Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Einige Internetseiten nicht erreichbar (wenige Sekunden nach Neustart), auch auf anderen PCs im Hause.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.06.2013, 10:32   #1
36mph
 
Einige Internetseiten nicht erreichbar (wenige Sekunden nach Neustart), auch auf anderen PCs im Hause. - Icon21

Einige Internetseiten nicht erreichbar (wenige Sekunden nach Neustart), auch auf anderen PCs im Hause.



Hallo ihr Lieben,

seit heute kann ich mehrere Internetseiten nicht mehr öffnen. Zum Beispiel erreiche ich euer Forum oder Amazon.de aber nicht GMX, Bahn.de, etc. - Google kann ich manchmal öffnen, aber spätestens bei der Suche hört es dann auf. Der Browser meldet immer nach versuchter Verbindungsherstellung "Fehler: Verbindung unterbrochen". Ich benutze Firefox, habe es auch mit IE versucht, der findet gar nichts. Skype funktioniert normal. Das Problem tritt auch (ähnlich) bei anderen Rechnern im Haus und bei meinem Handy auf, wenn ich es mit WLAN versuche. Dort aber nicht so häufig.

Wenn ich den PC neu starte kann ich für ein paar Sekunden Seiten öffnen die sonst nicht funktionieren, danach wieder das selbe Problem.

Ich habe bereits folgendes versucht:
Virenscan mit AntiVir: kein Fund
Router neu gestartet.
PC neu gestartet.
Cache und Chronik, etc. aus Firefox gelöscht.


Vorgeschichte:


1. Vor ein paar Tagen hatte ich schon das gleiche Problem mit den Internetseiten und Antivir fand zwei Dateien:

C:\Users\Maria\AppData\Local\Temp\H35kTJhf.zip.part
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Agent.phs
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '542638e0.qua' verschoben!
C:\Users\Maria\AppData\Local\Temp\fotos91-lol.zip
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Agent.phs
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f70171b.qua' verschoben!

Ich habe die Dateien in die Quarantäne verschoben und dann gelöscht. Danach war das Problem (bis heute) behoben.

2. Ich hatte vor ein paar Monaten (andere) Probleme mit dem Internet, seitdem ist die Version 6 vom Internetprotokoll (IPv6) deaktiviert. Habe versucht ob es was ändert, wenn ichs wieder aktiviere aber das halft nicht.

Nun zu den Logs:

1. Defogger hat keine Fehler angezeigt.

2. OTL
OTL.txt
Code:
ATTFilter
OTL logfile created on: 05.06.2013 10:50:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Maria\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,56% Memory free
7,96 Gb Paging File | 6,31 Gb Available in Paging File | 79,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1648,84 Gb Free Space | 91,00% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 13,35 Gb Free Space | 26,70% Space Free | Partition Type: NTFS
Drive E: | 7,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DBLRAINBOW | User Name: Maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.05 10:49:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe
PRC - [2013.06.05 10:31:22 | 000,050,477 | ---- | M] () -- C:\Users\Maria\Desktop\Defogger.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.24 04:25:56 | 000,683,696 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2012.08.08 23:15:42 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.26 01:32:46 | 000,443,688 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.30 09:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.05 10:31:22 | 000,050,477 | ---- | M] () -- C:\Users\Maria\Desktop\Defogger.exe
MOD - [2011.12.16 14:11:08 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e8339b699235ebf2f904ccb8383de342\IAStorUtil.ni.dll
MOD - [2011.12.16 14:11:08 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33cecc66284ef59208b639ec72b0f565\IAStorCommon.ni.dll
MOD - [2011.12.16 12:27:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.12.16 12:26:59 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.12.16 12:26:55 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.12.16 12:26:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.12.16 12:26:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.12.16 12:26:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.12.16 12:26:39 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.12.16 12:26:35 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.05.16 16:03:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.05.12 16:13:56 | 009,321,832 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.05.20 11:11:38 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.24 04:25:56 | 000,683,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.24 03:51:12 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2012.06.13 07:00:48 | 000,726,160 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.26 12:21:48 | 000,017,408 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.3.24903.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.06.02 19:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 19:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 14:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.16 00:11:38 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.05.12 16:14:23 | 000,194,160 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2010.05.12 16:14:23 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2010.05.10 12:39:26 | 000,162,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_RCI.SYS -- (HWARadio)
DRV:64bit: - [2010.05.10 12:39:10 | 000,543,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_DWA.SYS -- (DWA)
DRV:64bit: - [2010.05.10 12:38:40 | 000,916,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSR_HWA.SYS -- (hwa)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {9E791032-6644-43FD-B9E4-6DEEEF835B40}
IE - HKCU\..\SearchScopes\{9E791032-6644-43FD-B9E4-6DEEEF835B40}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393
IE - HKCU\..\SearchScopes\{F9BF2B30-3A4E-4D1F-8779-DC18625762B1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=038506C4-325E-4A53-8D07-41EEA87C6BF3&apn_sauid=24E4D0DA-A178-4429-BCBF-A206FC2D8BE1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: zotero%40chnm.gmu.edu:4.0.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.15 17:56:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria\AppData\Roaming\mozilla\Extensions
[2013.05.02 17:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maria\AppData\Roaming\mozilla\Firefox\Profiles\cy5kdojo.default\extensions
[2013.05.02 17:14:42 | 004,691,600 | ---- | M] () (No name found) -- C:\Users\Maria\AppData\Roaming\mozilla\firefox\profiles\cy5kdojo.default\extensions\zotero@chnm.gmu.edu.xpi
[2012.11.07 23:36:14 | 000,002,308 | ---- | M] () -- C:\Users\Maria\AppData\Roaming\mozilla\firefox\profiles\cy5kdojo.default\searchplugins\askcom.xml
[2013.05.20 11:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.20 11:11:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4 - Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Maria\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Maria\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Maria\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16:64bit: - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab (JuniperSetupClientControl64 Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B90CD70-E56C-4456-B65F-11601705E13B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63A3E769-8B26-4CC2-8F44-87F53971FE65}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.06.07 09:18:17 | 000,000,066 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{42d44c4c-274d-11e1-ab16-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{42d44c4c-274d-11e1-ab16-806e6f6e6963}\Shell\AutoRun\command - "" = E:\tools\shelexec.exe html\index.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.05 10:49:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe
[2013.06.04 16:47:57 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\Fotos
[2013.06.04 12:42:49 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Juniper Networks
[2013.06.04 12:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2013.06.04 12:42:12 | 000,590,512 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\dsNcSmartCardProv.dll
[2013.06.04 12:42:12 | 000,422,576 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\dsNcCredProv.dll
[2013.06.04 12:41:42 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Local\Juniper Networks
[2013.06.04 12:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Juniper Networks
[2013.05.29 23:36:24 | 000,000,000 | ---D | C] -- C:\gravity
[2013.05.29 23:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.05.28 13:07:28 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Local\.elfohilfe
[2013.05.21 15:08:32 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\elsterformular
[2013.05.21 14:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2013.05.21 14:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2013.05.21 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2013.05.21 14:28:46 | 135,555,120 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Maria\Desktop\ElsterFormular-14.2.20130517k.exe
[2013.05.20 11:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.14 21:42:13 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\8hacks
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Maria\Desktop\*.tmp files -> C:\Users\Maria\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.05 10:49:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe
[2013.06.05 10:48:42 | 000,000,000 | ---- | M] () -- C:\Users\Maria\defogger_reenable
[2013.06.05 10:43:23 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 10:43:23 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 10:35:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.05 10:35:58 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.05 10:31:22 | 000,050,477 | ---- | M] () -- C:\Users\Maria\Desktop\Defogger.exe
[2013.06.04 12:41:54 | 002,390,176 | ---- | M] () -- C:\Users\Maria\Desktop\NCInst64.exe
[2013.06.03 21:48:42 | 077,239,462 | ---- | M] () -- C:\Users\Maria\Desktop\IMG_1155.MOV
[2013.06.03 21:44:58 | 000,120,895 | ---- | M] () -- C:\Users\Maria\Desktop\IMG_1142.JPG
[2013.06.02 17:23:42 | 001,075,166 | ---- | M] () -- C:\Users\Maria\Desktop\team_profile_eclipse.pdf
[2013.06.02 17:22:21 | 001,087,464 | ---- | M] () -- C:\Users\Maria\Desktop\team_profile_eclipse.xps
[2013.06.02 17:20:40 | 001,066,094 | ---- | M] () -- C:\Users\Maria\Desktop\profile.jpg
[2013.06.02 16:13:18 | 005,096,472 | ---- | M] () -- C:\Users\Maria\Desktop\IMG_4669.JPG
[2013.06.02 15:55:35 | 005,984,468 | ---- | M] () -- C:\Users\Maria\Desktop\radu.JPG
[2013.06.02 15:44:02 | 001,477,727 | ---- | M] () -- C:\Users\Maria\Desktop\lilly.jpg
[2013.06.02 15:36:34 | 000,218,338 | ---- | M] () -- C:\Users\Maria\Desktop\maria1.jpg
[2013.06.02 15:24:52 | 000,115,500 | ---- | M] () -- C:\Users\Maria\Desktop\Mary.jpg
[2013.06.02 15:22:46 | 000,235,138 | ---- | M] () -- C:\Users\Maria\Desktop\maria.jpg
[2013.06.02 15:10:13 | 000,075,104 | ---- | M] () -- C:\Users\Maria\Desktop\mj2.jpg
[2013.06.02 15:07:19 | 000,066,123 | ---- | M] () -- C:\Users\Maria\Desktop\mj.jpg
[2013.06.02 15:05:37 | 002,332,098 | ---- | M] () -- C:\Users\Maria\Desktop\IMG_0128.JPG
[2013.06.02 14:56:32 | 000,068,194 | ---- | M] () -- C:\Users\Maria\Desktop\erz2.jpg
[2013.06.02 14:56:21 | 000,068,194 | ---- | M] () -- C:\Users\Maria\Desktop\erz.jpg
[2013.06.02 12:24:23 | 000,049,714 | ---- | M] () -- C:\Users\Maria\Desktop\kristin.jpg
[2013.06.02 12:23:17 | 000,046,254 | ---- | M] () -- C:\Users\Maria\Desktop\my face cropped.jpg
[2013.05.29 13:03:56 | 001,917,199 | ---- | M] () -- C:\Users\Maria\Desktop\IMG_1697.JPG
[2013.05.29 13:03:40 | 002,037,163 | ---- | M] () -- C:\Users\Maria\Desktop\IMG_1695.JPG
[2013.05.26 23:14:23 | 000,158,060 | ---- | M] () -- C:\Users\Maria\Desktop\hausaufgabe_maria_neu.pdf
[2013.05.26 23:09:14 | 000,438,553 | ---- | M] () -- C:\Users\Maria\Desktop\hausaufgabe_maria_neu.xps
[2013.05.26 02:34:26 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.26 02:34:26 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.26 02:34:26 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.26 02:34:26 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.26 02:34:26 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.25 22:36:05 | 000,953,967 | ---- | M] () -- C:\Users\Maria\Desktop\hotkeys2.png
[2013.05.25 22:35:26 | 000,948,472 | ---- | M] () -- C:\Users\Maria\Desktop\hotkeys.png
[2013.05.24 22:26:52 | 000,368,571 | ---- | M] () -- C:\Users\Maria\Desktop\eclipse.fem.pdf
[2013.05.23 18:53:14 | 000,046,973 | ---- | M] () -- C:\Users\Maria\Desktop\Servqual.pdf
[2013.05.21 14:40:54 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.05.21 14:29:29 | 135,555,120 | ---- | M] (Landesfinanzdirektion Thüringen) -- C:\Users\Maria\Desktop\ElsterFormular-14.2.20130517k.exe
[2013.05.18 09:42:42 | 000,749,513 | ---- | M] () -- C:\Users\Maria\Desktop\bild0.jpg
[2013.05.18 09:35:39 | 000,607,266 | ---- | M] () -- C:\Users\Maria\Desktop\bild1.jpg
[2013.05.15 20:31:42 | 003,269,778 | ---- | M] () -- C:\Users\Maria\Desktop\Präsentation whirlpool-discount.de.pdf
[2013.05.12 12:08:43 | 000,031,460 | ---- | M] () -- C:\Users\Maria\Desktop\muttertagsgedicht.pdf
[2013.05.12 12:06:58 | 000,115,590 | ---- | M] () -- C:\Users\Maria\Desktop\Muttertagsgedicht.xps
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\Maria\Desktop\*.tmp files -> C:\Users\Maria\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.05 10:48:42 | 000,000,000 | ---- | C] () -- C:\Users\Maria\defogger_reenable
[2013.06.05 10:31:20 | 000,050,477 | ---- | C] () -- C:\Users\Maria\Desktop\Defogger.exe
[2013.06.04 12:41:54 | 002,390,176 | ---- | C] () -- C:\Users\Maria\Desktop\NCInst64.exe
[2013.06.03 21:44:57 | 000,120,895 | ---- | C] () -- C:\Users\Maria\Desktop\IMG_1142.JPG
[2013.06.03 21:41:54 | 077,239,462 | ---- | C] () -- C:\Users\Maria\Desktop\IMG_1155.MOV
[2013.06.02 17:23:42 | 001,075,166 | ---- | C] () -- C:\Users\Maria\Desktop\team_profile_eclipse.pdf
[2013.06.02 17:22:19 | 001,087,464 | ---- | C] () -- C:\Users\Maria\Desktop\team_profile_eclipse.xps
[2013.06.02 17:20:40 | 001,066,094 | ---- | C] () -- C:\Users\Maria\Desktop\profile.jpg
[2013.06.02 16:13:03 | 005,096,472 | ---- | C] () -- C:\Users\Maria\Desktop\IMG_4669.JPG
[2013.06.02 15:55:20 | 005,984,468 | ---- | C] () -- C:\Users\Maria\Desktop\radu.JPG
[2013.06.02 15:44:01 | 001,477,727 | ---- | C] () -- C:\Users\Maria\Desktop\lilly.jpg
[2013.06.02 15:36:33 | 000,218,338 | ---- | C] () -- C:\Users\Maria\Desktop\maria1.jpg
[2013.06.02 15:24:51 | 000,115,500 | ---- | C] () -- C:\Users\Maria\Desktop\Mary.jpg
[2013.06.02 15:22:46 | 000,235,138 | ---- | C] () -- C:\Users\Maria\Desktop\maria.jpg
[2013.06.02 15:10:11 | 000,075,104 | ---- | C] () -- C:\Users\Maria\Desktop\mj2.jpg
[2013.06.02 15:07:18 | 000,066,123 | ---- | C] () -- C:\Users\Maria\Desktop\mj.jpg
[2013.06.02 14:56:32 | 000,068,194 | ---- | C] () -- C:\Users\Maria\Desktop\erz2.jpg
[2013.06.02 14:56:20 | 000,068,194 | ---- | C] () -- C:\Users\Maria\Desktop\erz.jpg
[2013.06.02 13:30:55 | 002,332,098 | ---- | C] () -- C:\Users\Maria\Desktop\IMG_0128.JPG
[2013.06.02 12:24:23 | 000,049,714 | ---- | C] () -- C:\Users\Maria\Desktop\kristin.jpg
[2013.06.02 12:23:16 | 000,046,254 | ---- | C] () -- C:\Users\Maria\Desktop\my face cropped.jpg
[2013.05.29 12:59:36 | 002,037,163 | ---- | C] () -- C:\Users\Maria\Desktop\IMG_1695.JPG
[2013.05.29 12:59:32 | 001,917,199 | ---- | C] () -- C:\Users\Maria\Desktop\IMG_1697.JPG
[2013.05.26 23:14:22 | 000,158,060 | ---- | C] () -- C:\Users\Maria\Desktop\hausaufgabe_maria_neu.pdf
[2013.05.26 23:09:13 | 000,438,553 | ---- | C] () -- C:\Users\Maria\Desktop\hausaufgabe_maria_neu.xps
[2013.05.25 22:36:04 | 000,953,967 | ---- | C] () -- C:\Users\Maria\Desktop\hotkeys2.png
[2013.05.25 22:35:26 | 000,948,472 | ---- | C] () -- C:\Users\Maria\Desktop\hotkeys.png
[2013.05.24 22:26:50 | 000,368,571 | ---- | C] () -- C:\Users\Maria\Desktop\eclipse.fem.pdf
[2013.05.23 18:53:14 | 000,046,973 | ---- | C] () -- C:\Users\Maria\Desktop\Servqual.pdf
[2013.05.21 14:40:54 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.05.18 09:42:42 | 000,749,513 | ---- | C] () -- C:\Users\Maria\Desktop\bild0.jpg
[2013.05.18 09:35:39 | 000,607,266 | ---- | C] () -- C:\Users\Maria\Desktop\bild1.jpg
[2013.05.15 20:31:37 | 003,269,778 | ---- | C] () -- C:\Users\Maria\Desktop\Präsentation whirlpool-discount.de.pdf
[2013.05.14 21:41:21 | 000,188,345 | ---- | C] () -- C:\Users\Maria\Desktop\8hacks.rar
[2013.05.12 12:08:43 | 000,031,460 | ---- | C] () -- C:\Users\Maria\Desktop\muttertagsgedicht.pdf
[2013.05.12 12:06:57 | 000,115,590 | ---- | C] () -- C:\Users\Maria\Desktop\Muttertagsgedicht.xps
[2013.04.27 20:47:26 | 000,009,520 | ---- | C] () -- C:\Users\Maria\.recently-used.xbel
[2013.04.27 18:00:58 | 000,000,031 | ---- | C] () -- C:\Users\Maria\.gtk-bookmarks
[2013.03.12 20:49:16 | 000,000,600 | ---- | C] () -- C:\Users\Maria\AppData\Local\PUTTY.RND
[2013.03.05 14:57:03 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.05 22:40:04 | 000,000,017 | ---- | C] () -- C:\Users\Maria\AppData\Local\resmon.resmoncfg
[2012.06.29 16:01:16 | 000,000,062 | ---- | C] () -- C:\Users\Maria\.gitconfig
[2012.04.26 21:41:57 | 000,000,101 | ---- | C] () -- C:\Users\Maria\.webcall
[2012.03.26 12:21:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012.03.26 12:21:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 05:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.24 19:53:48 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.06.05 10:37:39 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Dropbox
[2012.01.20 16:29:01 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\DVDVideoSoft
[2012.01.06 14:05:25 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.05.21 15:08:42 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\elsterformular
[2013.04.25 19:17:33 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\FileZilla
[2011.12.23 00:46:38 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\geany
[2013.03.05 15:00:20 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\GitHub
[2013.04.27 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\gtk-2.0
[2013.06.04 12:43:35 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Juniper Networks
[2013.02.15 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Lionhead Studios
[2013.04.21 11:00:37 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Oracle
[2012.01.25 10:09:03 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\PACE Anti-Piracy
[2012.04.05 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Samsung
[2012.07.05 16:28:44 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\SplitMediaLabs
[2012.01.25 10:10:52 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.07.16 19:26:20 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Trine2
[2013.06.04 18:38:04 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\TS3Client
[2011.12.23 22:40:41 | 000,000,000 | ---D | M] -- C:\Users\Maria\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1173 bytes -> C:\Users\Maria\AppData\Local\MRG1Jdyy2279vS:Pn3BWM7ZRegVttmIQ
@Alternate Data Stream - 1109 bytes -> C:\Users\Maria\AppData\Local\Temp:yhmWPq93uMAb6UywK1dzA

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 05.06.2013 10:50:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Maria\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,56% Memory free
7,96 Gb Paging File | 6,31 Gb Available in Paging File | 79,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1648,84 Gb Free Space | 91,00% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 13,35 Gb Free Space | 26,70% Space Free | Partition Type: NTFS
Drive E: | 7,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DBLRAINBOW | User Name: Maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{063D845F-022B-4B8D-B18B-31C4B4130740}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0DB3BD36-3713-4C6F-A453-EF3F706F3AC7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0E2B988A-68BE-40B5-8FF0-FE579DF918AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{12BEB95C-1CF4-4AEF-8F04-F30395F343F2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1D5D4FA8-BEE3-4F88-9103-7D2A6467EDC5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{32C90688-FE0D-4C27-97B8-6175E49304AD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B6E0031-AB2D-4E90-9A4A-481E5B9EA6DD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{453AEE20-B029-490E-8E56-8A00384A9141}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{50ABB55A-BFF9-4E15-9EBE-FD4B3E428088}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5417FCEB-6832-4E5D-BC4C-1F3932A2ED94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6DCFD9CE-595E-4417-A13C-181FF0C71DFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6EE97FA8-B894-4A82-9F85-2E9A0FDC563E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{70B95500-A187-4BBD-8AC5-24167D2265BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{753BACAA-8249-4845-8CD1-D3A45772B59F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{799D88FB-89ED-4E67-BA09-36AB8E794093}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7B0B6035-670E-45A5-BFA3-5D3E4479A585}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8A0F6F7B-B226-4222-A6AA-730FB52D93E8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{96491A87-4832-4FC8-876E-A0872A3A8680}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A96D307D-845E-41AA-A658-FAE594986B51}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B289B367-9920-433E-B8F3-BB5A57057BFD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BB39D96C-435E-4666-88BF-0A623F64755F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C56519A8-DA20-4D1E-A428-3713B5DEF464}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CE0C9D05-12AE-4E6A-B077-0D79FF04DA76}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE399E2A-9CD4-4C1D-90F7-3A06A6F3DECD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DE720F26-9583-4290-9E1C-C3E25D0719D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E1448AF8-9954-4A7A-95DC-FBE88B77D6CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E4CBE3A6-2364-4AF4-B778-07A8EC8D3233}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E7F26C92-D3AF-4048-AB77-DBB80329D164}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E8336816-3E1B-4B0F-A1D6-5D00446300E2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED7E8D2D-2114-4400-8BDC-184DA55FF644}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F4A1BC2C-1D16-4223-9DB5-6D382E8A8745}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AB7E79-691F-4FC9-8E27-C733DC93CF73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{05422DCA-3369-4B4B-86CF-8C56DC534927}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{08CAFFA3-FC59-4A6D-990C-D65FFAF59A0B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{0B508591-2282-4E57-85D4-16F67D6F19B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{1005977E-7C67-412D-AD57-FFD53B24A7BF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{10257A14-DB19-4D26-8608-B785E407EF47}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{104DAF47-EB99-4A74-8995-AF3173BA6CD1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe | 
"{10990A47-30D6-4B58-B77A-606F0B8436D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{12ADFCA7-48A2-41D7-B1D8-25BA18D577A8}" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"{15005F07-3F58-482C-860C-1BCC3243982D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{1B6E1834-F087-4891-A192-C4D2CB39D5CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe | 
"{1FB7454B-B65B-44D9-BBDD-11949BDCBDB6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe | 
"{22CA0034-0997-4C50-B681-1E9BEA317985}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{246CFD9E-BD1F-4350-BBEA-6C841498A7F0}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{252B7852-C110-413A-92AD-727D355A8B25}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{25D3EC54-44A5-4ABE-ABCD-8C24A30FB877}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe | 
"{29017440-8BEC-428D-9C74-96066A0E491E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe | 
"{2D2DCCB4-2DE3-4EB3-9E65-80734F4A8DA8}" = protocol=17 | dir=in | app=c:\users\maria\appdata\roaming\dropbox\bin\dropbox.exe | 
"{32C466B4-8377-409F-850F-864D03A63908}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{3313C259-264C-4DBB-BD7E-39E14680385F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{33ADF4C7-66A9-41E1-9E1F-4996A497CDAA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{36F4492C-B647-4DB9-B91B-EE2041AFF83E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{384AF4C8-19B5-45CB-982A-200532AC6EA3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{393625A8-292B-4137-8BCA-B98B2AB3A4DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{452E225C-EE8F-4FA2-8813-B3CD010CBABC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{478469F2-79BD-4F8C-9994-A4041CE242C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{48ADADD6-6AD7-4212-A2B0-BD06DB0EB009}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{4C02EB0D-ED67-46D1-983E-9C82DDA1991F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe | 
"{510F74E4-AC3C-4FE2-8A7B-D2B0105B8456}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{52CFA4C9-47AB-40EF-8257-C53E6155785B}" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"{56D7C47D-1E41-4C4F-8D2D-E773F563CF16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{57244DBB-0411-4E28-AB16-2A67A8F54D2D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{57666748-F35D-48E2-AADB-8118F389CA18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe | 
"{5A721CED-4B6A-4246-9B28-CF42B53A901F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5AD05311-CE3B-45CB-A95E-30D3057AFEDB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5BB4DB6F-CC79-412D-AC4E-07383C07D0DE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | 
"{5D8DCAF4-B92F-4A7E-B385-5DA9B2F8F9A2}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{5FB4A2FB-5EEC-4651-AEBF-1E64551C170A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{61F12D20-7616-4511-990A-406DAA7040B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{686D0808-0BB4-4D0F-ACA8-3B3B4D81B1BD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\custom.exe | 
"{6BFD7B82-BFC1-44C0-89CA-FB2AE09194DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cave story+\cavestory+.exe | 
"{6DD9564F-4F9E-4E35-BC29-875FE15A791D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warframe\tools\launcher.exe | 
"{71644016-B1DB-4E99-AA54-7C11BA404A70}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{71E2D278-3202-4695-A068-457CF7F75A8D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe | 
"{72BDF32B-BAEB-4B74-A366-F6F74BD31D3A}" = protocol=6 | dir=in | app=c:\users\maria\appdata\roaming\dropbox\bin\dropbox.exe | 
"{73EDE6A6-8F9F-493F-B155-583C698A1AA4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{7A10DA76-C9E8-4ADD-85CA-21AE647C2EA3}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{7B60B410-3A0A-4DB6-92CD-01A1241B6E68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BD323B4-F2E4-4B5F-B6C4-33E6667A344F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{821CF773-F95D-4CC2-97FF-49B7338660AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{82266945-E3F5-4E2F-B9B0-D0A64365AA86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{83835C5D-720F-4D2B-9DD7-C322952677AC}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{85562433-E03B-4051-A048-9FF12712A572}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{8556FCC6-3E74-4666-BCE2-9C903EA6A3E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{8B6EA0E1-7118-412D-8CFA-9B8A349A40BE}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{8F4A4A06-764C-499D-A87D-FEF56752C12F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{91ADC53A-21CE-43EA-BC2E-28125428A5DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe | 
"{95383465-BAB7-40BA-9B30-BE8DE318AB26}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9564AB56-8B73-4FEF-9855-171CD7266F00}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | 
"{9700F347-A590-47BA-9E0C-FCB1CE926A12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe | 
"{9F5562EB-10DB-4BCF-A93A-10CC28752987}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{A3FBE132-3AA1-4333-9E3A-1C280DAE6A9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ragnarok online 2\wplauncher.exe | 
"{A418C341-175A-4F95-BB5C-A9E10841340F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{A517E512-D7F3-4EC5-92A7-7D7A88DFF1F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{A59550D8-D84A-49A1-9720-E32B178F6940}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A60C2559-76A3-4DA9-AB06-9022CA9FFF52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penny arcade adventures on the rain-slick precipice of darkness episode 2\rainslickep2.exe | 
"{A6DCBEF5-5074-426C-A7BC-E29A084A81C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{AF80C2C1-4335-47EA-B7C7-B1295EFBBB2E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\penny arcade adventures on the rain-slick precipice of darkness episode 2\rainslickep2.exe | 
"{BAE1B388-1D05-428D-B30C-B31408BB271D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{BB3EBEAB-CE71-4428-8F54-A9F0902B9C7A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ragnarok online 2\wplauncher.exe | 
"{BB7C6C87-7A71-47ED-9562-F2BC30F92D23}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{BE5B0675-CD8B-4396-B086-9A2090DD5FDA}" = protocol=6 | dir=out | app=system | 
"{D0378C13-A585-4EA2-97ED-D51C19D2F250}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{D37071B8-116E-440F-8B07-B587E42E2DA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D5C8F22A-7437-4881-8663-A378F4AC1021}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D6E01915-9CEE-4711-BBD1-F8E6650503A0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\recettear\recettear.exe | 
"{D753ED4A-E98B-480F-B91D-6E3AFE808AF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D9D09203-0735-411C-B706-AB4822F751C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe | 
"{DA460E48-C0BC-4858-A9FB-61AB26EE5D01}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | 
"{DC28B59A-F3BE-40A5-B291-91EC88AC6472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe | 
"{DF01B80D-F86B-4B15-BA53-C6A6F07770F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\modlauncher.exe | 
"{E563A1A4-C655-4CFB-BFEE-1AC0AF4C766C}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{E6937078-07C7-4DCC-A0A2-7C50A649BF1C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe | 
"{E818A69B-FEC4-4C42-8607-B1806CC9CE1C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | 
"{F17275B9-E6FF-4DDE-8E75-87581F44B551}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\launchpad.exe | 
"{F2714127-066F-4494-AC2A-00D3BB5D4582}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F42C5668-F8A9-4846-8893-3552A385C27A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe | 
"{F4D377A1-4010-4808-B8D5-2E7396C6E169}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F9EEAEC5-9D01-4674-B686-13308A263060}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{FF604F46-752C-49F1-B5EE-615B78A9DCF7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{FFD8F516-3D9A-4BCC-9ECA-892E5C3A754D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{29E94754-3E9B-4871-8B69-F1BCA88E6DD0}C:\program files (x86)\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\azureus\azureus.exe | 
"TCP Query User{3D8F73AC-A3FE-417A-9119-606F071A3803}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe | 
"TCP Query User{41EDAEDA-EF6C-4E64-AE7F-EEE0CA342BE0}C:\users\maria\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\maria\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{46C243E7-C7CA-405C-AC4E-038A38EA225A}C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe | 
"TCP Query User{72CBA670-AD6B-4766-A06D-E22161E5CCAD}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"TCP Query User{B39F0514-004B-421B-85A8-4AFD2A34304B}C:\wamp\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\apache2\bin\httpd.exe | 
"TCP Query User{BE4E4E55-0AD3-419E-AAF5-0AE4B3C17647}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"UDP Query User{154B9432-236C-4445-B5C2-32450C026CA3}C:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magic the gathering tactics\mtgtactics.exe | 
"UDP Query User{24790871-3DC8-488D-99DF-019CBDFCCC70}C:\wamp\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\apache2\bin\httpd.exe | 
"UDP Query User{3CF34FF7-6DA3-4B85-86C1-D7DDC23A6E36}C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe | 
"UDP Query User{90D00B62-3165-49A6-B90B-73A388A598E8}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"UDP Query User{9805340E-C615-44FD-B94F-E93A0FF9895F}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{A81DC17E-659C-4C9D-9A02-07E74F2EDAB7}C:\program files (x86)\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe | 
"UDP Query User{D3A5728D-CEC7-48D2-8ACC-DFF087E06765}C:\users\maria\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\maria\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{42C44037-0ABF-4BEF-AEBE-CFB50835C5D8}" = DisplayLink Core Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}" = Python 2.7.3 (64-bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client 64-bit Activex Control
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{15C49338-59E5-472E-94F7-D5AE15EE23C9}" = XSplit
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DotAlicious Gaming Client" = DotAlicious Gaming Client
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Geany" = Geany 0.21
"Git_is1" = Git version 1.7.10-preview20120409
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"Juniper Network Connect 7.2.0" = Juniper Networks Network Connect 7.2.0
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"mIRC" = mIRC
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"On the Rain-Slick Precipice of Darkness, Episode Two" = On the Rain-Slick Precipice of Darkness, Episode Two
"Protege 3.4.8" = Protege 3.4.8
"RADVideo" = RAD Video Tools
"Samsung ML-1860 Series" = Samsung ML-1860 Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"Steam App 105400" = Fable III
"Steam App 107110" = Bastion - Demo
"Steam App 113200" = The Binding of Isaac
"Steam App 18000" = On the Rain-Slick Precipice of Darkness, Episode One
"Steam App 18020" = On the Rain-Slick Precipice of Darkness, Episode Two
"Steam App 200710" = Torchlight II
"Steam App 200900" = Cave Story+
"Steam App 201190" = Magic: The Gathering – Tactics
"Steam App 205790" = Dota 2 Test
"Steam App 230410" = Warframe
"Steam App 231060" = Ragnarok Online 2
"Steam App 35720" = Trine 2
"Steam App 36630" = Rusty Hearts
"Steam App 400" = Portal
"Steam App 570" = Dota 2
"Steam App 620" = Portal 2
"Steam App 63200" = Monday Night Combat
"Steam App 70400" = Recettear: An Item Shop's Tale
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"68c6678448324991" = GitHub
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.5.3
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.05.2013 13:26:11 | Computer Name = dblRainbow | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".  Die abhängige Assemblierung
 "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
 werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 25.05.2013 04:58:20 | Computer Name = dblRainbow | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".  Die abhängige Assemblierung
 "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
 werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 27.05.2013 10:54:16 | Computer Name = dblRainbow | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".  Die abhängige Assemblierung
 "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
 werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 29.05.2013 12:38:40 | Computer Name = dblRainbow | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".  Die abhängige Assemblierung
 "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
 werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 31.05.2013 09:34:51 | Computer Name = dblRainbow | Source = ESENT | ID = 490
Description = Windows (2824) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 31.05.2013 09:34:51 | Computer Name = dblRainbow | Source = ESENT | ID = 439
Description = Windows (2824) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
 konnte nicht geschrieben werden. Fehler -1032.
 
Error - 31.05.2013 11:59:36 | Computer Name = dblRainbow | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".  Die abhängige Assemblierung
 "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
 werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 04.06.2013 04:33:45 | Computer Name = dblRainbow | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".  Die abhängige Assemblierung
 "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"" konnte nicht gefunden
 werden.  Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
Error - 04.06.2013 06:43:51 | Computer Name = dblRainbow | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 05.06.2013 03:47:20 | Computer Name = dblRainbow | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 21.0.0.4879 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 13e4    Startzeit:
 01ce61bf1af7f837    Endzeit: 39    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 1af229b1-cdb4-11e2-8335-8c89a56bf7e0  
 
[ System Events ]
Error - 04.06.2013 12:27:47 | Computer Name = dblRainbow | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 04.06.2013 12:51:47 | Computer Name = dblRainbow | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 04.06.2013 12:51:47 | Computer Name = dblRainbow | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 04.06.2013 17:00:46 | Computer Name = dblRainbow | Source = Service Control Manager | ID = 7031
Description = Der Dienst "DisplayLinkManager" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 05.06.2013 02:12:40 | Computer Name = dblRainbow | Source = Service Control Manager | ID = 7000
Description = Der Dienst "wampstackApache" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 05.06.2013 02:14:40 | Computer Name = dblRainbow | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 05.06.2013 02:14:43 | Computer Name = dblRainbow | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 05.06.2013 03:38:39 | Computer Name = dblRainbow | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 05.06.2013 03:38:39 | Computer Name = dblRainbow | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse 
des Computers,  der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
 -n an  der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
 
Error - 05.06.2013 04:36:07 | Computer Name = dblRainbow | Source = Service Control Manager | ID = 7000
Description = Der Dienst "wampstackApache" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
 
< End of report >
         
3. Gmer

Kurz nach Start des Scans bekam ich einen Bluescreen.

Habe ein Bild mit dem Handy hochgeladen, kann den Link nicht öffnen aber ich hoffe ich habe richtig abgetippt:

hxxp://abload.de/img/20130605_112236myuz5.jpg

Über Hilfe bei meinem Problem würde ich mich wirklich sehr freuen, vielen Dank!

Liebe Grüße, Maria

Geändert von 36mph (05.06.2013 um 10:52 Uhr) Grund: Bild eingefügt, Details hinzugefügt, Namen rausgelöscht

Alt 05.06.2013, 12:34   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Einige Internetseiten nicht erreichbar (wenige Sekunden nach Neustart), auch auf anderen PCs im Hause. - Standard

Einige Internetseiten nicht erreichbar (wenige Sekunden nach Neustart), auch auf anderen PCs im Hause.



HI,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Antwort

Themen zu Einige Internetseiten nicht erreichbar (wenige Sekunden nach Neustart), auch auf anderen PCs im Hause.
adobe reader xi, antivir, avira, bds/agent.phs, browser, converter, firefox, flash player, gesperrt, google, helper, home, install.exe, internetseite, logfile, nicht öffnen, plug-in, problem, prozess, realtek, registry, security, sekunden, software, svchost.exe, teamspeak, verbdinungsabbruch, windows




Ähnliche Themen: Einige Internetseiten nicht erreichbar (wenige Sekunden nach Neustart), auch auf anderen PCs im Hause.


  1. Internetverbinung unterbricht immer für wenige Sekunden
    Alles rund um Windows - 16.08.2015 (3)
  2. W7 - Bildschirm bleibt nach Anmeldung wenige Sekunden weiss
    Plagegeister aller Art und deren Bekämpfung - 13.01.2015 (29)
  3. Win 8.1: Einige Websites nicht erreichbar
    Log-Analyse und Auswertung - 13.06.2014 (11)
  4. Win7: Einige wenige Programme funktionieren nicht mehr und Laptop wird langsam.
    Log-Analyse und Auswertung - 25.05.2014 (20)
  5. Viele Internetseiten sind nicht aufrufbar - wenige aber schon
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (19)
  6. Windows Update deaktiviert sich nach Neustart / Internet sporadisch nicht erreichbar / Java Exploits
    Plagegeister aller Art und deren Bekämpfung - 12.04.2013 (9)
  7. Problem: PC hängt sich ab und zu für wenige Sekunden auf (beim Zocken und Firefox)
    Alles rund um Windows - 01.10.2012 (6)
  8. deutsches google/andere internetseiten nicht mehr erreichbar -- virus?
    Plagegeister aller Art und deren Bekämpfung - 08.10.2011 (1)
  9. Internetseiten nicht mehr über normale URL erreichbar
    Plagegeister aller Art und deren Bekämpfung - 09.07.2011 (17)
  10. Wohl Virus Gen:Variant.Kazy.9072, einige Webseiten nicht erreichbar, MBM nicht aktualisierbar
    Log-Analyse und Auswertung - 27.01.2011 (9)
  11. Win.Firewall deaktiviert sich für wenige Sekunden nach start
    Plagegeister aller Art und deren Bekämpfung - 13.07.2010 (14)
  12. Windows friert wenige Sekunden nach Start ein!
    Plagegeister aller Art und deren Bekämpfung - 18.01.2009 (11)
  13. Einige Webseiten von nicht erreichbar (alle Browser), anderer Rechner erreicht diese.
    Log-Analyse und Auswertung - 28.08.2008 (3)
  14. einige internetseiten werden nicht angezeigt
    Alles rund um Windows - 10.10.2007 (1)
  15. Diverse Internetseiten sind nicht mehr erreichbar
    Alles rund um Windows - 04.06.2007 (5)
  16. kann nur noch wenige internetseiten oeffnen
    Antiviren-, Firewall- und andere Schutzprogramme - 15.02.2007 (5)
  17. Einige Internetseiten laden nicht
    Log-Analyse und Auswertung - 12.01.2007 (3)

Zum Thema Einige Internetseiten nicht erreichbar (wenige Sekunden nach Neustart), auch auf anderen PCs im Hause. - Hallo ihr Lieben, seit heute kann ich mehrere Internetseiten nicht mehr öffnen. Zum Beispiel erreiche ich euer Forum oder Amazon.de aber nicht GMX, Bahn.de, etc. - Google kann ich manchmal - Einige Internetseiten nicht erreichbar (wenige Sekunden nach Neustart), auch auf anderen PCs im Hause....
Archiv
Du betrachtest: Einige Internetseiten nicht erreichbar (wenige Sekunden nach Neustart), auch auf anderen PCs im Hause. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.