B014-4225-B5F7-921F6BDDA1F8}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{7D9AA12C-958D-422D-A506-A1B748DE537E}C:\program files\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{7E850182-C807-41D1-926A-DCCC76FAA52F}C:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\anno 1404 - königsedition\tools\addonweb.exe | 
"UDP Query User{84785378-6D96-43EF-A346-B7664BBEF9C8}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{8C26E52F-5223-4444-9ADB-DFB3E63C3EE5}C:\users\zellerli\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\zellerli\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{8CB60C07-8B7A-483B-9B4A-8153884488DD}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{8EB2D814-3C48-4267-88C2-7B4D7842EEBE}C:\setups\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\setups\starcraft_2_eu_de-de.exe | 
"UDP Query User{8FDFF509-B8AC-4EC8-8559-229A0F490618}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe | 
"UDP Query User{90917955-49DB-4AE7-89FF-D5C555419851}C:\lan\bf2_ulf\bf2.exe" = protocol=17 | dir=in | app=c:\lan\bf2_ulf\bf2.exe | 
"UDP Query User{9DA7D87C-22BE-4F8C-913B-7FC1C1358677}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{9E9C2F35-1349-47D2-B995-99A21B19C578}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | 
"UDP Query User{A4545ED6-888B-44C4-AEE1-A2CC7BD5C168}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{A8647FD7-C7D1-4054-A467-D1B7C723EB58}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe | 
"UDP Query User{A97A262C-BB96-4F9A-A503-AE6D65B73A16}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{ACF4FD19-F8CC-49FC-B64A-1CAA153ACCBB}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{ADBCC90C-0781-4BD3-AE3C-28B5600E8E18}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{AF5329F6-B7CF-43B7-84E1-9880EAC13A82}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe | 
"UDP Query User{BCCC0B21-7F8A-4420-B205-CFA3524896FA}C:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire student software\ti-nspire student software.exe | 
"UDP Query User{C90870D2-CAD3-44CF-9F28-958898F5EF7F}C:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe" = protocol=17 | dir=in | app=c:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe | 
"UDP Query User{CC147F0B-E4FF-4A3B-8EE4-67CDE1D45847}C:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"UDP Query User{CE9E29AC-534A-4802-89D7-84B1684BAF45}C:\program files\miranda x64\miranda64.exe" = protocol=17 | dir=in | app=c:\program files\miranda x64\miranda64.exe | 
"UDP Query User{D4F81D01-9067-4A4D-940E-55211A206DA6}C:\program files (x86)\anno 1602 - gold edition\1602.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1602 - gold edition\1602.exe | 
"UDP Query User{D63233AB-9EE7-4E76-91BA-C8AAAC73EC15}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{D7E9974E-8D54-46B3-9EBE-B4F30341FE4D}C:\setups spiele\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\setups spiele\downloader_warcraft3_the_frozen_throne_dede.exe | 
"UDP Query User{DAB25831-4FA9-4383-9A60-2BCF4BD94CA7}C:\xamppdaten\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xamppdaten\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{E2DB5A7D-D45A-4FAD-89E6-C539FD93C07E}C:\program files (x86)\fox\aliens vs. predator 2\lithtech.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fox\aliens vs. predator 2\lithtech.exe | 
"UDP Query User{EA8147E3-B4FC-4C57-A43D-ED920CC22367}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{F4398DDB-F07E-4D39-897B-9ABA7E10BE72}C:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe | 
"UDP Query User{F6E1C33E-E4F4-486B-8014-952DCCE3D400}C:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe" = protocol=17 | dir=in | app=c:\users\zellerli\appdata\roaming\ipgyo\ecyvcy.exe | 
"UDP Query User{FAEF00E0-4197-46AC-8BEE-ED136E4C1F41}C:\program files (x86)\ea games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\command and conquer generals\game.dat | 
"UDP Query User{FE789878-EA1C-4049-BEDC-8AC92CA9B2C1}C:\setups spiele\downloader_warcraft3_reign_of_chaos_dede.exe" = protocol=17 | dir=in | app=c:\setups spiele\downloader_warcraft3_reign_of_chaos_dede.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C8281B8-D579-414B-AA10-186542582A3B}" = 64-bit MathLink Libraries (6.0.3.1048069)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{78BFF077-C4A2-4715-8321-651585432C79}" = Oracle VM VirtualBox 3.2.0
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A5D44F9D-C159-4C1E-AD21-A4D85B31AB46}" = Corel Graphics - Windows Shell Extension 64 Bit
"{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1" = PDF-XChange Lite 4
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"sp6" = Logitech SetPoint 6.22
"STATNOVAPDF_is1" = STATNOVAPDF (novaPDF 6.1  printer)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0DE35ACF-BDF7-41D3-B45E-4BD26A7F807B}" = STATISTICA 9.1a (DE)
"{103B6835-DCA0-413F-A99E-ECAD6622726E}" = Aliens versus Predator 2: Primal Hunt
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{142DA0F4-8569-4D64-B374-0B65D8F4C9CE}" = Wolfram Notebook Indexer 2.0
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1C3147A7-4810-45FC-AD89-064D8023A514}" = SEPA Account Converter
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C2A073C-4352-4D64-9928-91EAD643CF0C}" = Wolfram Mathematica 6
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0408.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F928B83-3D8E-402B-8480-5C5C3BCE8040}" = OKI B410 Druckermenü-Einrichtungstool
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96700F76-C4C8-4D76-9A1C-0065F8CF36BA}" = Origin86
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{9FE15B75-8AD9-4A6F-A57A-7E7C03C4CBEB}" = StarOffice 8
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.07.07
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B364DC2A-9783-4737-B795-D6F0562A41C5}" = calibre
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{C1EC4E2D-6F63-4806-B88E-7685B6EC186E}" = Cisco AnyConnect VPN Client
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D51BAC38-15D6-462B-9EFB-B330959F0839}" = Origin86
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}" = ScreenManager Pro for LCD
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E327C2A5-E236-44C4-A410-B899403A49A9}" = B400 Series PCL Driver from OKI® Printing Solutions for Windows 
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ACE LoL Client" = League of Legends - ACE Client by Matricus
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"Ahnenblatt_is1" = Ahnenblatt 2.64
"ANNO 1602 - Gold Edition" = ANNO 1602 - Gold Edition
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Company of Heroes" = Company of Heroes
"EA Download Manager" = EA Download Manager
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.50
"FileZilla Client" = FileZilla Client 3.2.7.1
"Gothic II" = Gothic II
"GPU Caps Viewer_is1" = GPU Caps Viewer v1.4.2
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{3C2A073C-4352-4D64-9928-91EAD643CF0C}" = Wolfram Mathematica 6
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0408.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JAP" = JAP
"JDownloader" = JDownloader
"League of Legends_is1" = League of Legends
"MiKTeX 2.8" = MiKTeX 2.8
"Miranda IM" = Miranda IM 0.9.10
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"pdfsam" = pdfsam
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SmartToolsFalz & Lochmarken-Assistentv6.50" = SmartTools Publishing • Word Falz & Lochmarken-Assistent
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 22600" = Worms Reloaded
"Steam App 2760" = Neverwinter Nights 2: Platinum
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"Steam App 57900" = Duke Nukem Forever
"Stellarium_is1" = Stellarium 0.10.6.1
"Sweet Home 3D_is1" = Sweet Home 3D version 3.3
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TI-Nspire CAS Student Software" = TI-Nspire CAS Student Software
"TI-Nspire Student Software" = TI-Nspire Student Software
"TripleAVersion1_2_5_5" = TripleA Version 1_2_5_5
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR Archivierer
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1227684924-1299058479-1627879679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GeoGebra 4" = GeoGebra 4
"Hades webstart" = Hades webstart
"Inkscape" = Inkscape 0.48.2
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.11.2011 16:04:21 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 13.11.2011 16:05:23 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 02:17:05 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 02:18:08 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 03:42:20 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 03:43:37 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 03:56:57 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 03:57:21 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 05:34:39 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
Error - 14.11.2011 05:46:41 | Computer Name = Laemmerspiel | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Die Daten sind unzulässig.  .
 
[ Cisco AnyConnect VPN Client Events ]
Error - 21.11.2012 14:29:44 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 03:06:19 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 06:09:34 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 09:21:48 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 10:52:52 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 13:40:30 | Computer Name = LAEMMERSPIEL | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 13:48:27 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 22.11.2012 13:50:44 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 22.11.2012 13:50:44 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
Error - 23.11.2012 06:08:07 | Computer Name = Laemmerspiel | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ System Events ]
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = DCOM | ID = 10005
Description = 
 
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:34 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:53 | Computer Name = Laemmerspiel | Source = DCOM | ID = 10005
Description = 
 
Error - 23.11.2012 06:10:52 | Computer Name = Laemmerspiel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 23.11.2012 06:10:53 | Computer Name = Laemmerspiel | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von zellerli (23.11.2012 um 12:43 Uhr)

 

Themen zu Ukash Bundespolizei Infektion - Logs anbei
7-zip, adobe reader xi, antivir, autorun, avira, bho, computer, education, error, excel, fehler, flash player, helper, iexplore.exe, install.exe, jdownloader, league of legends, logfile, object, pando media booster, plug-in, poweriso, realtek, registry, rundll, scan, security, server, software, spotify web helper, storm, svchost.exe, teamspeak, trojaner, usb 3.0, virtualbox, visual studio, wgsdgsdgdsgsd.exe, windows




Ähnliche Themen: Ukash Bundespolizei Infektion - Logs anbei


  1. Bundespolizei-Trojaner. Win xp 32. OTL-Logs
    Log-Analyse und Auswertung - 08.02.2014 (6)
  2. Tagelang ohne Firewall - Logs anbei
    Log-Analyse und Auswertung - 04.09.2013 (11)
  3. Computerverhalten; verdacht auf ZBot (Logs anbei)
    Log-Analyse und Auswertung - 13.12.2012 (25)
  4. Bundespolizeitrojaner entdeckt - Logs anbei
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (6)
  5. "Live Security Platinum" vollständig entfernt? Logs anbei.
    Log-Analyse und Auswertung - 03.08.2012 (33)
  6. erbitte Hilfe: Bundespolizei Trojaner -0.9930813233754422.exe (Exploit.Drop.UR.2)-LOGFILES anbei
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (7)
  7. Infektion von XP-Rechner Ende Juli 2012, mit neuem GVU-Bundespolizei Ukash & Paysafe & Webcam
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (1)
  8. Laptop (Vista) versendet Spam - Logs anbei
    Log-Analyse und Auswertung - 29.07.2012 (12)
  9. Bundespolizei-Trojaner, OTL-Logs angehängt
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (5)
  10. http://searchqu.com/410 als Startseite – gut oder bösartig? Logs anbei.
    Log-Analyse und Auswertung - 15.07.2012 (11)
  11. Virus Bundespolizei eingefangen, OTL und Malware Scan anbei
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  12. ANTIVIR meldet tr/sirefef.gc.1 und ATRAPS Gen2 - Was kann ich tun? Anbei Logs
    Log-Analyse und Auswertung - 13.06.2012 (1)
  13. Analyse der OTL-Logs. Befürchtung einer Infektion.
    Log-Analyse und Auswertung - 22.01.2012 (39)
  14. Bundespolizei/ukash-Trojaner entfernt, mag jemand die Logs prüfen?
    Log-Analyse und Auswertung - 05.09.2011 (23)
  15. Trojaner Katusha kann nicht gelöscht werden: Logs der Entfernungsversuche sind anbei
    Plagegeister aller Art und deren Bekämpfung - 14.06.2011 (14)
  16. Alle Programme starten sehr langsam - Logs anbei
    Log-Analyse und Auswertung - 19.12.2010 (6)
  17. verdacht auf infektion, office fehler +logs
    Log-Analyse und Auswertung - 14.11.2008 (9)

Zum Thema Ukash Bundespolizei Infektion - Logs anbei - Hallo, seit gestern habe ich besagten Trojaner (Computer gesperrt, 100€ zahlen). Meine bisherige Recherche hat ergeben, dass ich wohl OTL-Logs posten muss und dann Anweisungen abwarten sollte. Ich danke schon - Ukash Bundespolizei Infektion - Logs anbei...

Alle Zeitangaben in WEZ +1. Es ist jetzt 02:22 Uhr.


Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: Ukash Bundespolizei Infektion - Logs anbei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.