Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner auch nach Backup?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.05.2010, 13:54   #1
hwvrg
 
Trojaner auch nach Backup? - Standard

Trojaner auch nach Backup?



Hi community,

gestern Abend habe ich mir meinen Hauptpc und meinen Server über Remoteverbindung verseucht durch majorshare-Software, jedenfalls fing dabei der Ärger an. (fataler brain.exe-Ausfall)

Heute morgen vom Komplettbackup gebootet, dass ich vor der Misere gezogen habe, das aber am PC hing ... anscheinend auch verseucht, denn mein Rechner will laut a-squared Anti-Malware ständig Backdoors installieren und auf dubiose Seiten zugreifen. Der Rechner ist hinter einem Router und wird auch für Onlinebanking genutzt, daher wäre es mir wichtig das Problem zu lösen...

Übrigens ist noch MS Security Essentials installier, hat aber nie angeschlagen, auch nicht gestern abend - MS halt ...

Hier der Log des Antivirusprogramms von der Sicherung:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 5.0
IDS log

Datum	PID	Ursprung	Vorgang	Verhalten/Infektion
25.05.2010 12:07:45	7008	C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\WOW_HELPER.EXE	Von Regel erlaubt	Behavior.CodeInjector
25.05.2010 12:07:44	6804	C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\WOW_HELPER.EXE	Von Regel erlaubt	Behavior.CodeInjector
25.05.2010 12:07:36	2020	C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\WOW_HELPER.EXE	Von Regel erlaubt	Behavior.CodeInjector
25.05.2010 12:07:35	7160	C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\WOW_HELPER.EXE	Von Regel erlaubt	Behavior.CodeInjector
25.05.2010 12:07:31	6328	C:\WINDOWS\SYSNATIVE\MSFEEDSSYNC.EXE	Von Benutzer terminiert	Behavior.Spyware
25.05.2010 12:06:26	6468	C:\Users\julian\AppData\Local\Google\Chrome\Application\chrome.exe	Von Regel blockiert	leadback.advertising.com
25.05.2010 12:06:21	6468	C:\Users\julian\AppData\Local\Google\Chrome\Application\chrome.exe	Von Regel blockiert	ds.serving-sys.com
25.05.2010 12:06:08	6468	C:\Users\julian\AppData\Local\Google\Chrome\Application\chrome.exe	Von Regel blockiert	www.spywaredb.com
25.05.2010 12:06:08	6468	C:\Users\julian\AppData\Local\Google\Chrome\Application\chrome.exe	Von Regel blockiert	www.antispyware.com
25.05.2010 12:06:06	6044	C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\WOW_HELPER.EXE	Von Regel erlaubt	Behavior.CodeInjector
25.05.2010 12:05:59	1080	C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\WOW_HELPER.EXE	Von Regel erlaubt	Behavior.CodeInjector
25.05.2010 12:05:37	6468	C:\Users\julian\AppData\Local\Google\Chrome\Application\chrome.exe	Von Regel blockiert	rmd.atdmt.com
25.05.2010 12:04:58	5332	C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\WOW_HELPER.EXE	Von Regel erlaubt	Behavior.CodeInjector
25.05.2010 12:04:56	852	C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\WOW_HELPER.EXE	Von Regel erlaubt	Behavior.CodeInjector
25.05.2010 12:04:49	6784	C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\WOW_HELPER.EXE	Von Regel erlaubt	Behavior.CodeInjector
25.05.2010 12:04:48	6392	C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\WOW_HELPER.EXE	Von Regel erlaubt	Behavior.CodeInjector
25.05.2010 12:04:44	6044	C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\WOW_HELPER.EXE	Von Regel erlaubt	Behavior.CodeInjector
25.05.2010 12:04:39	6176	C:\USERS\JULIAN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\WOW_HELPER.EXE	Von Benutzer erlaubt	Behavior.CodeInjector
25.05.2010 12:02:26	6468	C:\Users\julian\AppData\Local\Google\Chrome\Application\chrome.exe	Von Regel blockiert	altfarm.mediaplex.com
25.05.2010 12:01:39	6468	C:\Users\julian\AppData\Local\Google\Chrome\Application\chrome.exe	Von Regel blockiert	ib.adnxs.com
25.05.2010 11:56:42	6468	C:\Users\julian\AppData\Local\Google\Chrome\Application\chrome.exe	Von Regel blockiert	bs.serving-sys.com
03.02.2010 20:35:53	0	C:\USERS\JULIAN\APPDATA\LOCAL\TEMP\NSL77A.TMP\NSF4C2.TMP	Von Benutzer erlaubt	Behavior.OpenProcess
03.02.2010 20:35:09	0	C:\USERS\JULIAN\APPDATA\LOCAL\TEMP\NSL77A.TMP\NS47DF.TMP	Von Benutzer erlaubt	Behavior.OpenProcess
03.02.2010 20:35:04	0	C:\USERS\JULIAN\APPDATA\LOCAL\TEMP\NSL2F15.TMP\NS37E4.TMP	Von Benutzer erlaubt	Behavior.OpenProcess
03.02.2010 20:34:55	0	C:\USERS\JULIAN\APPDATA\LOCAL\TEMP\NSL77A.TMP\NS81A.TMP	Von Benutzer erlaubt	Behavior.OpenProcess
03.02.2010 20:34:31	0	C:\USERS\JULIAN\APPDATA\LOCAL\TEMP\NSF1A0.TMP\NSA930.TMP	Von Benutzer terminiert	Behavior.OpenProcess
03.02.2010 20:34:23	0	C:\USERS\JULIAN\APPDATA\LOCAL\TEMP\NSF1A0.TMP\NS90BE.TMP	Von Benutzer terminiert	Behavior.OpenProcess
03.02.2010 20:34:11	0	C:\USERS\JULIAN\APPDATA\LOCAL\TEMP\NSF1A0.TMP\NS26F.TMP	Von Benutzer terminiert	Behavior.OpenProcess
25.05.2010 12:09:54	6468	C:\Users\julian\AppData\Local\Google\Chrome\Application\chrome.exe	Von Regel blockiert	downtr.net
         
Besondere Schwierigkeiten habe ich mit C:\Windows\Sysnative\msfeedssync.exe , das mir als LAN-Backdoor angezeigt wird. Einen GoogleUpdater, aus dem google Verzeichnis habe ich vertraut, der ebenfalls diese Signatur tragen soll, denn ich benutze Google Chrome, seitdem es keine IDs mehr gibt.

Dann habe ich eure Schritt-für-Schritt-Anleitung abgehakt:

a) CCleaner: 8 GB an Daten und mehr als 1000 Registryeinträge gekillt, bei einigen weiß ich jedoch, dass sie manche Programme wirklich benützen, aber dafür hab ich ja die Sicherung .

b) MBAM: KEIN BEFUND - Im Log steht auch nix Anderes

c) OTL: siehe nachfolgende Posts - btw. OTL macht einen Fehler, weil er erkennt anscheinend kein LW mit dem Buchstaben B:, was ja früher für die 2te Floppy benutzt wird, da ich aber ioft viele virtuelle laufwerke etc. verwende, habe ich B:\ für meine gesamten Daten verwendet, inkl. Desktop ...

d) VIELEN VEIELN DANK für jede Hilfe, weil ich bin zwar nicht unerfahren, bin aber im Moment gerade mit meinem Latein am Ende ...

Geändert von hwvrg (25.05.2010 um 14:13 Uhr)

Alt 25.05.2010, 14:03   #2
hwvrg
 
Trojaner auch nach Backup? - Standard

Trojaner auch nach Backup?



Code:
ATTFilter
OTL logfile created on: 25.05.2010 14:56:02 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = B:\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 54,00% Memory free
15,00 Gb Paging File | 11,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): a:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 88,98 Gb Free Space | 29,66% Space Free | Partition Type: NTFS
Drive D: | 3,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 2,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 1,91 Gb Total Space | 0,02 Gb Free Space | 1,06% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - B:\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Digsby\lib\digsby-app.exe (dotSyntax, LLC)
PRC - C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe (Emsi Software GmbH)
PRC - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files (x86)\a-squared Anti-Malware\a2start.exe (Emsi Software GmbH)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Klipfolio\Klipfolio.exe (Klipfolio Inc.)
PRC - C:\Program Files (x86)\Launchy\Launchy.exe ()
PRC - C:\Program Files (x86)\BumpTop\TexHelper.exe ()
PRC - C:\Program Files (x86)\BumpTop\BumpTop.exe ()
PRC - C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
PRC - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Users\***\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe (Camshare LC)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Java\jre1.6.0_13\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\BOINC\boincmgr.exe (Space Sciences Laboratory)
PRC - C:\Program Files (x86)\BOINC\boinctray.exe (Space Sciences Laboratory)
PRC - C:\Program Files (x86)\BOINC\boinc.exe (Space Sciences Laboratory)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.78\aaCenter.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
PRC - C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe ()
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
PRC - C:\Users\***\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Windows\SysWOW64\LckFldService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - B:\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\a-squared Anti-Malware\a2hooks32.dll (Emsi Software GmbH)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\TeamViewer\Version5\TV.dll (TeamViewer GmbH)
MOD - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1031\GrooveIntlResource.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV:64bit: - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV:64bit: - (ose64) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (PhenomMsrTweaker) -- C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe ()
SRV - (a2AntiMalware) -- C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TeamViewer4) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\RpcAgentSrv.exe (SiSoftware)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (vmware-converter-server) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.)
SRV - (vmware-converter-agent) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (UpdateCenterService) -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (LckFldService) -- C:\Windows\SysWOW64\LckFldService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (e1qexpress) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1q60x64.sys (Intel Corporation)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\DRIVERS\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\DRIVERS\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (3wareDrv) -- C:\Windows\SysNative\DRIVERS\3wareDrv.sys (AMCC)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (iANSProtocol) Intel(R) -- C:\Windows\SysNative\DRIVERS\iansw60e.sys (Intel Corporation)
DRV:64bit: - (iANSMiniport) Intel(R) -- C:\Windows\SysNative\DRIVERS\iansw60e.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (Si3114r5) -- C:\Windows\SysNative\DRIVERS\Si3114r5.sys (Silicon Image, Inc)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (nvamacpi) -- C:\Windows\SysNative\DRIVERS\NVAMACPI.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\DRIVERS\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (Cinergy_HT_PCI_MKII) Cinergy HT PCI (MKII) -- C:\Windows\SysNative\DRIVERS\Cinergy_HT_PCI_MKII.sys (TerraTec Electronic GmbH.)
DRV - (a2injectiondriver) -- C:\Program Files (x86)\a-squared Anti-Malware\a2dix64.sys (Emsi Software GmbH)
DRV - (a2util) -- C:\Program Files (x86)\a-squared Anti-Malware\a2util64.sys (Emsi Software GmbH)
DRV - (a2acc) -- C:\Program Files (x86)\a-squared Anti-Malware\a2accx64.sys (Emsi Software GmbH)
DRV - (WMDrive) -- C:\Windows\SysWOW64\drivers\WMDrive.sys (WinMount International Inc)
DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys ()
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\WNt500x64\sandra.sys (SiSoftware)
DRV - (AsIO) -- C:\Windows\SysWOW64\drivers\AsIO.sys ()
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
DRV - (bmdrvr) -- C:\Windows\SysWOW64\drivers\bmdrvr.sys (VMware, Inc.)
DRV - (vstor2-mntapi10) -- C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys (VMware, Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVIDIA Corp.)
DRV - (NVR0FLASHDev) -- C:\Windows\nvflsh64.sys (NVidia Corp.)
DRV - (arc) -- C:\Program Files (x86)\Universal Extractor\bin\arc.exe (Arc <arc.sourceforge.net>)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 63 D1 7D A0 40 CA 01  [binary data]
IE - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.10 19:45:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.10 19:45:35 | 000,000,000 | ---D | M]
 
[2009.08.09 16:43:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.08.09 16:43:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2010.03.15 22:21:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\b0ny2okp.default\extensions
[2010.03.09 23:33:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\b0ny2okp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.28 12:34:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [boincmgr] C:\Program Files (x86)\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files (x86)\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundTray] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_13\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000..\Run: [Camfrog] C:\Program Files (x86)\Camfrog\Camfrog Video Chat\CamfrogNet.exe (Camshare LLC)
O4 - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000..\Run: [googletalk] C:\Users\***\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000..\Run: [Klipfolio] C:\Program Files (x86)\Klipfolio\Klipfolio.exe (Klipfolio Inc.)
O4 - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - HKU\S-1-5-21-2307312114-1352563456-1982835415-1000..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ekiga.lnk = C:\Program Files (x86)\Ekiga\ekiga.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtualBox.lnk = C:\Program Files (x86)\Sun\VirtualBox\VirtualBox.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.11.02 22:00:00 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.09.19 01:21:52 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2007.09.17 20:48:04 | 000,263,744 | R--- | M] (Firaxis Games) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2007.09.20 04:18:35 | 000,006,276 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\##Jserver#dvd-lw-serv\Shell\AutoRun\command - "" = Q:\setup.exe -- File not found
O33 - MountPoints2\##WIN-269D0B694Z1#Serv-DVD-LW\Shell\AutoRun\command - "" = O:\setup.exe -- File not found
O33 - MountPoints2\{458055a8-84ec-11de-a9c8-00261809f730}\Shell - "" = AutoRun
O33 - MountPoints2\{458055a8-84ec-11de-a9c8-00261809f730}\Shell\AutoRun\command - "" = J:\setup.exe -- File not found
O33 - MountPoints2\{8deccbe9-842e-11de-91ff-00261809f730}\Shell - "" = AutoRun
O33 - MountPoints2\{8deccbe9-842e-11de-91ff-00261809f730}\Shell\AutoRun\command - "" = H:\autoplay.exe -- File not found
O33 - MountPoints2\{97d5c2f5-7987-11de-a839-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97d5c2f5-7987-11de-a839-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{97d5c2f6-7987-11de-a839-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97d5c2f6-7987-11de-a839-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2007.09.17 20:48:04 | 000,263,744 | R--- | M] (Firaxis Games)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 7 Days ==========
 
[2010.05.25 14:04:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.05.25 14:04:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.05.25 14:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.25 14:04:01 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.25 14:04:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.05.25 13:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.05.25 13:24:43 | 003,382,520 | ---- | C] (Piriform Ltd) -- B:\Desktop\ccsetup231.exe
[2010.05.25 12:18:27 | 000,571,904 | ---- | C] (OldTimer Tools) -- B:\Desktop\OTL.exe
[2010.05.25 11:32:20 | 000,000,000 | ---D | C] -- C:\a-squared
[2010.05.24 23:34:48 | 000,000,000 | ---D | C] -- B:\Desktop\SoundMAXAD1988B_Audio_V610X6320_Vista
[4 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 7 Days ==========
 
[2010.05.25 14:57:43 | 016,252,928 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.05.25 14:54:34 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{94C67342-42B0-492C-A1D1-42316589E8D0}.job
[2010.05.25 14:43:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2307312114-1352563456-1982835415-1000UA.job
[2010.05.25 14:13:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.25 13:56:13 | 000,000,196 | ---- | M] () -- B:\DOKUMENTE\cc_20100525_135610.reg
[2010.05.25 13:55:35 | 000,005,064 | ---- | M] () -- B:\DOKUMENTE\cc_20100525_135532.reg
[2010.05.25 13:54:18 | 000,199,692 | ---- | M] () -- B:\DOKUMENTE\cc_20100525_135203.reg
[2010.05.25 13:50:37 | 000,004,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.25 13:50:37 | 000,004,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.25 13:25:25 | 000,001,635 | ---- | M] () -- B:\Desktop\CCleaner.lnk
[2010.05.25 13:24:47 | 003,382,520 | ---- | M] (Piriform Ltd) -- B:\Desktop\ccsetup231.exe
[2010.05.25 12:21:28 | 000,293,376 | ---- | M] () -- B:\Desktop\5wchcrzx.exe
[2010.05.25 12:18:39 | 000,571,904 | ---- | M] (OldTimer Tools) -- B:\Desktop\OTL.exe
[2010.05.25 11:47:56 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.25 11:47:56 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010.05.25 11:47:55 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2010.05.25 11:47:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.25 11:47:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.25 11:45:06 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{d88e1e94-d7e0-11de-be07-00190e018bda}.TMContainer00000000000000000001.regtrans-ms
[2010.05.25 11:45:06 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{d88e1e94-d7e0-11de-be07-00190e018bda}.TM.blf
[2010.05.25 11:44:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.25 11:44:44 | 003,885,737 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.05.24 23:34:27 | 000,523,724 | ---- | M] () -- B:\Desktop\Ethik+Mappe.jpg
[2010.05.24 23:34:08 | 020,986,193 | ---- | M] () -- B:\Desktop\SoundMAXAD1988B_Audio_V610X6320_Vista.zip
[2010.05.24 22:25:31 | 006,042,112 | ---- | M] () -- B:\Desktop\httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi
[2010.05.24 22:17:19 | 000,001,364 | ---- | M] () -- B:\Desktop\Unbenannt 2.html
[2010.05.24 10:43:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2307312114-1352563456-1982835415-1000Core.job
[2010.05.24 02:28:43 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010.05.22 17:16:54 | 106,691,382 | ---- | M] () -- B:\Desktop\Hunt_1.2.exe
[2010.05.20 15:25:49 | 000,015,629 | ---- | M] () -- B:\Desktop\Abreißzettel.odt
[2010.05.18 21:53:04 | 000,025,600 | ---- | M] () -- B:\Desktop\kdv_antrag_komplett.doc
[2010.05.18 21:51:52 | 000,001,724 | -H-- | M] () -- B:\DOKUMENTE\Default.rdp
[4 C:\Users\***\AppData\Local\*.tmp files -> C:\Users\***\AppData\Local\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.25 13:56:11 | 000,000,196 | ---- | C] () -- B:\DOKUMENTE\cc_20100525_135610.reg
[2010.05.25 13:55:33 | 000,005,064 | ---- | C] () -- B:\DOKUMENTE\cc_20100525_135532.reg
[2010.05.25 13:52:07 | 000,199,692 | ---- | C] () -- B:\DOKUMENTE\cc_20100525_135203.reg
[2010.05.25 13:25:25 | 000,001,635 | ---- | C] () -- B:\Desktop\CCleaner.lnk
[2010.05.25 12:21:17 | 000,293,376 | ---- | C] () -- B:\Desktop\5wchcrzx.exe
[2010.05.24 23:33:54 | 020,986,193 | ---- | C] () -- B:\Desktop\SoundMAXAD1988B_Audio_V610X6320_Vista.zip
[2010.05.24 22:25:27 | 006,042,112 | ---- | C] () -- B:\Desktop\httpd-2.2.15-win32-x86-openssl-0.9.8m-r2.msi
[2010.05.24 22:14:08 | 000,001,364 | ---- | C] () -- B:\Desktop\Unbenannt 2.html
[2010.05.24 16:12:52 | 000,523,724 | ---- | C] () -- B:\Desktop\Ethik+Mappe.jpg
[2010.05.22 17:10:43 | 106,691,382 | ---- | C] () -- B:\Desktop\Hunt_1.2.exe
[2010.05.20 15:04:15 | 000,015,629 | ---- | C] () -- B:\Desktop\Abreißzettel.odt
[2010.05.18 21:52:56 | 000,025,600 | ---- | C] () -- B:\Desktop\kdv_antrag_komplett.doc
[2010.04.09 01:28:23 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.12.15 22:06:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2009.12.15 22:06:04 | 000,002,412 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2009.11.04 18:58:41 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\avformat-50.dll
[2009.11.04 18:58:41 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\avutil-49.dll
[2009.11.04 18:58:40 | 001,984,512 | ---- | C] () -- C:\Windows\SysWow64\avcodec-51.dll
[2009.08.26 19:18:28 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2009.08.15 08:25:43 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.08.13 20:49:01 | 001,448,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.31 03:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009.07.26 21:23:14 | 000,029,639 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.07.26 06:56:21 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009.07.26 06:56:21 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009.07.26 06:55:48 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009.07.26 06:55:48 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009.07.26 06:55:12 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.07.26 06:41:34 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll
[2009.07.26 06:41:34 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2009.07.26 06:41:34 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2009.07.26 06:39:15 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2009.07.26 05:49:38 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.26 05:49:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.26 04:50:59 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2004.12.14 13:04:48 | 000,266,240 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2004.12.14 13:02:49 | 001,175,552 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
 
========== LOP Check ==========
 
[2010.01.30 11:34:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2009.09.06 22:26:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ascaron Entertainment
[2010.01.07 04:39:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2009.08.27 22:38:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2010.05.03 21:51:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bump Technologies, Inc
[2010.04.16 05:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Camfrog
[2009.07.31 01:16:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CometNetwork
[2009.08.15 08:00:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2009.08.15 08:09:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2010.05.25 11:53:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2009.08.19 03:11:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\flightgear.org
[2009.08.30 03:52:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2010.04.30 03:24:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FrostWire
[2010.02.06 21:31:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2009.12.27 21:14:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.03.23 19:24:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit
[2010.05.25 13:54:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Klipfolio
[2009.08.20 19:06:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kompozer.net
[2010.04.09 00:27:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Launchy
[2009.12.13 19:02:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2009.08.19 19:19:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mount&Blade
[2010.04.26 23:12:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mount&Blade Warband
[2009.08.22 13:02:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2009.08.08 19:18:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2009.07.26 06:39:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Shark007
[2009.08.09 16:43:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Songbird2
[2009.11.28 01:03:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.04.11 05:44:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeraCopy
[2009.09.10 20:18:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TerraTec
[2009.08.09 15:28:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2009.07.26 21:25:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TMP
[2009.09.20 20:17:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit
[2009.08.15 08:25:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ubi.com
[2009.09.05 23:53:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2010.04.30 03:18:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2010.03.10 03:20:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XBMC
[2010.05.25 11:47:55 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\AutoSmartDefrag.job
[2010.05.25 11:47:56 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010.05.25 11:44:59 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.05.24 02:28:43 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2010.05.25 14:54:34 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{94C67342-42B0-492C-A1D1-42316589E8D0}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:3AEA6AF9
< End of report >
         
__________________


Alt 25.05.2010, 14:05   #3
hwvrg
 
Trojaner auch nach Backup? - Standard

Trojaner auch nach Backup?



Code:
ATTFilter
OTL Extras logfile created on: 25.05.2010 14:56:02 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = B:\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 54,00% Memory free
15,00 Gb Paging File | 11,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): a:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,00 Gb Total Space | 88,98 Gb Free Space | 29,66% Space Free | Partition Type: NTFS
Drive D: | 3,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 2,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 1,91 Gb Total Space | 0,02 Gb Free Space | 1,06% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2307312114-1352563456-1982835415-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 41 66 12 C3 A1 0D CA 01  [binary data]
"VistaSp2" = 4A 38 95 2E A7 0D CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C59998-53F2-474E-ACE3-C087ECFF3936}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0A8A10AC-A461-458F-8703-9B45A02B1C50}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1a\rpcagentsrv.exe | 
"{0C7E343E-5EB4-46B5-939E-901D675502C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C8C962F-94F4-45EF-97AF-0344EB9B07B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{13A5EF90-DCE2-4F21-9C2C-BEACB9E1E402}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2E65F4F1-2A75-4CFE-9CF6-A44C44856077}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3C8CA214-8079-4DD6-BBCD-9A4F8A5953C9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3DDBE535-DB09-413D-A121-A7BC20D784B2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{40C0F4C4-6280-4A2B-A972-0C7AAFE0366F}" = lport=443 | protocol=6 | dir=in | name=bt1 | 
"{42CEA9AE-EFAA-4E5C-8916-093C406F8A94}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1a\wnt500x64\rpcsandrasrv.exe | 
"{4306A1F7-5FBF-44AE-B883-EF191A290E12}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44DF8513-6E23-48C0-BF64-F190F71C1DEB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{46FB1A39-576E-453C-A502-83CE018AD1E4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{53F9E214-3F68-4450-B166-BAE06F610A43}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{57273839-58F4-4975-9427-025B8FA117E2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5C8FCFA0-357B-472F-BE81-B8BB689CBC77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{76BCB8FE-3B84-4A55-BAF7-35AD8FD90C7A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{800661AB-7C99-4719-B972-555035B92F77}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1a\wnt500x64\rpcsandrasrv.exe | 
"{811F0A27-EEB9-4882-9A24-FA6169D77409}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{85CA9FD8-BC23-467A-B088-033DD7DB6EE7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{89720CD0-8773-4B73-ACF1-38CEE7D30498}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8CAAF55E-BF9F-41BB-9107-BA6D05EC913D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{903A5F75-F0DF-4A02-AB45-D362C37F95EC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{942AB8F9-01FF-4C3C-BF68-EFDCB91B1B27}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1a\wnt500x64\rpcsandrasrv.exe | 
"{9A713BA3-F9B7-41AD-96AE-96A7B7F40128}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A2303AD2-CCC0-4764-B969-E9C3FA576D75}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B1DE56DD-27D8-4E20-9E16-1C067EFF63F7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA2F68BE-49A0-420E-8075-7FE69A4061AF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C80B3C76-0A06-413E-A7CC-BF82A8B23EA1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D13BBC6D-02A0-457F-8E5A-4AAFB160B30E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D9E54A59-7D19-476E-BF77-F21AF171CA01}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DEC5B4D9-71A0-4A99-A4FC-4FB0F67A10CC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E6A04AA5-0743-4216-86DC-5B5CFD5F3CFB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F24F9AA0-389E-4125-9D78-3B54B2AB3B9F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FE7AEF72-D2F1-45B4-B230-6F589E7323D4}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00990141-B377-48BD-BC0F-ABACEFEC1760}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{019BFB12-E67D-4389-AC16-60E8188ECD94}" = protocol=17 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | 
"{0452154B-2646-4724-85BD-00F8D19AF385}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserverwatchdog.exe | 
"{049C2ECD-1EBD-46FE-849A-84830BF16F35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\age of chivalry\hl2.exe | 
"{0662D958-70F9-42CD-A586-CABD1912A5C9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{06D14C46-BB94-40EF-AC81-4EA5852D3066}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{077196CD-921A-4076-8264-701BF9EC4D1D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0A657CE0-C943-4B44-84AB-B4F4CF9E32CC}" = protocol=6 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen2\vogel.fahrenlernenmax.exe | 
"{0B027310-A275-4277-8D58-2A17ADF38814}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{0CB43FA2-F95A-4BF5-BDF6-5C06DC45C13D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron warriors\start.bat | 
"{0CE552CA-3047-4C57-A883-A925E524C65A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0EE09655-4E3D-4EB0-B923-1FE6A41CB014}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1a\wnt500x64\rpcsandrasrv.exe | 
"{10A62851-F00D-4F05-A73E-6621F78BD0D0}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{13BA9533-8BB7-4CC1-9F02-C391F4675022}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{147B2398-4F9D-4B93-BF7D-B7B5979D6DAD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1501C62E-1453-4AAF-9ABC-10FB9D512EF0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{150D4F5A-4A4F-4BF6-BE77-C0B3289C5FD1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\port royale 2\pr2.exe | 
"{16197CDC-0054-4960-BBE1-2B729A25D451}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\help.htm | 
"{17951C0E-81FC-4FD8-BB71-234C1CF16B42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron warriors\builded.bat | 
"{18A0D046-2821-441C-A1D7-46573A10018E}" = protocol=17 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen2\vogel.fahrenlernenmax.exe | 
"{19143B9F-224B-4E70-8125-FE6490655F88}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{1A88D03F-69AC-4108-8D61-515AB771F7C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\zombie panic! source\hl2.exe | 
"{1ACC3AA2-BFE4-4543-A9AA-9AFAD8B47CF6}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1BC722C0-BC21-47D2-8960-4E77D171EB35}" = protocol=17 | dir=in | app=c:\users\***\games\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{1C0174AA-280E-42AF-A446-E990E55AFC7C}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{20184EC7-FF35-41DB-A623-62679EECA78B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{21A723D7-7C27-4D94-80B9-0284884A1DAF}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{276E1141-DA8C-4CBE-AE87-0775E7378FF3}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit clipinc\player\clipinc-player.exe | 
"{279EF180-970C-4AED-9465-46B434C0F9E7}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{28DD8BDA-FBF8-4A0C-8DA2-E29B82A93C6C}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{29BDAFF9-298F-4850-9521-942E1EA8C942}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2A4BA1DE-667B-4E3D-A426-5D6DA76F79D6}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{2B070420-C27B-440D-82F1-3BEE17361C19}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{2B5CA69E-D31C-4497-8E22-E5CB7467DC1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2CD6C75F-A290-49B6-A1C1-393A557D95CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{331E0420-5176-4D00-9140-1920B44B304B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\port royale 2\pr2.exe | 
"{34AF93C6-95D9-4D87-8CF0-0174F3869610}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | 
"{3524F87A-1A32-4A7C-B1B2-2AEB0EB8F052}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{37B45397-A3A9-4E2E-A95D-E0A2F3AD7F4F}" = protocol=17 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | 
"{37EE552E-0363-4CEC-AAA3-A1289DF1C52D}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{3894EE71-E736-4D8B-9EC6-C5C7FB74E527}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{39CD5FB8-6037-4CBF-8957-0F03C09B88BB}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{3B6D4AD2-87A0-4DB7-B2A1-7BD613FBD34C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{3D831338-6470-42C1-B47C-007BE02E61E4}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{3E809602-B872-4904-81B8-FB03DEDACAD4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3F0389F1-1CC4-4DFD-A85B-F6BD16D20A1E}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{3FA917C4-1D5B-4CD3-B1B9-87969072D797}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\bgtrans.exe | 
"{3FCC5189-00B4-4B27-B3A3-0074BD15824C}" = protocol=6 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | 
"{42F4270A-5C15-4904-8E34-0F5800F0BA77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{45005C3C-A6B9-4FAC-8354-D6EBB67A983F}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | 
"{466D533C-5F8A-4CB8-8267-917C8D508CD9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron warriors\start.bat | 
"{46C5FBE7-B46B-4C8E-BFA7-94D66EC1DC51}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{470B42E6-CEA4-45FB-B396-F3F15723805F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{47809568-EF1C-41E7-829A-FAEE9B72E484}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserverwatchdog.exe | 
"{4F1D4C19-957A-4CDA-AB46-8252763C8DF2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{5080F2EF-F53E-44F7-8089-5A675062A1FF}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{55065B29-2B67-4B13-B232-6B6D85A2D0F9}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1a\rpcagentsrv.exe | 
"{56BE0326-8439-41DE-AA84-466B0C191B35}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{56EE0BDD-AD2B-41CB-AD4C-0B21B84E0EEE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{57814944-7DD4-4299-BF2E-63E1E505D1AA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{622A75E8-5FF1-416E-A7E2-91D82385D06B}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{634756B5-DF91-40A5-BB6E-0CE995FDB933}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{66E07EC6-65EC-44A6-A2E4-794FA70157DF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{6869A8EB-BE18-41F2-85D1-D748C04072B1}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{68CB3DDB-D854-45DB-85B7-F5585B721036}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe | 
"{6CB61BB9-E526-41BA-9F56-4520629F23C8}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{6E952965-93E4-4D91-9FF8-B7F8D880E23C}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit clipinc\server\clipinc-server.exe | 
"{6F652A1D-1298-4AA4-AAF0-1C4308B6E463}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{7D86A55C-8A55-4BB3-801E-2A1015D523BF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{7E0A4204-1354-483F-9240-6C3BD94203EC}" = protocol=6 | dir=in | app=c:\users\***\games\tom clancy's h.a.w.x\hawx_dx10.exe | 
"{81379CDC-EDED-42FE-B22E-9D482B3C2111}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{84AF93E7-AC6C-44D8-B2D0-B750CBE767BD}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{86A62ABD-FE5B-45C8-843A-0680B29ACFC7}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1a\wnt500x64\rpcsandrasrv.exe | 
"{88CFF7D9-609D-4F99-A79E-02B5A0DE0227}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\zombie panic! source\hl2.exe | 
"{8A2556BE-F9ED-470A-9B35-E5654C591652}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
"{8D9ACFE3-0946-4CD2-9980-71254C8F998D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\iron warriors\builded.bat | 
"{8DDA9061-E8C7-41A2-AB08-DAA332BEA296}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe | 
"{8F7BC4FD-DC9C-4E94-89A0-2A52F0FF34FC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe | 
"{9273F076-834C-4FC5-B7ED-51B16AAF2DCA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 
"{95296BAD-F247-4D97-ABDD-598393B41B02}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{9B19A7A2-9CC5-4F6E-950F-EFB0D6913DAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E656F8C-E6F9-4C2F-8F33-A9C4379308EE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A03EC97F-D20C-4A39-B0E5-1567FA142C6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1CB7B92-3221-4FFE-9605-6171BC5B2B8F}" = protocol=17 | dir=in | app=c:\users\***\games\tom clancy's h.a.w.x\hawx.exe | 
"{A2DF7943-929E-4775-95F4-440205934516}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe | 
"{A3D3E389-315D-4686-844F-13B2AAC65756}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{A5F34C9A-FB06-446D-8564-D05EC4FECB07}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{A7696F82-2D89-47DD-9DCD-C2D21F7C87D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A9576643-E768-4676-9036-533D8434830E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\port royale 2\pr2config.exe | 
"{A9D17493-31FB-41F8-A8D8-E2D66B1E27FE}" = protocol=6 | dir=out | app=system | 
"{A9FACB98-4D39-484F-A042-47D76D4C43DA}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{ACC06DB1-D392-4575-8E7C-77A0773EBED6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AE01DA16-3AA7-4497-8A00-CD27655EC60A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B03CA894-EB3A-4C7E-A390-4B448C5E238F}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{B412CC3A-6142-418F-96D2-1C1336598221}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BC33F4AB-5999-4F75-B136-D3A3F0A93518}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{BCC8B42E-F632-47AD-A030-E2E18094F743}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BE4C05F3-C26A-4847-9F5E-069F835FD2D9}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\bgtrans.exe | 
"{BEAA9C95-A550-4952-8935-EE249FD55B2F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\port royale 2\pr2config.exe | 
"{BFCBF0D3-874F-4FB8-BF51-5BEEDC49A6BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C02818AF-395A-4192-8BCA-D0BA08BDEC5A}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp1a\wnt500x64\rpcsandrasrv.exe | 
"{C06B452E-3C71-48D5-828C-0DB3969F46AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{C1DE9DD9-0FD1-4C4F-90DC-10E3F61B7995}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C5C61A43-1B45-4400-9E2A-CA8F5B2A2E51}" = protocol=6 | dir=in | app=c:\users\***\games\tom clancy's h.a.w.x\hawx.exe | 
"{C933693B-8B6D-4B5A-8133-04CB9E0999F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA35FFFC-D2A3-4D05-8BA8-3972C2AF10F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D2199FA1-4B99-424A-BE32-1AE855E3BFE2}" = protocol=6 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | 
"{D358131A-844B-4E1F-81F5-317950C5CF35}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{D6902E9E-D6C7-40B4-A2AD-E2CD17C55415}" = protocol=6 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen2\vogel.fahrenlernenmax.exe | 
"{D8F715EC-78AC-4119-8729-D9B4F7B33210}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D9299961-897B-48E8-A53E-515C6F24EEC9}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | 
"{DB963069-090A-4142-871E-4ADAE01199B3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | 
"{DBB1FDBF-B53F-4DD7-B692-7E4600D843C5}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit clipinc\player\clipinc-player.exe | 
"{DBD1EB5A-8EB5-4580-B884-FD707CC4228A}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe | 
"{DD0B16C0-8325-498D-B23F-60C349F5D20A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\help.htm | 
"{DF069BB0-947A-4A1A-9064-23819FE60F54}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{E01FA031-8828-438E-B1D2-CFF7E173B0C3}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | 
"{E0D312EF-B020-49C3-B2CE-196D6CF1FB99}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\mediamanager\twonkymediamanager.exe | 
"{E10D22F2-BF8E-4C4C-9113-2454ECFC6EBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{E4AC69FA-0DE9-4639-9F0C-9556759076D8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E5D8BCD9-BD9A-4BF8-AB45-993EBA298EC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\age of chivalry\hl2.exe | 
"{E8113BC1-543D-4E98-9C78-3DF6D94F9139}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{E829BC1F-E092-4901-9397-3A660409F2EB}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{E99C2871-E7E8-4938-AD7A-3FA2A263488E}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{EE448C01-7404-4A6D-8304-07B831F1959C}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit clipinc\server\clipinc-server.exe | 
"{F70F5EF0-7D40-46BC-8D3E-F2FDC81737EA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FD3A74B4-9A6A-4499-B7CE-F73C33BC1712}" = protocol=17 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen2\vogel.fahrenlernenmax.exe | 
"TCP Query User{0D9E5B43-CF48-4D1B-A3F0-62B490BC52A2}C:\program files (x86)\ekiga\ekiga.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe | 
"TCP Query User{106DDDEC-6659-43C0-92E2-E70A2518DC99}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"TCP Query User{13C26ACD-681E-4FF2-B2AE-92563A0FEE21}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{15BE5084-1BDB-4642-91B2-F5099BCF7A95}C:\program files (x86)\asus\asusupdate\update.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\asusupdate\update.exe | 
"TCP Query User{1C377C22-A34B-4038-8F04-C051952D01B5}C:\program files (x86)\steam\steamapps\xyzjc\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\insurgency\hl2.exe | 
"TCP Query User{449D49E3-9362-49EE-9FE0-1DD7D74819A7}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{4862A3C9-E007-4D39-929C-DBD74DF1C48D}C:\program files (x86)\steam\steamapps\xyzjc\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\zombie panic! source\hl2.exe | 
"TCP Query User{4B610610-4210-4D82-9F50-0DC34750A843}C:\program files (x86)\steam\steamapps\xyzjc\diprip warm up\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\diprip warm up\hl2.exe | 
"TCP Query User{4C020731-8E12-4AF9-968B-70122DAA9E59}C:\users\***\desktop\panzers - phase1\run\panzers.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\panzers - phase1\run\panzers.exe | 
"TCP Query User{4F1E769F-317C-4E58-B2C3-8974CE5D3801}C:\program files (x86)\steam\steamapps\xyzjc\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\team fortress 2\hl2.exe | 
"TCP Query User{518C0553-8B83-4B80-A414-8354FF51F4A3}C:\program files (x86)\vogel verlag\fahren lernen2\vogel.fahrenlernenmax.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen2\vogel.fahrenlernenmax.exe | 
"TCP Query User{64451885-C028-46F2-9977-A21B7A911E68}C:\program files (x86)\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | 
"TCP Query User{66A4FFC1-52CC-409C-939D-6E509A7C7718}C:\program files (x86)\steam\steamapps\xyzjc\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\day of defeat source\hl2.exe | 
"TCP Query User{6804CF1C-665A-4A98-9B3A-162DC1491D51}C:\program files (x86)\opera 10 beta\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera 10 beta\opera.exe | 
"TCP Query User{705FE2E0-FF0C-4023-B0E5-EABF39EE4AAD}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{87EE7DF8-E610-4764-9085-B9EE3E8FF6CC}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | 
"TCP Query User{8A834DC5-68D6-4369-BF15-9B249453487F}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{8F096BBE-DC02-4AAA-A427-15B02C7DDD34}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
"TCP Query User{9E0A7B11-431A-41B8-B220-11727FA6DDF3}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{9FF1FDFB-AD66-4750-83C0-C7BCDCF87851}C:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"TCP Query User{A4F86D0C-A3C3-4F0B-9628-F3662D470FB9}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"TCP Query User{AEB7D9BD-1562-429F-8AEB-D5A56299FE55}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | 
"TCP Query User{B1892377-120E-4305-ACDE-DA95D78302AB}C:\program files (x86)\steam\steamapps\xyzjc\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\insurgency\hl2.exe | 
"TCP Query User{B6B0B566-876F-485E-BF65-0B3F0BA93E99}C:\program files (x86)\ekiga\ekiga.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe | 
"TCP Query User{C30CD2FB-BA28-4AD9-BCDF-0E2A24B526CC}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{CAF073C4-231F-44AF-9E49-ED2DD6E30C7C}C:\program files (x86)\steam\steamapps\xyzjc\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\day of defeat source\hl2.exe | 
"TCP Query User{DDE5B905-DD3B-47F4-9F7F-D57CC3D5ED64}C:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"TCP Query User{E2050359-DF22-4CFC-B8E5-CE9519715449}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{EDA267FB-68AA-4123-9758-3EA7B5888C3D}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"TCP Query User{F863B03F-16F2-4C2A-B908-DA51F7DF14AD}C:\program files (x86)\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | 
"TCP Query User{FF59F375-EFDD-4D0F-B322-571FCA6FE02C}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{03006B00-C586-492F-875D-C779D8D729E8}C:\program files (x86)\steam\steamapps\xyzjc\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\zombie panic! source\hl2.exe | 
"UDP Query User{1236E901-8730-4E8B-ABFF-21B948130B43}C:\program files (x86)\steam\steamapps\xyzjc\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\day of defeat source\hl2.exe | 
"UDP Query User{13B385CD-A537-45F9-B19D-E9CC660DB978}C:\program files (x86)\opera 10 beta\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera 10 beta\opera.exe | 
"UDP Query User{212069E4-C21C-40A1-9233-74037E324CE9}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{26386743-662C-4B49-A185-8C97AF8DB17E}C:\program files (x86)\steam\steamapps\xyzjc\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\team fortress 2\hl2.exe | 
"UDP Query User{2D7FEECE-75EB-42C8-B632-BEF058AFF283}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{3536F5EF-2534-4905-A1FE-458B76D12F49}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{3D8E4036-2803-49E0-9128-ADBF9D882726}C:\program files (x86)\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | 
"UDP Query User{4A62B2B3-1FBB-4C13-828F-03918CE885A0}C:\program files (x86)\steam\steamapps\xyzjc\diprip warm up\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\diprip warm up\hl2.exe | 
"UDP Query User{4D80949E-912B-4476-B93C-B951F8EC401C}C:\program files (x86)\ekiga\ekiga.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe | 
"UDP Query User{4F577EEC-EFC9-4FF4-8014-33EF5669A844}C:\program files (x86)\steam\steamapps\xyzjc\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\insurgency\hl2.exe | 
"UDP Query User{5132E195-2D55-40DC-B97D-2829D9004FC2}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | 
"UDP Query User{60D00FA1-EC19-4057-9C07-90FAAB39B8DB}C:\program files (x86)\steam\steamapps\xyzjc\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\insurgency\hl2.exe | 
"UDP Query User{6520841A-A3FF-4982-8411-5C1415660FFD}C:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"UDP Query User{6732A2FB-ACD0-4904-A39B-C36E4C81A4C8}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"UDP Query User{85F4DE1B-7C3B-4D93-B965-9D0994D39AA2}C:\program files (x86)\steam\steamapps\xyzjc\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xyzjc\day of defeat source\hl2.exe | 
"UDP Query User{8FE7221E-B4DC-41CB-935C-B7CB7895C35C}C:\program files (x86)\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | 
"UDP Query User{94C9ED4E-593C-4898-BD19-5DAC94528416}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{AA0EC3F1-C89A-4847-AF19-7A662174C449}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{AC6944EA-4582-4D86-8037-E4FDE2FA7A9E}C:\program files (x86)\asus\asusupdate\update.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\asusupdate\update.exe | 
"UDP Query User{B1619C2F-614E-43C9-A464-DE93619015A5}C:\program files (x86)\vogel verlag\fahren lernen2\vogel.fahrenlernenmax.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen2\vogel.fahrenlernenmax.exe | 
"UDP Query User{B997CB8B-F9FC-4174-8B2D-D131C9601AC9}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{C2339C8B-8089-4F68-A795-D897FC53E774}C:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"UDP Query User{C551D4AA-F9F0-40B9-9F31-54BEE96CF3B1}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | 
"UDP Query User{C8FE2E7F-C597-48C0-BE86-D1C5CF47DBE6}C:\users\***\desktop\panzers - phase1\run\panzers.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\panzers - phase1\run\panzers.exe | 
"UDP Query User{D772330F-67C3-4811-A540-AA4AF5BF5F1E}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"UDP Query User{D919BDC7-424F-4C0B-BCDD-38B46DBAE797}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"UDP Query User{DB705D77-63B4-4FC0-BD6E-E10873F5710B}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{EFCA7AF5-CFE1-44D8-BDA3-4AEFE2437B6E}C:\program files (x86)\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | 
"UDP Query User{F5662A02-FC91-468C-9AEC-FB02661DE886}C:\program files (x86)\ekiga\ekiga.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ekiga\ekiga.exe | 
"UDP Query User{F7A4445E-BC3D-4615-9A0F-2A2DB304A56B}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{20140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta)
"{20140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta)
"{20140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta)
"{20140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta)
"{20140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta)
"{20140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta)
"{20140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta)
"{20140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta)
"{20140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 (Beta)
"{20140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010 (Beta)
"{20140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 (Beta)
"{20140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta)
"{20140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta)
"{20140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 (Beta)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{591362D4-590B-457E-9BA3-F4D9508B88BA}" = MobileMe Control Panel
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F487FBB-72CA-4A33-94C4-5C4665389A29}" = Sun VirtualBox
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B98B39F6-73DE-42CF-BDD1-EFD8AE05EE03}" = PhenomMsrTweaker
"{BBB7AEE0-AE78-44CC-8CD4-083B0B99EA80}" = Intel(R) Network Connections 14.5.1.0
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010c
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EFF55B46-106F-4151-A0BB-E327F8844FD3}" = HP Officejet Pro L7400 Series
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"81C0ABFF9D06AE576F4478CBBC9E09A4182CA055" = Windows Driver Package - Broadcom Bluetooth  (01/19/2010 6.2.0.1417)
"9B6E1B32AB2A7ACD8CF2E211AF0D7F68E9578FC0" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Ogg Codecs" = Xiph.Org Ogg Codecs 0.82.16930 64-bit
"PROSetDX" = Intel(R) Network Connections 14.5.1.0
"TeraCopy_is1" = TeraCopy 2.12
"WinMount3_is1" = WinMount V3.2.1117
"WinRAR archiver" = WinRAR
"x64 Components_is1" = x64 Components v2.0.3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{040A6E85-C23F-4A23-ADBB-821C60C5DF0F}_is1" = Fahren Lernen 1.1
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0E3B4867-158F-4AE9-AADA-C2F3B5C1178C}" = BOINC
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1ce31813-8fa8-4e24-8411-f985c03a6658}" = Nero 9 Essentials
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{31228E31-2BFF-11D2-8866-00805F0D9D40}" = QPST
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{49E5F021-4DA5-41A3-A893-0A9564D30264}" = Jing
"{4B296228-DF7C-43EA-8DED-76027355B219}" = Opera 10.01
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{67421967-2CF9-4465-968D-D4E2ABB16A65}" = EasyMPEG MX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.6
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.2.2
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.03.10
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE7CB755-7C0B-4D11-8E5D-D6B6C1090A7B}" = Victoria
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5344219-9988-480B-8D1F-EFAB0EEF3F3C}" = VMware vCenter Converter Standalone
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E209F988-EF49-4B3D-84A6-3CBB67F058AC}" = Google SketchUp 7
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AMDAway INF" = AMDAway INF
"Anno 1404 Bonus_is1" = Anno 1404 Bonus
"Anti-Twin 2009-10-22 11.42.04" = Anti-Twin (Installation 22.10.2009)
"AoA MP4 Converter_is1" = AoA MP4 Converter
"a-squared Anti-Malware_is1" = a-squared Anti-Malware 4.5
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Babylon" = Babylon
"Camfrog 5.5" = Camfrog Video Chat 5.5
"CCleaner" = CCleaner
"Cinergy HTC USB XS" = Cinergy HTC USB XS V5.09.0813.00
"Civ Players OOS Patch_is1" = CivPlayers OOS Patch 1.0
"CometBird (3.6.2)" = CometBird (3.6.2)
"Company of Heroes" = Company of Heroes
"Console Calculator" = Console Calculator 2.4.5
"DHL Verkaufsmanager_is1" = Supreme Auction
"Digital Video Repair" = Digital Video Repair 1.0
"Digsby" = Digsby
"DirectFoldersAppID_is1" = Direct Folders
"Drakensang_is1" = Drakensang
"eMule" = eMule
"EVE" = EVE Online (remove only)
"Everything" = Everything 1.2.1.371
"Fahren Lernen_is1" = Fahren Lernen 1.1
"FlightGear_is1" = FlightGear v1.9.1
"Folder Access 2.0.0 Free Version" = Folder Access 2.0.0 Free Version
"foobar2000" = foobar2000 v0.9.6.9
"FormatFactory" = FormatFactory 2.20
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FrostWire" = FrostWire 4.20.3
"Glary Utilities_is1" = Glary Utilities 2.21.0.863
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Hamachi" = Hamachi 1.0.3.0
"Heir to the Throne_is1" = Heir to the Throne
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.47
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.17
"Klipfolio" = Klipfolio (remove only)
"Launchy_21344213_is1" = Launchy 2.5
"LimeWire" = LimeWire 5.5.8
"Lock On 1.1" = Lock On 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Messenger Plus! Live" = Messenger Plus! Live
"Miranda IM" = Miranda IM 0.8.10
"Monkey's Audio_is1" = Monkey's Audio
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"NetSetMan 2_is1" = NetSetMan 2.6.2
"Notepad++" = Notepad++
"ObjectDock" = ObjectDock
"Ogg Codecs" = Xiph.Org Ogg Codecs 0.82.16930 32-bit
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"RealVNC_is1" = VNC Free Edition 4.1.3
"Smart Defrag_is1" = Smart Defrag
"Songbird-release-1146" = Songbird 1.2.0 (Build 1146)
"Speccy" = Speccy
"Steam App 12470" = Port Royale 2
"Steam App 12910" = Audiosurf Demo
"Steam App 1670" = Iron Warriors
"Steam App 17500" = Zombie Panic! Source
"Steam App 17510" = Age of Chivalry
"Steam App 17530" = D.I.P.R.I.P. Warm Up
"Steam App 17700" = Insurgency: Modern Infantry Combat
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 300" = Day of Defeat: Source
"Steam App 440" = Team Fortress 2
"Steam App 4560" = Company of Heroes
"Steam App 48700" = Mount and Blade: Warband
"Swiff Player_is1" = Swiff Player 1.5
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Extractor_is1" = Universal Extractor 1.6
"uTorrent" = µTorrent
"Victoria Revolutions Patch 060822_is1" = Victoria Revolutions 1.0
"Victoria Revolutions_is1" = Victoria Revolutions 1.0
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 4.91
"XnView_is1" = XnView 1.97.2
"XviD" = XviD MPEG-4 Codec
"Yahoo! Messenger" = Yahoo! Messenger
"Zattoo4" = Zattoo4 4.0.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2307312114-1352563456-1982835415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"XBMC" = XBMC
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.05.2010 17:20:18 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm QuickTimePlayer.exe, Version 7.66.71.0 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 22e4  Anfangszeit: 01cafb86d3c5b760  Zeitpunkt
 der Beendigung: 8
 
Error - 25.05.2010 05:32:33 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung pdf24.exe, Version 2.6.3.0, Zeitstempel 0x4b275000,
 fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e038c0,
 Ausnahmecode 0xe06d7363, Fehleroffset 0x0001e124,  Prozess-ID 0x1248, Anwendungsstartzeit
 01cafbed2a6f213a.
 
Error - 25.05.2010 05:32:50 | Computer Name = ***-PC | Source = BOINC | ID = 1
Description = 
 
Error - 25.05.2010 05:40:11 | Computer Name = ***-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 25.05.2010 05:40:11 | Computer Name = ***-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 25.05.2010 05:41:53 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 25.05.2010 05:44:54 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung a2service.exe, Version 5.0.0.36, Zeitstempel
 0x4bece1d7, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc00000fd, Fehleroffset 0x77826c64,  Prozess-ID 0x9c8, Anwendungsstartzeit
 01cafbecd3c0a39a.
 
Error - 25.05.2010 05:52:39 | Computer Name = ***-PC | Source = BOINC | ID = 1
Description = 
 
Error - 25.05.2010 05:59:14 | Computer Name = ***-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 25.05.2010 05:59:14 | Computer Name = ***-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 25.05.2010 05:44:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 25.05.2010 05:48:47 | Computer Name = ***-PC | Source = nvrd64 | ID = 262155
Description = 
 
Error - 25.05.2010 05:51:45 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 25.05.2010 05:51:45 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 25.05.2010 05:56:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.05.2010 05:56:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.05.2010 06:02:51 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 25.05.2010 06:22:08 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 25.05.2010 06:43:45 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 25.05.2010 07:51:37 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
__________________

Antwort

Themen zu Trojaner auch nach Backup?
anti-malware, appdata, ccleaner, code, daten, ebanking, ebenfalls, emsisoft, emsisoft anti-malware, google, google chrome, local\temp, log, mbam, ms security essentials, onlinebanking, problem, programme, rechner, router, security, seite, seiten, server, signatur, temp, trojaner, verseucht, version, wichtig, windows




Ähnliche Themen: Trojaner auch nach Backup?


  1. Seuche nach codec download auf Windows 7 PC / Acronis backup bricht ab
    Plagegeister aller Art und deren Bekämpfung - 12.10.2015 (30)
  2. Auch nach Löschung taucht Trojaner wieder auf
    Log-Analyse und Auswertung - 06.04.2015 (21)
  3. Nach Acronis True Image Backup Trojaner nicht entfernt!
    Plagegeister aller Art und deren Bekämpfung - 21.08.2014 (1)
  4. GVU Trojaner und nach ersten Rettungsversuchen auch noch nen Bootloop!
    Log-Analyse und Auswertung - 01.08.2013 (5)
  5. Kein RegBack Ordner für Registry Backup nach GVU Infektion
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (2)
  6. GVU Trojaner nach Backup
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (9)
  7. Backup nach Trojaner Bundeskriminalamt der 100Eur erpresst
    Log-Analyse und Auswertung - 27.03.2012 (18)
  8. Datenwiederherstellung mit System-Backup nach Virenbefall
    Alles rund um Windows - 13.03.2012 (3)
  9. Backup nach MS Removal Tool
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (4)
  10. Trojanerfund nach Backup der Systemplatte
    Plagegeister aller Art und deren Bekämpfung - 15.06.2009 (1)
  11. Trojaner auch nach Formatierung und Neuinstallation des Computers vorhanden! Was nun?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2009 (2)
  12. Backup nach Virus
    Mülltonne - 20.11.2008 (0)
  13. Ständig Trojaner auf dem Rechner - auch nach Reinigung
    Mülltonne - 23.10.2008 (0)
  14. Problem mit Trojaner oder so auch nach neu Installation von XP
    Log-Analyse und Auswertung - 03.10.2008 (1)
  15. AdobeRd9.0 (Trojaner) - Auch nach Formatierung noch da...
    Plagegeister aller Art und deren Bekämpfung - 30.06.2008 (3)
  16. Trojaner nach formatieren (durch Backup)
    Plagegeister aller Art und deren Bekämpfung - 17.05.2008 (2)
  17. Trojaner-Board.de nach wie tot, stirbt .com auch ab?
    Lob, Kritik und Wünsche - 10.07.2004 (22)

Zum Thema Trojaner auch nach Backup? - Hi community, gestern Abend habe ich mir meinen Hauptpc und meinen Server über Remoteverbindung verseucht durch majorshare-Software, jedenfalls fing dabei der Ärger an. (fataler brain.exe-Ausfall) Heute morgen vom Komplettbackup gebootet, - Trojaner auch nach Backup?...
Archiv
Du betrachtest: Trojaner auch nach Backup? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.