Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows-Explorere stürzt dauerd ab

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.11.2010, 01:51   #1
Donald83
 
Windows-Explorere stürzt dauerd ab - Standard

Windows-Explorere stürzt dauerd ab



Mein Windows-Explorere stürzt andauerd ab. Nachdem er neugestatet wurde, stürzt er wieder ab. Mir ist aufgefalen, dass dies nur passiert, wenn ich auf dem Desktop bin. Ansonsten funktioniert der Explorer gut. Anti-Malware und Antivir haben nichts ergeben. Windows habe ich auch abgedated.

Hier ein HiJack-Log:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:40:50, on 16.11.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software GmbH - C:\Windows\System32\TUProgSt.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
 
--
End of file - 6479 bytes
         
Zur Info: Anscheinend scheint sich der Explorere oder jegliches Programm aufzuhängen, wenn es mit mp4-Dateien in Berührung kommt. Mit Unlock kann ich die betreffenden Dateien löschen. Infiziert scheinen die aber nicht zu sein. Auch wenn ich die Datenausführungsverhinderung einschalte passiert das.
Das System ist jetzt halbwegs stabil, aber es passiert trotzdem noch, dass sich mein Windows-Explorer aufhängt

Alt 16.11.2010, 22:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Explorere stürzt dauerd ab - Standard

Windows-Explorere stürzt dauerd ab



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 17.11.2010, 08:11   #3
Donald83
 
Windows-Explorere stürzt dauerd ab - Standard

Windows-Explorere stürzt dauerd ab



Mit dem Aktuellen Malware-Scan hab ich drei Scans

Code:
ATTFilter
alwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5129

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

17.11.2010 02:09:53
mbam-log-2010-11-17 (02-09-53).txt

Art des Suchlaufs: Vollstдndiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 308491
Laufzeit: 1 Stunde(n), 42 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlьssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bцsartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bцsartigen Objekte gefunden)

Infizierte Registrierungsschlьssel:
(Keine bцsartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bцsartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bцsartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bцsartigen Objekte gefunden)

Infizierte Dateien:
(Keine bцsartigen Objekte gefunden)
         
Code:
ATTFilter
alwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5129

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

17.11.2010 02:09:53
mbam-log-2010-11-17 (02-09-53).txt

Art des Suchlaufs: Vollstдndiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 308491
Laufzeit: 1 Stunde(n), 42 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlьssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bцsartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bцsartigen Objekte gefunden)

Infizierte Registrierungsschlьssel:
(Keine bцsartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bцsartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bцsartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bцsartigen Objekte gefunden)

Infizierte Dateien:
(Keine bцsartigen Objekte gefunden)
         

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4705

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

29.10.2010 10:03:48
mbam-log-2010-10-29 (10-03-48).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142027
Laufzeit: 7 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlьssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bцsartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bцsartigen Objekte gefunden)

Infizierte Registrierungsschlьssel:
(Keine bцsartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bцsartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bцsartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bцsartigen Objekte gefunden)

Infizierte Dateien:
(Keine bцsartigen Objekte gefunden)
         

Und hier die beiden OTL-Scans:


Code:
ATTFilter
OTL Extras logfile created on: 17.11.2010 08:00:01 - Run 3
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\*****\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,17 Gb Total Space | 58,14 Gb Free Space | 26,29% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 30,17 Gb Free Space | 12,95% Space Free | Partition Type: NTFS
Drive F: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive O: | 1397,26 Gb Total Space | 595,41 Gb Free Space | 42,61% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EE9235-A150-4C48-A164-D96B2F99AFB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{066D68DE-63AF-43A9-9012-9FEF7D48F5E3}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher | 
"{0A703FF0-EFBB-4968-A2C9-C493CBE64386}" = lport=6952 | protocol=6 | dir=in | name=league of legends launcher | 
"{0C95C3C9-0CFB-4159-A246-C8688714ED7A}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher | 
"{140689CA-D425-4CE6-967B-058BA9C1CF53}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher | 
"{1497D9C3-3E35-4C3C-9EDC-BE7B7DC3854D}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{190466B0-5961-4BAC-BB81-7EB15C82B4CE}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher | 
"{1A67A59B-E3ED-4473-885D-BBDBF7120E2A}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{1BBD4526-1E38-472E-9A0A-712C5279E99C}" = lport=6912 | protocol=17 | dir=in | name=league of legends launcher | 
"{1CC74DCB-51A2-444A-9E5B-FE4FAC925AC2}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher | 
"{20F9B4B5-7759-4A5B-BA2F-B527650A64CC}" = lport=6889 | protocol=6 | dir=in | name=league of legends launcher | 
"{22FE3D0A-B97C-4066-A25E-15F06353160D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2448302D-E526-409C-B8BE-BD3525E5113E}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{25B61A8C-5486-40B1-921E-378312EB772E}" = lport=6986 | protocol=17 | dir=in | name=league of legends launcher | 
"{2C4C0A7A-5AB8-4962-81DC-73F30F0E98CD}" = lport=6984 | protocol=17 | dir=in | name=league of legends launcher | 
"{2D4031D5-BE66-4D98-9339-C7A96B8268B4}" = lport=6986 | protocol=6 | dir=in | name=league of legends launcher | 
"{35E21838-828B-4A7B-9CBB-ABE4E5FC3761}" = lport=6898 | protocol=6 | dir=in | name=league of legends launcher | 
"{37774D1E-BE44-4D62-924A-EE6837E7BFEC}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher | 
"{37781EB3-3E4F-4296-8A50-CF18116F64CD}" = lport=6912 | protocol=6 | dir=in | name=league of legends launcher | 
"{383F5155-AD32-4D86-8D32-5E281297EDCF}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher | 
"{3BAB500F-D27C-46E7-9DDE-D409471CBE0C}" = lport=6997 | protocol=6 | dir=in | name=league of legends launcher | 
"{3BC42903-9C7A-49FA-90EF-82A837185643}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher | 
"{41EFC53D-ECDE-44AD-8184-F650D3C8AC0D}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{432F34CA-8AF7-4E92-9692-BF35A74F0231}" = lport=8372 | protocol=17 | dir=in | name=league of legends launcher | 
"{43CBCD70-C9A7-49B2-A48B-7C0982D6DCA1}" = lport=6891 | protocol=17 | dir=in | name=league of legends launcher | 
"{440A30D1-50B5-4221-9E89-83EF773A6A29}" = lport=6891 | protocol=6 | dir=in | name=league of legends launcher | 
"{46AE9F39-3632-4E03-9C41-125059FDF954}" = lport=6991 | protocol=17 | dir=in | name=league of legends launcher | 
"{4C6A5397-29EF-4C6B-AFDD-B2D39177EDFB}" = lport=6972 | protocol=6 | dir=in | name=league of legends launcher | 
"{4EB3712A-6AF0-45BD-80E7-AF24F9A6B3F6}" = lport=6977 | protocol=17 | dir=in | name=league of legends launcher | 
"{61C11934-9246-4A90-A661-9D450E550D54}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{629FD325-4BAD-4146-A33B-77D4C2B0894E}" = lport=6903 | protocol=6 | dir=in | name=league of legends launcher | 
"{634498EB-2F64-4FBE-9249-0736C6698BBE}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{6388FD9A-1579-4A80-9C12-908A192EDEBE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{64C34451-83E4-447C-A4F7-DF1B5D5D1CC7}" = lport=6969 | protocol=6 | dir=in | name=league of legends launcher | 
"{64DB6A62-3779-4A60-A741-84E54FBE64A7}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher | 
"{670E13FA-EF0E-4CCF-BD2A-BE4D95B43CB3}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{67689128-4BF1-451A-BE43-4803F7D8C543}" = lport=6903 | protocol=17 | dir=in | name=league of legends launcher | 
"{67B3C7CA-7A3A-44C2-86F7-8D6CBBEBE459}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher | 
"{69FF6524-D405-419C-AEAD-69C0358E9A09}" = lport=6972 | protocol=17 | dir=in | name=league of legends launcher | 
"{6B0CD4EB-94F8-4FC5-94CE-5AAC78DDCBAF}" = lport=6991 | protocol=6 | dir=in | name=league of legends launcher | 
"{6E79D311-3E3C-4EAF-AD69-DB3EA343FB20}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6F7E3855-003D-4DB2-920C-21AC1EFE52C8}" = lport=6952 | protocol=17 | dir=in | name=league of legends launcher | 
"{7010BC55-C976-429B-8720-46A5D205C49B}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher | 
"{70BDAFDB-BDD7-4220-B0DB-FF96F70A8728}" = lport=6969 | protocol=17 | dir=in | name=league of legends launcher | 
"{72B4E501-7A25-4723-956D-03D7856B8713}" = lport=6932 | protocol=17 | dir=in | name=league of legends launcher | 
"{78E77159-0415-4E46-A363-7413CA375D7F}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{79FE29E1-74D3-4DB0-BE56-97C325EEC35D}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher | 
"{7D653BBD-BDC0-4CBB-AF60-2D4B00FE9618}" = lport=6948 | protocol=6 | dir=in | name=league of legends launcher | 
"{82325836-2C71-47CF-B2C3-453AC886A82C}" = lport=6886 | protocol=17 | dir=in | name=league of legends launcher | 
"{85B6533F-47C2-4D30-8115-88CEDDFFCEAB}" = lport=6968 | protocol=6 | dir=in | name=league of legends launcher | 
"{88741878-86B7-4089-ABBC-84598FEB83A3}" = lport=6904 | protocol=6 | dir=in | name=league of legends launcher | 
"{89761A80-23C9-4F77-87C5-2CD1F39D70BA}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{8C0B1A97-626A-4128-8AE6-EF0D49359D4E}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{8F5F86CE-F746-414C-94AE-05B9F497486D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{90AB24DB-AA5D-43E5-8076-09C3B1DD3E0B}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher | 
"{98F06DDC-81B7-4D1D-9752-4F908867DFA7}" = lport=6932 | protocol=6 | dir=in | name=league of legends launcher | 
"{9BF3B182-F4F3-4342-9F5D-9DAB6358338F}" = lport=6886 | protocol=6 | dir=in | name=league of legends launcher | 
"{9DE16A41-901F-4DFF-953B-2F1114798904}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A0CB2EC8-742D-448F-84C9-8E30E9FCED5E}" = lport=6984 | protocol=6 | dir=in | name=league of legends launcher | 
"{A1ADB777-0581-4E24-A8BD-4D85C0D4D94B}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher | 
"{A24C12D6-16A3-4687-9525-D886B855B4AC}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher | 
"{A3226539-857A-47DC-AFC6-6599224D9B81}" = lport=6904 | protocol=17 | dir=in | name=league of legends launcher | 
"{A5DAD4AB-C8EA-43CD-9F2C-6314A4D23F12}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher | 
"{ABED8504-24C2-4671-9876-1CFF0AB4ED17}" = lport=6898 | protocol=17 | dir=in | name=league of legends launcher | 
"{AE2748A2-BC31-4EC0-BE71-4E263F1784DB}" = lport=6889 | protocol=17 | dir=in | name=league of legends launcher | 
"{AE94D441-BDD6-43E2-8D6C-4FB13EC117F8}" = lport=6898 | protocol=17 | dir=in | name=league of legends launcher | 
"{B25CFF3C-7D7F-479B-B75C-FAD4A06B7099}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher | 
"{B319DE6A-02CA-4167-BECA-592842D323C9}" = lport=6926 | protocol=17 | dir=in | name=league of legends launcher | 
"{BB3E3E37-2CFD-4BB0-A798-D200A731D037}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BE3B86A2-F85B-409A-AA46-F568AE7B6339}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher | 
"{BFD56D33-A2C2-4924-ADEB-5BB9C5C90EA5}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher | 
"{C2C87750-8095-4B86-9D7B-90D1E5244151}" = lport=6926 | protocol=6 | dir=in | name=league of legends launcher | 
"{C68E58A0-A46C-4DAD-8721-C3F3342A0C7A}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{C999072E-82AE-4DF0-9BC8-EAC267F34E67}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{CC0FA939-B454-482E-B818-F7A35C8FFAA7}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{CC2C1915-8E8C-44D7-BF79-C28295C52A53}" = lport=8372 | protocol=6 | dir=in | name=league of legends launcher | 
"{D0EC3F2D-3E9F-4C65-AD8C-02909FA7E456}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D1B504F8-0CD7-431E-9401-A274913C17C9}" = lport=6948 | protocol=17 | dir=in | name=league of legends launcher | 
"{D31B0531-28F6-4BCA-957B-B555AC63EAB6}" = lport=6977 | protocol=6 | dir=in | name=league of legends launcher | 
"{D43F9610-B6D3-43D6-99A5-6CA950530A3A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DB39D2EE-B31C-47CD-B9A9-1E948EFC15AA}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{DC96DD37-5A62-4EF3-A1F3-CD722F733930}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DCBD80DA-041B-43AB-A9F6-2F5C25026511}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DE52A8E6-6757-4B30-A8BA-B96A8DD9F37C}" = lport=6968 | protocol=17 | dir=in | name=league of legends launcher | 
"{E46CD9B4-47E8-4104-8B5A-1F74A5AE50E4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{E48E2B8F-9F38-4331-B30C-19A5F78CC624}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher | 
"{E8D68D16-4752-4C1E-B23D-A11A252E3740}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher | 
"{EE11BDF5-8034-4076-8F7E-A99A0E8C611A}" = lport=6997 | protocol=17 | dir=in | name=league of legends launcher | 
"{EEC63557-7470-4DC5-AD58-39C0058573CD}" = lport=6898 | protocol=6 | dir=in | name=league of legends launcher | 
"{F731FD1A-0BAE-4766-9370-99CA32A4216F}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F62CEE-6AEF-4F79-A718-34CE011DDB29}" = protocol=17 | dir=in | app=d:\spiele\league of legends\game\league of legends.exe | 
"{0ED3BE40-6948-492F-BB71-B20472E97C87}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1379B3FF-4C5A-498C-873B-43565A590422}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | 
"{1414D924-A300-4BB8-B2AC-DD3EEBAFA2E3}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base16561\sc2.exe | 
"{17E2A48C-3958-4C35-8F9B-BFE2B0DE41C9}" = protocol=6 | dir=in | app=d:\spiele\league of legends\air\lolclient.exe | 
"{2550D536-1344-48DA-9506-C810EE4CEE09}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{28B3E006-97EA-48F2-B7BD-9E1F31351DB4}" = protocol=17 | dir=in | app=d:\spiele\league of legends\game\league of legends.exe | 
"{2C6D3B2F-71A9-4E9D-B600-6497C30256CE}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base16561\sc2.exe | 
"{36681CAF-140D-4A33-B48A-F0F239CF1263}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{372E5534-7339-4982-B844-19E689910AE1}" = protocol=17 | dir=in | app=d:\spiele\dragon age\bin_ship\daorigins.exe | 
"{38928C89-A4BD-4EB3-8B91-A628A0B03CE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3ECDE124-D1AC-443F-B74F-26CBC994D6AC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{40CAADE1-BCC8-4D41-959D-47B12BB11F41}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4B54512D-01CB-4668-BC5A-DCD5EFC68BE5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4BB43F2B-DFE8-4FEC-B2CC-A0A701AF84E0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{4C923F51-D18D-4990-8764-881554747138}" = protocol=17 | dir=in | app=d:\spiele\dragon age\daoriginslauncher.exe | 
"{5A5FB2BA-88A1-4A6A-BFF7-FA20839DC33B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7AD3582C-E708-47A4-B048-8850BB9395E2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{813262D8-E91A-4446-80AA-4F8163723AD7}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"{8878BC13-C04C-4565-9257-2274421C968A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A8D9666-F3D2-4574-88D7-CA5C2DE06487}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{97D38BD9-818E-410D-A21B-073E417AD70B}" = protocol=17 | dir=in | app=d:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | 
"{9893DA45-6328-4687-83F7-D187EE8E4F44}" = protocol=17 | dir=in | app=d:\spiele\league of legends\lol.launcher.exe | 
"{9965532F-5337-49C8-8252-5A432723051B}" = protocol=6 | dir=in | app=d:\spiele\dragon age\bin_ship\daorigins.exe | 
"{9D7C6265-0D5C-4E06-B1DA-7675D325B543}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A107F0B3-ECA6-43CA-B9BE-833B8A009B98}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A13DE1C4-2BF7-4CEF-A2B8-DCFCA8736CE0}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{A4A37CD0-6017-4BC2-8F2B-7B0016D76701}" = protocol=17 | dir=in | app=d:\spiele\league of legends\air\lolclient.exe | 
"{AA2C167B-072E-4AAB-A092-3054A757F93D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B3A088FC-2A71-4824-B6C1-4B5EAE6B203F}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{B5F1BD3E-7295-48B0-9872-22649D58BA5F}" = protocol=6 | dir=in | app=d:\spiele\league of legends\game\league of legends.exe | 
"{B67E0E20-6533-4634-9C9A-AB514847AFB6}" = protocol=17 | dir=in | app=d:\spiele\league of legends\air\lolclient.exe | 
"{B710CCBC-64D5-4D34-89DC-AF7551F9A475}" = protocol=6 | dir=in | app=d:\spiele\league of legends\air\lolclient.exe | 
"{B7BCFE36-D43A-4820-8543-BE332B9F3151}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{BB118629-82A3-45FC-B32B-285F8877A1B8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{BC278DF2-42BB-4E3E-9862-9AD64748148F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C3D9D5FE-15D7-4A4B-904D-EE3784921E23}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"{C7340AB6-5E19-4C92-895E-8410BD607DD2}" = dir=in | app=d:\spiele\command and conquere\retailexe\1.8\cnc3game.dat | 
"{CC890FC2-263B-4799-BCCD-8F41A2F92938}" = protocol=6 | dir=in | app=d:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | 
"{CE545EE2-38AD-4FFB-9781-0FD795CB5341}" = protocol=6 | dir=in | app=d:\spiele\league of legends\game\league of legends.exe | 
"{CEC4059A-802C-4D6F-B56A-A4868D799940}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CF361CC8-E4E8-4E3B-BE96-E003AF482698}" = protocol=6 | dir=in | app=d:\spiele\dragon age\daoriginslauncher.exe | 
"{D080B646-1E48-4279-9E54-733C392DF89F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D3FE7C61-C54E-43DE-A040-B2E17E319363}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | 
"{DD65BED9-9C07-4D1F-8275-7807A443C258}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{EFA26686-299F-44EA-94D8-30223483E885}" = protocol=6 | dir=in | app=d:\spiele\league of legends\lol.launcher.exe | 
"{F21B3CF8-F97A-402C-BA7F-CC3D39204D6E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{0BE1FAE7-0C91-4B6D-AF0D-E2D7DE34B1BB}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{16FCE762-C13B-4155-8514-B439E7D667C8}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
"TCP Query User{51B7DED7-678E-42CA-88B9-B9A7BEEA9857}D:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"TCP Query User{68FA9294-1778-451F-98F8-1B2EC1AA17EE}C:\spiele\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft\starcraft.exe | 
"TCP Query User{76AC685F-E5B7-4AF0-B772-8A24AA5B3D7F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{7BC59B46-D2CD-4E04-9108-1736C4249688}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{7C4FF448-A5B9-4218-919F-D283FEE022F2}D:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"TCP Query User{B0A71885-3E7B-41D1-8F71-1294B5D5AE6D}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{B0E6FB1C-F230-4F3E-8CF1-1D6FFA83AD99}D:\spiele\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{C563C1C0-A7D8-4F73-9BC7-53A67AAE0F26}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
"TCP Query User{E1242A39-59FC-4A63-BCA7-CD5041731657}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{F204888F-6643-44C7-824A-990D2EE9EF58}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{236BEEB4-6086-4F4C-8704-57A77BB026BE}D:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"UDP Query User{241D85B1-D2AB-46F0-9E3A-959221CF9926}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
"UDP Query User{40491C1C-6392-454D-BE3E-C5620F74D2E4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{45EF7D8F-2AD0-40C2-BAEE-DB59D37501EF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{7A286520-51BF-46C4-9DF4-FE4F696E270F}D:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"UDP Query User{98E2F8E0-FFDC-408F-98C6-87A23E534C04}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{B387DD6D-1448-4B0F-8B58-F67D08610AAE}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{B793F513-67CB-4680-8760-EA2025BE539A}D:\spiele\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{BE7DB92B-FBA0-4B8A-A796-F70CE8F9D301}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{D4AFBC30-D21F-46F4-B7C7-DB64F0F1A2D7}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{EA16B840-770F-4ED5-8BE3-997FD7B2D170}C:\spiele\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft\starcraft.exe | 
"UDP Query User{F296A832-2C0B-4F55-985A-6FE8C57CDC4D}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200F584F-848D-4B6B-B1A1-C74D735F18A4}" = InstallRTC
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62B002C5-1AB3-11D8-8092-00E018B21FC0}" = USB Mass Storage Toolbox
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B136F351-BF1E-4948-9557-FA6524302ACA}" = SPSS 14.0 für Windows
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Sitecom Europe
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D48EAA77-E526-41EB-894C-BD6A17EABD95}" = TMPGEnc 3.0 XPress
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF4EA1D8-E44E-41BA-B4C4-B4BEFDFCF2AC}" = DaViDeo 4 professional
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD54066C-59C6-475B-B8A0-A0D26969D8E2}" = Pinnacle PCTV MCE
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVI & MPEG Splitter_is1" = AVI & MPEG Splitter 1.48
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileHippo.com" = FileHippo.com Update Checker
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"HijackThis" = HijackThis 2.0.2
"HyperCam 2" = HyperCam 2
"InstallShield_{EF4EA1D8-E44E-41BA-B4C4-B4BEFDFCF2AC}" = DaViDeo 4 professional
"IsoBuster_is1" = IsoBuster 2.8
"League of Legends_is1" = League of Legends
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MAGIX Foto Clinic 5.5 D" = MAGIX Foto Clinic 5.5 (D)
"MAGIX Fotos auf CD & DVD 5.5 e-version D" = MAGIX Fotos auf CD & DVD 5.5 e-version (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0b7 (x86 de)" = Mozilla Firefox 4.0b7 (x86 de)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 12.0" = RealPlayer
"Secunia PSI" = Secunia PSI
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.9.0
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 0.9.8a
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"X10Hardware" = X10 Hardware(TM)
"XviD" = XviD MPEG-4 Codec
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.11.2010 06:01:50 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul QuickTime.qts_unloaded, Version 0.0.0.0, Zeitstempel
 0x4c87d299, Ausnahmecode 0xc0000005, Fehleroffset 0x5e3ebb69,  Prozess-ID 0x1748,
 Anwendungsstartzeit 01cb85748972ec00.
 
Error - 16.11.2010 06:02:10 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x5f30bb69,  Prozess-ID 0x15c4, Anwendungsstartzeit
 01cb85754ba4cdfc.
 
Error - 16.11.2010 06:02:26 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul rpcontrols1.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4c078b43, Ausnahmecode 0xc0000005, Fehleroffset 0x626dbb69,  Prozess-ID 0x29c, 
Anwendungsstartzeit 01cb8575570c6263.
 
Error - 16.11.2010 06:02:41 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul rpcontrols1.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4c078b43, Ausnahmecode 0xc0000005, Fehleroffset 0x626dbb69,  Prozess-ID 0x8e0, 
Anwendungsstartzeit 01cb8575602f4545.
 
Error - 16.11.2010 06:02:57 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul rpcontrols1.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4c078b43, Ausnahmecode 0xc0000005, Fehleroffset 0x626dbb69,  Prozess-ID 0x13e0,
 Anwendungsstartzeit 01cb857569a0d5c1.
 
Error - 16.11.2010 06:03:13 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul rpcontrols1.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4c078b43, Ausnahmecode 0xc0000005, Fehleroffset 0x626dbb69,  Prozess-ID 0x168c,
 Anwendungsstartzeit 01cb85757325790d.
 
Error - 16.11.2010 06:03:34 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x626dbb69,  Prozess-ID 0xae4, Anwendungsstartzeit
 01cb85757c991cc9.
 
Error - 16.11.2010 06:05:52 | Computer Name = ***** | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 16.11.2010 06:10:45 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x6363bb69,  Prozess-ID 0x428, Anwendungsstartzeit
 01cb8575d5acf957.
 
Error - 16.11.2010 15:42:17 | Computer Name = ***** | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ Media Center Events ]
Error - 07.03.2008 14:31:04 | Computer Name = ***** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 13.03.2008 23:26:30 | Computer Name = ***** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 30.03.2008 21:10:38 | Computer Name = ***** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 21.04.2008 13:16:22 | Computer Name = ***** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
 Win32 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center
 Guide 
 
Error - 09.02.2009 10:54:01 | Computer Name = ***** | Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
 Uberprufen Sie die Internetverbindungseinstellungen. Wenn die Verbindung uber einen
 Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgema?
 konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton

 
Error - 09.02.2009 10:54:02 | Computer Name = ***** | Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
 Uberprufen Sie die Internetverbindungseinstellungen. Wenn die Verbindung uber einen
 Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgema?
 konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton

 
Error - 21.04.2009 10:42:06 | Computer Name = Chris-PC | Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
 Uberprufen Sie die Internetverbindungseinstellungen. Wenn die Verbindung uber einen
 Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgema?
 konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton

 
Error - 21.04.2009 10:42:06 | Computer Name = *****| Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
 Uberprufen Sie die Internetverbindungseinstellungen. Wenn die Verbindung uber einen
 Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgema?
 konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton

 
Error - 28.06.2009 06:51:36 | Computer Name = ***** | Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
 Uberprufen Sie die Internetverbindungseinstellungen. Wenn die Verbindung uber einen
 Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgema?
 konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton

 
Error - 28.06.2009 06:51:36 | Computer Name = ***** | Source = Media Center Guide | ID = 13
Description = Ereignisinformationen: Fehler beim Downloaden neuer TV-Programmdaten.
 Uberprufen Sie die Internetverbindungseinstellungen. Wenn die Verbindung uber einen
 Firewall oder Proxyserver hergestellt wird, stellen Sie sicher, dass dieser ordnungsgema?
 konfiguriert ist. Prozess: DefaultDomain Objektname: Microsoft.Ehome.Epg.EhepgdatSingleton

 
[ System Events ]
Error - 15.11.2010 10:51:10 | Computer Name = ***** | Source = Print | ID = 6161
Description = Das Dokument Der Einfluss des Kindergartens.pdf im Besitz von Chris
 konnte nicht auf dem Drucker Canon iP4200 gedruckt werden. Versuchen Sie erneut,
 das Dokument zu drucken, oder starten Sie den Druckspooler erneut.   Datentyp: NT
 EMF 1.008. Gro?e der Spooldatei in Bytes: 45393740. Anzahl der gedruckten Bytes:
 17205204. Gesamtanzahl der Seiten des Dokuments: 8. Anzahl der gedruckten Seiten:
 0. Clientcomputer: \\CHRIS-PC. Vom Druckprozessor zuruckgegebener Win32-Fehlercode:
 1. Unzulassige Funktion.  
 
Error - 15.11.2010 10:56:12 | Computer Name = ***** | Source = Print | ID = 6161
Description = Das Dokument Der Einfluss des Kindergartens.pdf im Besitz von Chris
 konnte nicht auf dem Drucker Canon iP4200 gedruckt werden. Versuchen Sie erneut,
 das Dokument zu drucken, oder starten Sie den Druckspooler erneut.   Datentyp: NT
 EMF 1.008. Gro?e der Spooldatei in Bytes: 46376780. Anzahl der gedruckten Bytes:
 10167136. Gesamtanzahl der Seiten des Dokuments: 8. Anzahl der gedruckten Seiten:
 0. Clientcomputer: \\CHRIS-PC. Vom Druckprozessor zuruckgegebener Win32-Fehlercode:
 1. Unzulassige Funktion.  
 
Error - 15.11.2010 19:25:59 | Computer Name = ***** | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 15.11.2010 19:26:29 | Computer Name = ***** | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 15.11.2010 19:26:59 | Computer Name = ***** | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 15.11.2010 19:27:29 | Computer Name = ***** | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 15.11.2010 20:21:17 | Computer Name = ***** | Source = DCOM | ID = 10010
Description = 
 
Error - 15.11.2010 22:19:43 | Computer Name = ***** | Source = DCOM | ID = 10010
Description = 
 
Error - 16.11.2010 05:05:31 | Computer Name = ***** | Source = DCOM | ID = 10010
Description = 
 
Error - 16.11.2010 06:03:43 | Computer Name = ***** | Source = DCOM | ID = 10010
Description = 
 
[ TuneUp Events ]
Error - 02.11.2010 08:11:36 | Computer Name = ***** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-02 13:11:36', '\device\harddiskvolume2\program
 files\sid meier's civilization v\launcher.exe','3776',0)
 
Error - 02.11.2010 08:11:57 | Computer Name = ***** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-02 13:11:57', '\device\harddiskvolume2\program
 files\sid meier's civilization v\civilizationv.exe','2968',0)
 
Error - 03.11.2010 18:22:39 | Computer Name = ***** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-03 23:22:39', '\device\harddiskvolume2\program
 files\sid meier's civilization v\launcher.exe','5400',0)
 
Error - 03.11.2010 18:22:44 | Computer Name = ***** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-03 23:22:44', '\device\harddiskvolume2\program
 files\sid meier's civilization v\civilizationv.exe','3060',0)
 
Error - 04.11.2010 07:15:56 | Computer Name = ***** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-04 12:15:56', '\device\harddiskvolume2\program
 files\sid meier's civilization v\launcher.exe','5184',0)
 
Error - 04.11.2010 07:17:06 | Computer Name = ***** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-04 12:17:06', '\device\harddiskvolume2\program
 files\sid meier's civilization v\civilizationv.exe','3804',0)
 
Error - 04.11.2010 10:18:49 | Computer Name = ***** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-04 15:18:49', '\device\harddiskvolume2\program
 files\sid meier's civilization v\launcher.exe','504',0)
 
Error - 04.11.2010 10:18:54 | Computer Name = ***** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-04 15:18:54', '\device\harddiskvolume2\program
 files\sid meier's civilization v\civilizationv.exe','472',0)
 
Error - 15.11.2010 20:33:28 | Computer Name = ***** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-16 01:33:28', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','3252',0)
 
Error - 16.11.2010 19:26:42 | Computer Name = ***** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-11-17 00:26:42', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','284',0)
 
 
< End of report >
         







Code:
ATTFilter
OTL logfile created on: 17.11.2010 08:00:01 - Run 3
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\*****\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,17 Gb Total Space | 58,14 Gb Free Space | 26,29% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 30,17 Gb Free Space | 12,95% Space Free | Partition Type: NTFS
Drive F: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive O: | 1397,26 Gb Total Space | 595,41 Gb Free Space | 42,61% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chris\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox 4.0 Beta 6\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox 4.0 Beta 6\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\eMule\emule.exe (hxxp://www.emule-project.net)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software GmbH)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software GmbH)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (ddxgb) -- C:\Users\Chris\AppData\Local\Temp\ddxgb.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc.              )
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (xfilt) -- C:\Windows\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbd) -- C:\Windows\System32\drivers\TosRfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\TosRfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\Tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.arcor.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010.11.11 17:17:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2010.09.26 23:01:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.29 00:27:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.07 12:26:26 | 000,000,000 | ---D | M]
 
[2010.09.24 15:19:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2010.09.24 15:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.29 08:56:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\0hkidv9q.default\extensions
[2010.06.29 09:59:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\0hkidv9q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.27 22:39:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\0hkidv9q.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008.02.18 13:15:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\0hkidv9q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.10.29 08:55:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\0hkidv9q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.14 23:35:21 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\0hkidv9q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.29 14:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\0hkidv9q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.16 23:32:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\0hkidv9q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.10.08 12:19:37 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\0hkidv9q.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.10.10 12:25:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\0hkidv9q.default\extensions\DefaultManager@Microsoft
[2010.02.04 01:24:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\0hkidv9q.default\extensions\moveplayer@movenetworks.com
[2009.11.06 09:36:00 | 000,002,171 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\0hkidv9q.default\searchplugins\bing.xml
[2010.07.29 14:45:54 | 000,000,873 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\0hkidv9q.default\searchplugins\conduit.xml
[2010.11.13 13:01:26 | 000,001,056 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\0hkidv9q.default\searchplugins\icqplugin.xml
[2010.09.22 12:59:15 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.06.03 21:19:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008.06.30 23:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
 
O1 HOSTS File: ([2010.09.23 21:46:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe (hxxp://www.emule-project.net)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.11.01 04:47:57 | 000,000,000 | R--D | M] - F:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005.11.01 04:09:50 | 000,729,088 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 04:43:36 | 000,000,160 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005.10.14 09:02:16 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2010.01.21 03:47:35 | 000,000,000 | RH-D | M] - O:\autorun -- [ NTFS ]
O32 - Unable to obtain root file information for disk O:\
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.16 10:37:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\QuickStoresToolbar
[2010.11.16 10:37:20 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
[2010.11.16 01:40:21 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.11.04 10:42:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Blumio
[2010.10.29 08:55:40 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.10.26 22:55:19 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.10.26 22:55:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.10.26 22:55:16 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.10.24 11:28:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.10.24 11:28:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.10.24 11:28:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2008.12.27 16:31:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Chris\Desktop\*.tmp files -> C:\Users\Chris\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.17 08:00:00 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.11.17 07:06:56 | 000,206,537 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.11.17 07:06:55 | 000,206,537 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.11.17 06:42:31 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.17 06:42:31 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.16 20:42:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.16 15:11:27 | 000,299,226 | ---- | M] () -- C:\Users\Chris\Desktop\151-148-1-PB.pdf
[2010.11.16 15:03:33 | 000,170,882 | ---- | M] () -- C:\Users\Chris\Desktop\hoffmann_schule.pdf
[2010.11.16 14:48:19 | 001,061,188 | ---- | M] () -- C:\Users\Chris\Desktop\iv06_akibilanz4a.pdf
[2010.11.16 14:28:15 | 000,302,080 | ---- | M] () -- C:\Users\Chris\Desktop\rainer_geissler_-_die_metamorphose_der_katholischen_arbeitertochter_zum_migrantensohn.doc
[2010.11.16 13:57:20 | 000,180,224 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.16 01:40:21 | 000,001,880 | ---- | M] () -- C:\Users\Chris\Desktop\HijackThis.lnk
[2010.11.16 01:09:24 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.11.16 00:25:04 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.11.15 13:23:46 | 000,303,970 | ---- | M] () -- C:\Users\Chris\Desktop\Der Einfluss des Kindergartens.pdf
[2010.11.15 12:48:11 | 000,147,019 | ---- | M] () -- C:\Users\Chris\Desktop\Integration und Ganztagsbildung.docx
[2010.11.15 12:47:54 | 005,246,597 | ---- | M] () -- C:\Users\Chris\Desktop\Sprachliche Leistungen in der Einschulungsuntersuchung.pdf
[2010.11.15 12:36:00 | 000,654,650 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.15 12:36:00 | 000,616,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.15 12:36:00 | 000,137,000 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.15 12:36:00 | 000,112,060 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.15 10:25:29 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.14 18:59:41 | 002,419,661 | ---- | M] () -- C:\Users\Chris\Desktop\Deutsches_Reich1.jpg
[2010.11.14 18:53:10 | 000,003,129 | ---- | M] () -- C:\Users\Chris\Documents\Mastersongs.m3u
[2010.11.13 21:57:56 | 000,065,536 | ---- | M] () -- C:\Users\Chris\Desktop\fc3fd199-00f5-467f-9a66-686b84cde99e.jpg
[2010.11.12 14:34:48 | 000,524,935 | ---- | M] () -- C:\Users\Chris\Desktop\05314.pdf
[2010.11.12 10:46:49 | 000,071,693 | ---- | M] () -- C:\Users\Chris\Desktop\Schulen nach Form des Ganztagsangebots 2008.jpg
[2010.11.11 15:44:32 | 001,646,206 | ---- | M] () -- C:\Users\Chris\Desktop\kita_regional.pdf
[2010.11.09 20:45:18 | 1623,351,296 | ---- | M] () -- C:\Users\Chris\Desktop\exq-avatar.erw.kino-xvid-b.avi
[2010.11.09 19:39:22 | 1464,657,920 | ---- | M] () -- C:\Users\Chris\Desktop\exq-avatar.erw.kino-xvid-a.avi
[2010.11.09 16:31:00 | 000,201,840 | ---- | M] () -- C:\Users\Chris\Desktop\steuer09_anlage_kap.pdf
[2010.11.08 19:52:57 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.11.08 19:52:57 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.04 11:19:23 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.11.04 11:15:39 | 000,319,982 | ---- | M] () -- C:\Users\Chris\Desktop\GTS_2008.pdf
[2010.10.24 11:26:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.10.24 11:26:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.10.24 11:26:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.10.24 11:26:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Chris\Desktop\*.tmp files -> C:\Users\Chris\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.16 15:11:26 | 000,299,226 | ---- | C] () -- C:\Users\Chris\Desktop\151-148-1-PB.pdf
[2010.11.16 15:03:33 | 000,170,882 | ---- | C] () -- C:\Users\Chris\Desktop\hoffmann_schule.pdf
[2010.11.16 14:48:19 | 001,061,188 | ---- | C] () -- C:\Users\Chris\Desktop\iv06_akibilanz4a.pdf
[2010.11.16 14:28:14 | 000,302,080 | ---- | C] () -- C:\Users\Chris\Desktop\rainer_geissler_-_die_metamorphose_der_katholischen_arbeitertochter_zum_migrantensohn.doc
[2010.11.16 01:40:21 | 000,001,880 | ---- | C] () -- C:\Users\Chris\Desktop\HijackThis.lnk
[2010.11.15 12:47:54 | 005,246,597 | ---- | C] () -- C:\Users\Chris\Desktop\Sprachliche Leistungen in der Einschulungsuntersuchung.pdf
[2010.11.15 12:27:34 | 000,303,970 | ---- | C] () -- C:\Users\Chris\Desktop\Der Einfluss des Kindergartens.pdf
[2010.11.15 10:25:29 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.14 18:59:39 | 002,419,661 | ---- | C] () -- C:\Users\Chris\Desktop\Deutsches_Reich1.jpg
[2010.11.14 18:53:10 | 000,003,129 | ---- | C] () -- C:\Users\Chris\Documents\Mastersongs.m3u
[2010.11.14 15:30:50 | 1623,351,296 | ---- | C] () -- C:\Users\Chris\Desktop\exq-avatar.erw.kino-xvid-b.avi
[2010.11.14 15:28:02 | 1464,657,920 | ---- | C] () -- C:\Users\Chris\Desktop\exq-avatar.erw.kino-xvid-a.avi
[2010.11.13 21:57:56 | 000,065,536 | ---- | C] () -- C:\Users\Chris\Desktop\fc3fd199-00f5-467f-9a66-686b84cde99e.jpg
[2010.11.12 14:34:48 | 000,524,935 | ---- | C] () -- C:\Users\Chris\Desktop\05314.pdf
[2010.11.12 10:46:48 | 000,071,693 | ---- | C] () -- C:\Users\Chris\Desktop\Schulen nach Form des Ganztagsangebots 2008.jpg
[2010.11.11 15:44:32 | 001,646,206 | ---- | C] () -- C:\Users\Chris\Desktop\kita_regional.pdf
[2010.11.09 16:27:23 | 000,201,840 | ---- | C] () -- C:\Users\Chris\Desktop\steuer09_anlage_kap.pdf
[2010.11.04 12:14:16 | 000,147,019 | ---- | C] () -- C:\Users\Chris\Desktop\Integration und Ganztagsbildung.docx
[2010.11.04 11:15:39 | 000,319,982 | ---- | C] () -- C:\Users\Chris\Desktop\GTS_2008.pdf
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.08.25 16:33:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.29 01:25:39 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.19 12:36:31 | 000,206,537 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.19 12:36:30 | 000,206,537 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.19 19:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.03.24 17:19:25 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.03.24 17:19:24 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.03.24 17:19:24 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008.12.28 18:37:03 | 000,000,671 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2008.12.27 16:34:30 | 000,000,033 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.log
[2008.12.27 16:31:19 | 000,007,887 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2008.12.27 16:31:19 | 000,001,144 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
[2008.08.27 01:01:40 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008.08.27 01:00:40 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2008.08.27 01:00:40 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2008.08.27 01:00:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2008.08.27 01:00:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2008.08.27 01:00:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2008.08.27 01:00:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2008.06.23 13:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.31 11:23:51 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.05.23 17:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008.05.15 16:46:34 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.05.15 16:46:25 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2008.04.01 15:56:08 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.04.01 15:56:06 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007.12.14 16:32:08 | 000,000,321 | ---- | C] () -- C:\Windows\homeDVD-Fotos5_5.INI
[2007.11.30 17:08:17 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007.11.22 13:53:48 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2007.11.18 11:25:48 | 000,000,016 | -H-- | C] () -- C:\Programme\mxfilerelatedcache.mxc2
[2007.09.26 21:17:59 | 000,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2007.09.26 21:17:59 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.09.09 13:32:52 | 000,135,168 | ---- | C] () -- C:\Windows\System32\DVDEncoder.dll
[2007.09.08 15:30:29 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.08.03 15:29:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\DVDKeyAuth.dll
[2007.05.29 07:55:10 | 000,008,220 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007.05.28 17:52:17 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.04.08 18:51:16 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.04.08 18:12:41 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2007.04.08 15:45:56 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007.03.14 15:47:22 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2007.03.08 23:32:11 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2007.03.01 21:58:48 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS78.DLL
[2007.02.28 16:44:53 | 000,001,356 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2007.02.27 15:05:43 | 000,000,646 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.02.27 03:47:14 | 000,000,632 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2007.02.27 03:38:15 | 000,000,402 | ---- | C] () -- C:\Windows\wininit.ini
[2007.02.27 02:32:35 | 000,180,224 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.27 08:26:56 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006.04.13 10:30:06 | 001,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2004.12.14 12:04:48 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004.12.14 12:02:49 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2004.12.02 14:20:18 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2004.09.22 09:09:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004.08.30 12:26:16 | 000,389,120 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2004.07.20 16:04:02 | 000,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2004.01.15 13:43:28 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TBTMonUI.dll
[2003.07.29 14:33:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\TosHidAPI.dll
[2000.04.10 11:33:28 | 000,027,494 | ---- | C] () -- C:\Programme\Troubleshooting.htm
[2000.04.10 11:31:42 | 000,054,272 | ---- | C] () -- C:\Programme\Troubleshooting.doc
[2000.04.10 11:31:42 | 000,021,473 | ---- | C] () -- C:\Programme\Update.txt
 
========== Files - Unicode (All) ==========
[2007.02.25 09:27:30 | 000,904,439 | ---- | C] ()(C:\Umweltbewu?tsein 2006.pdf) -- C:\Umweltbewußtsein 2006.pdf
[2007.02.22 21:57:32 | 000,904,439 | ---- | M] ()(C:\Umweltbewu?tsein 2006.pdf) -- C:\Umweltbewußtsein 2006.pdf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:9AEE100C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129

< End of report >
         
__________________

Alt 17.11.2010, 13:18   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Explorere stürzt dauerd ab - Standard

Windows-Explorere stürzt dauerd ab



Ältere Logs von Malwarebytes mit Funden gibt es nicht?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.11.2010, 13:32   #5
Donald83
 
Windows-Explorere stürzt dauerd ab - Standard

Windows-Explorere stürzt dauerd ab



Ich hab ja zweimal das selbe LOG gepostet, sorry.
Hier hab ich noch einen, wo er was gefunden hatte, aber das war nur einen Tag früher.
Sonst habe ich keine Malware-Logs

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4705

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

16.11.2010 09:40:27
mbam-log-2010-11-16 (09-40-27).txt

Art des Suchlaufs: Vollstдndiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 304862
Laufzeit: 4 Stunde(n), 9 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlьssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bцsartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bцsartigen Objekte gefunden)

Infizierte Registrierungsschlьssel:
(Keine bцsartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bцsartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bцsartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bцsartigen Objekte gefunden)

Infizierte Dateien:
C:\Downloads\Microsoft Windows Key Gen 2003 Or Xp Pro Or Office-Xp Keygen\XPKey.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
         


Alt 17.11.2010, 16:10   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows-Explorere stürzt dauerd ab - Standard

Windows-Explorere stürzt dauerd ab



Zitat:
C:\Downloads\Microsoft Windows Key Gen 2003 Or Xp Pro Or Office-Xp Keygen\XPKey.exe
Dann ist ein infiziertes/zickiges Windows auch kein Wunder

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
--> Windows-Explorere stürzt dauerd ab

Alt 17.11.2010, 16:30   #7
Donald83
 
Windows-Explorere stürzt dauerd ab - Standard

Windows-Explorere stürzt dauerd ab



Aber ich habe garkein Xp, ich hab Vista und das ist eine lizensierte Version.
Keien Ahnung, wo der Keygenerator herkommt. Der muss uralt sein, wurde aber nicht für meinen PC benutzt. Der muss mindestens schon 3 Jahre auf dem PC sein, da hat sich mal ein Kumpel den runtergeladen, soweit ich mich erinnere. Kann das denn auch Schaden anrichten, wenn ich das garnicht benutze?

Geändert von Donald83 (17.11.2010 um 16:36 Uhr)

Antwort

Themen zu Windows-Explorere stürzt dauerd ab
adobe, antivir, antivir guard, avg, avira, bho, browser, converter, defender, desktop, excel, explorer absturt neustart, firefox, hijackthis, home, internet, internet explorer, logfile, mozilla, mp3, nvidia, plug-in, senden, software, symantec, system, unlock, vista, vodafone, windows-explorere




Ähnliche Themen: Windows-Explorere stürzt dauerd ab


  1. Windows 7 - Windows Explorer stürzt dauernd ab und Update KB3046482 lässt sich nicht installieren
    Alles rund um Windows - 31.05.2015 (12)
  2. Windows Explorere funktioniert nicht mehr - Aufgabenplanung
    Alles rund um Windows - 29.11.2014 (1)
  3. Windows 7: Windows Version Installer (Schadprogramm); Laptop läuft heiß, Lüfter arbeitet auf Hochleistung; Firefox stürzt ab.
    Log-Analyse und Auswertung - 07.11.2014 (17)
  4. Windows 7 nach Zurücksetzen auf Werkseinstellungen extrem langsam, Windows Explorer stürzt dauernd ab
    Log-Analyse und Auswertung - 22.06.2014 (13)
  5. Windows 7 stürzt unregelmäßig ab - C:\Windows\Minidump\061014-20482-01.dmp
    Plagegeister aller Art und deren Bekämpfung - 12.06.2014 (7)
  6. Windows 7 friert ein und stürzt ab
    Log-Analyse und Auswertung - 20.11.2013 (25)
  7. Windows 7 - Windows Explorer stürzt andauernd ab!
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (36)
  8. Windows 7: Windows Explorer stürzt ab, vermutlich nach Druckerinstallation
    Alles rund um Windows - 05.09.2013 (4)
  9. Ständiges Aufhängen des PC's und seit eben dauerd aufploppende Infos PC Problemen
    Plagegeister aller Art und deren Bekämpfung - 01.08.2013 (7)
  10. W7 Windows Explorer stürzt ab
    Log-Analyse und Auswertung - 03.07.2012 (6)
  11. Kaspersky sagt windows explorere versucht ständig eine Datei runterzuladen
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (1)
  12. IE Fenster öffnet sich bei Windows Start / Windows stürzt ab
    Log-Analyse und Auswertung - 28.09.2009 (9)
  13. Pc läuft, stürzt ab, fährt hoch und stürzt sofort beim Reboot wieder ab
    Plagegeister aller Art und deren Bekämpfung - 08.08.2008 (14)
  14. Internet Explorere öffnet sich automatisch und zeigt Werbungen
    Log-Analyse und Auswertung - 25.06.2008 (5)
  15. Explorere verursacht Fehler
    Plagegeister aller Art und deren Bekämpfung - 06.05.2005 (1)
  16. Windows Explorer stürzt ab
    Log-Analyse und Auswertung - 06.05.2005 (2)
  17. IE explorere, auto:blank
    Log-Analyse und Auswertung - 20.01.2005 (14)

Zum Thema Windows-Explorere stürzt dauerd ab - Mein Windows-Explorere stürzt andauerd ab. Nachdem er neugestatet wurde, stürzt er wieder ab. Mir ist aufgefalen, dass dies nur passiert, wenn ich auf dem Desktop bin. Ansonsten funktioniert der Explorer - Windows-Explorere stürzt dauerd ab...
Archiv
Du betrachtest: Windows-Explorere stürzt dauerd ab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.