| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SecurityTool entfernt, aber Unsicherheit, ob es wirklich weg istWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.11.2010, 17:38
| #1 |
| |  SecurityTool entfernt, aber Unsicherheit, ob es wirklich weg ist Servus, auch ich habe mir bescheidenerweise dieses Tool eingefangen. Bis eben hatte es mir das System so zerschossen, dass ich Windows ned mal mehr starten konnte. Das geht jetzt wieder, allerdings geht mir momentan das Tool teilweise noch auf die Nerven. Ich habe eure Anleitung gelesen und wollte nun hier gern die Logs posten, damit eventuell jemand nachschauen kann, ob jetzt wieder alles in Ordnung ist. Wäre toll, wenn jemand so nett wäre und mir helfen könnte. Da ich vorher bereits gelesen und die Anleitung Schritt für Schritt befolgt habe, hier nun direkt die Logfiles, die ihr benötigt: Hier das Malwarebytes-Logfile: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5204
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
28.11.2010 16:50:29
mbam-log-2010-11-28 (16-50-29).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 427498
Laufzeit: 2 Stunde(n), 6 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 15
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{28eb0708-cb60-5afe-919a-f6949664a414} (Trojan.Zbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\portwexexe.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\portwexexe.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Roaming\Utyhte\uzydo.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\portwexexe.exe\portwexexe.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\633895.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6LH4AAEB\1014[1].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9K8I1JF\az[1].exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QH415Y1S\inst[1].exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YZ0UEEB3\fda[1].exe (Trojan.Zbot) -> Quarantined and deleted successfully.
D:\Arbeit\dings\porrasturvat\msvcp60.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Cryptload\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
D:\Cryptload\ocr\rapidshare.com\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
D:\Programme\Adobe Illustrator CS4\Patch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Programme\Adobe Illustrator CS4\Adobe Illustrator CS4\Patch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Windows\System32\khfFWqnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 28.11.2010 17:05:14 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 34,00 Gb Total Space | 0,87 Gb Free Space | 2,55% Space Free | Partition Type: NTFS Drive D: | 198,88 Gb Total Space | 9,30 Gb Free Space | 4,67% Space Free | Partition Type: NTFS Computer Name: DIAGNOSE | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - D:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo) PRC - D:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Programme\1&1\FritzBox Starter\IGDCTRL.EXE (AVM Berlin) PRC - D:\Programme\ObjectDock\ObjectDock.exe (Stardock) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - D:\Programme\ObjectDock\DockShellHook.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (a2free) -- D:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (vvdsvc) -- C:\Windows\System32\Nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (EPGService) -- D:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works) SRV - (CacheBoost Service) -- C:\Programme\Systweak\Systweak CacheBoost\cbSrv.exe (Systweak Inc) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (CVPND) -- D:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (IGDCTRL) -- D:\Programme\1&1\FritzBox Starter\IGDCTRL.EXE (AVM Berlin) SRV - (AcronisOSSReinstallSvc) -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (DS1410D) -- C:\Windows\System32\drivers\ds1410d.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (Hauppauge Computer Works, Inc.) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (CrystalSysInfo) -- D:\Programme\MediaCoder\SysInfo.sys () DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (RDID1021) -- C:\Windows\System32\drivers\Rdwm1021.sys (Roland Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 4D EB 27 A1 7E CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: firebug@tools.sitepoint.com:1.5.2 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:3.20100306 FF - prefs.js..network.proxy.backup.ftp: "213.164.26.4" FF - prefs.js..network.proxy.backup.ftp_port: 2301 FF - prefs.js..network.proxy.backup.gopher: "213.164.26.4" FF - prefs.js..network.proxy.backup.gopher_port: 2301 FF - prefs.js..network.proxy.backup.socks: "213.164.26.4" FF - prefs.js..network.proxy.backup.socks_port: 2301 FF - prefs.js..network.proxy.backup.ssl: "213.164.26.4" FF - prefs.js..network.proxy.backup.ssl_port: 2301 FF - prefs.js..network.proxy.ftp: "81.189.215.181" FF - prefs.js..network.proxy.ftp_port: 2301 FF - prefs.js..network.proxy.gopher: "81.189.215.181" FF - prefs.js..network.proxy.gopher_port: 2301 FF - prefs.js..network.proxy.http: "81.189.215.181" FF - prefs.js..network.proxy.http_port: 2301 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "81.189.215.181" FF - prefs.js..network.proxy.socks_port: 2301 FF - prefs.js..network.proxy.ssl: "81.189.215.181" FF - prefs.js..network.proxy.ssl_port: 2301 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.09.22 11:52:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.10.28 20:53:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.11.16 19:13:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.09.22 11:52:15 | 000,000,000 | ---D | M] [2010.01.18 15:14:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.01.18 15:14:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions\MediaCoder [2010.11.26 12:32:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions [2010.04.27 16:48:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.02.18 10:50:01 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb} [2010.05.11 13:53:35 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.03.12 16:07:21 | 000,000,000 | ---D | M] (iPox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66} [2010.11.03 14:14:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.11 13:53:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\firebug@software.joehewitt.com [2010.05.11 13:53:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\firebug@tools.sitepoint.com [2009.11.11 11:01:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\firefox@tvunetworks.com [2009.08.06 19:02:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\moveplayer@movenetworks.com [2010.09.12 20:46:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\personas@christopher.beard [2009.05.17 21:50:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\tcastv1@tom.com [2009.11.04 18:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\vd@bbmao.com [2010.08.17 20:51:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\vshare@toolbar [2010.03.12 16:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions [2010.03.12 16:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vestyvnd.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS O1 HOSTS File: ([2010.06.22 14:08:12 | 000,001,436 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 hh-software.com O1 - Hosts: 127.0.0.1 H+H Software GmbH O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 ar.atwola.com O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 1 more lines... O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - D:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) O4 - HKLM..\Run: [ACWlIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = D:\Programme\ObjectDock\ObjectDock.exe (Stardock) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - D:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{613d21a1-02a6-11de-ba8b-001fe2e23266}\Shell - "" = AutoRun O33 - MountPoints2\{613d21a1-02a6-11de-ba8b-001fe2e23266}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found O33 - MountPoints2\{613d21a2-02a6-11de-ba8b-001fe2e23266}\Shell - "" = AutoRun O33 - MountPoints2\{613d21a2-02a6-11de-ba8b-001fe2e23266}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found O33 - MountPoints2\{8f88a3f8-0407-11de-8111-001fe2e23266}\Shell - "" = AutoRun O33 - MountPoints2\{8f88a3f8-0407-11de-8111-001fe2e23266}\Shell\AutoRun\command - "" = I:\StartVMCLite.exe -- File not found O33 - MountPoints2\{8f88a3fa-0407-11de-8111-001fe2e23266}\Shell - "" = AutoRun O33 - MountPoints2\{8f88a3fa-0407-11de-8111-001fe2e23266}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found O33 - MountPoints2\{a8b84a23-1348-11de-a8fb-adcbd387fd4c}\Shell - "" = AutoRun O33 - MountPoints2\{a8b84a23-1348-11de-a8fb-adcbd387fd4c}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found O33 - MountPoints2\{a8b84a24-1348-11de-a8fb-adcbd387fd4c}\Shell - "" = AutoRun O33 - MountPoints2\{a8b84a24-1348-11de-a8fb-adcbd387fd4c}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found O33 - MountPoints2\{ca50e583-de9f-11dd-9b52-001fe2e23266}\Shell - "" = AutoRun O33 - MountPoints2\{ca50e583-de9f-11dd-9b52-001fe2e23266}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.28 15:05:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.11.28 14:41:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.11.28 14:41:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.28 14:41:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.28 14:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.28 14:39:37 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.exe [2010.11.27 00:52:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Utyhte [2010.11.27 00:52:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Gigeed [2010.11.27 00:52:49 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server [2010.11.25 21:40:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\James Blunt - Some Kind Of Trouble [2010.11.23 16:10:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\eishockey [2010.11.16 19:13:54 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll [2010.11.10 17:05:15 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2010.11.10 17:05:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2010.11.10 17:05:14 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2010.11.10 17:05:14 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2010.11.10 17:05:14 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2010.11.10 17:05:14 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2010.11.10 17:05:14 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2010.11.10 17:05:14 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2010.11.10 17:05:14 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2010.11.10 17:05:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2010.11.10 17:05:14 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2010.11.10 17:05:13 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2010.11.10 10:46:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\handy save [2010.11.05 12:06:35 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.11.03 14:25:18 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\pelz [2009.05.06 16:29:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.28 16:59:48 | 000,678,092 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.28 16:59:48 | 000,637,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.28 16:59:48 | 000,147,050 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.28 16:59:48 | 000,120,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.28 16:53:30 | 000,196,455 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.11.28 16:53:30 | 000,196,455 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.11.28 16:52:49 | 000,064,280 | ---- | M] () -- C:\Users\Public\Documents\AccConnAdvanced.dat [2010.11.28 16:52:49 | 000,056,600 | ---- | M] () -- C:\Users\Public\Documents\ACGinaWinlogon.dat [2010.11.28 16:52:49 | 000,016,336 | ---- | M] () -- C:\Users\Public\Documents\AcIpConfig.dat [2010.11.28 16:52:12 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile [2010.11.28 16:52:09 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.28 16:52:09 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.28 16:52:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.28 16:50:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.11.28 15:05:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.11.28 14:39:37 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.exe [2010.11.28 14:38:00 | 000,364,032 | ---- | M] () -- C:\Users\***\Desktop\rkill.com [2010.11.26 23:41:49 | 000,330,557 | ---- | M] () -- C:\Users\***\Desktop\desktop.jpg [2010.11.26 22:29:20 | 000,055,081 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt3.jpg [2010.11.26 21:27:27 | 000,036,954 | ---- | M] () -- C:\Users\***\Desktop\jk.jpg [2010.11.26 21:10:00 | 000,650,272 | ---- | M] () -- C:\Users\***\Desktop\zimmer2.jpg [2010.11.26 20:58:29 | 000,679,419 | ---- | M] () -- C:\Users\***\Desktop\wohnzimmer2.jpg [2010.11.26 20:57:38 | 000,743,782 | ---- | M] () -- C:\Users\***\Desktop\wohnzimmer1.jpg [2010.11.26 20:56:32 | 000,719,318 | ---- | M] () -- C:\Users\***\Desktop\zimmer.jpg [2010.11.26 19:09:14 | 000,217,773 | ---- | M] () -- C:\Users\***\Desktop\Bildschirmfoto 2010-11-26 um 19.08.48.png [2010.11.26 19:06:39 | 000,171,875 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt2.png [2010.11.26 15:59:44 | 000,045,398 | ---- | M] () -- C:\Users\***\Desktop\Nebentätigkeit-Lehrmess.pdf [2010.11.26 13:50:00 | 000,150,016 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.25 20:09:29 | 000,894,448 | ---- | M] () -- C:\Users\***\Desktop\rennsteig.jpg [2010.11.25 13:04:56 | 012,850,170 | ---- | M] () -- C:\Users\***\Desktop\pes.2011.gameplay.patch.by.komu-1.07.rar [2010.11.25 12:33:58 | 000,021,639 | ---- | M] () -- C:\Users\***\Desktop\ziehung.png [2010.11.23 18:59:44 | 019,224,630 | ---- | M] () -- C:\Users\***\Desktop\Saxtrack - Reboot Twisted Fist Remix.mp3 [2010.11.22 23:29:19 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.17 13:16:34 | 000,119,541 | ---- | M] () -- C:\Users\***\AppData\Roaming\NMM-MetaData.db [2010.11.16 14:45:46 | 000,174,527 | ---- | M] () -- C:\Users\***\Desktop\Foto0101.jpg [2010.11.15 19:31:55 | 000,035,891 | ---- | M] () -- C:\Users\***\Desktop\homer.jpg [2010.11.14 13:22:48 | 000,031,300 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt.png [2010.11.14 13:20:36 | 000,140,776 | ---- | M] () -- C:\Users\***\Desktop\RyanairBoardingPass.pdf [2010.11.13 14:04:36 | 000,008,958 | ---- | M] () -- C:\Users\***\Desktop\whatevery.gif [2010.11.12 20:00:32 | 000,097,197 | ---- | M] () -- C:\Users\***\Desktop\Foto0111.jpg [2010.11.10 22:23:25 | 000,077,206 | ---- | M] () -- C:\Users\***\Desktop\Foto0103klein.jpg [2010.11.09 19:14:40 | 000,077,230 | ---- | M] () -- C:\Users\***\Desktop\Foto0103.jpg [2010.11.08 12:08:42 | 000,214,291 | ---- | M] () -- C:\Users\***\Desktop\Petersberg Konzeption.pdf [2010.11.04 23:28:41 | 000,069,236 | ---- | M] () -- C:\Users\***\Desktop\buchung norwegen.pdf [2010.11.03 10:52:42 | 000,062,422 | ---- | M] () -- C:\Users\***\Desktop\aufstellung.png [2010.11.02 12:41:41 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.02 12:35:33 | 003,938,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.11.01 15:00:00 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.28 14:37:55 | 000,364,032 | ---- | C] () -- C:\Users\***\Desktop\rkill.com [2010.11.28 14:19:26 | 000,056,600 | ---- | C] () -- C:\Users\Public\Documents\ACGinaWinlogon.dat [2010.11.28 14:19:25 | 000,064,280 | ---- | C] () -- C:\Users\Public\Documents\AccConnAdvanced.dat [2010.11.26 23:41:46 | 000,330,557 | ---- | C] () -- C:\Users\***\Desktop\desktop.jpg [2010.11.26 22:29:20 | 000,055,081 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt3.jpg [2010.11.26 21:27:27 | 000,036,954 | ---- | C] () -- C:\Users\***\Desktop\jk.jpg [2010.11.26 21:09:58 | 000,650,272 | ---- | C] () -- C:\Users\***\Desktop\zimmer2.jpg [2010.11.26 20:58:27 | 000,679,419 | ---- | C] () -- C:\Users\***\Desktop\wohnzimmer2.jpg [2010.11.26 20:57:37 | 000,743,782 | ---- | C] () -- C:\Users\***\Desktop\wohnzimmer1.jpg [2010.11.26 20:56:30 | 000,719,318 | ---- | C] () -- C:\Users\***\Desktop\zimmer.jpg [2010.11.26 19:09:01 | 000,217,773 | ---- | C] () -- C:\Users\***\Desktop\Bildschirmfoto 2010-11-26 um 19.08.48.png [2010.11.26 19:06:38 | 000,171,875 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt2.png [2010.11.26 15:59:43 | 000,045,398 | ---- | C] () -- C:\Users\***\Desktop\Nebentätigkeit-Lehrmess.pdf [2010.11.25 20:09:27 | 000,894,448 | ---- | C] () -- C:\Users\***\Desktop\rennsteig.jpg [2010.11.25 13:04:37 | 012,850,170 | ---- | C] () -- C:\Users\***\Desktop\pes.2011.gameplay.patch.by.komu-1.07.rar [2010.11.25 12:33:58 | 000,021,639 | ---- | C] () -- C:\Users\***\Desktop\ziehung.png [2010.11.23 18:58:26 | 019,224,630 | ---- | C] () -- C:\Users\***\Desktop\Saxtrack - Reboot Twisted Fist Remix.mp3 [2010.11.15 19:31:52 | 000,035,891 | ---- | C] () -- C:\Users\***\Desktop\homer.jpg [2010.11.14 13:22:48 | 000,031,300 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.png [2010.11.14 13:20:35 | 000,140,776 | ---- | C] () -- C:\Users\***\Desktop\RyanairBoardingPass.pdf [2010.11.13 14:02:05 | 000,008,958 | ---- | C] () -- C:\Users\***\Desktop\whatevery.gif [2010.11.12 20:00:00 | 000,097,197 | ---- | C] () -- C:\Users\***\Desktop\Foto0111.jpg [2010.11.10 22:23:20 | 000,077,206 | ---- | C] () -- C:\Users\***\Desktop\Foto0103klein.jpg [2010.11.09 18:54:34 | 000,077,230 | ---- | C] () -- C:\Users\***\Desktop\Foto0103.jpg [2010.11.09 18:54:13 | 000,174,527 | ---- | C] () -- C:\Users\***\Desktop\Foto0101.jpg [2010.11.08 12:08:43 | 000,214,291 | ---- | C] () -- C:\Users\***\Desktop\Petersberg Konzeption.pdf [2010.11.04 23:28:41 | 000,069,236 | ---- | C] () -- C:\Users\***\Desktop\buchung norwegen.pdf [2010.11.03 10:52:42 | 000,062,422 | ---- | C] () -- C:\Users\***\Desktop\aufstellung.png [2010.08.05 22:08:51 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.06.12 21:37:41 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2010.06.06 21:35:06 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\chrtmp [2010.03.09 19:14:05 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2009.12.09 15:30:02 | 000,196,455 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.12.09 15:29:59 | 000,196,455 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.12.09 13:13:42 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.11.02 19:51:07 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\downloads.m3u [2009.06.14 23:36:30 | 000,000,029 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.rss [2009.06.12 17:08:20 | 000,119,541 | ---- | C] () -- C:\Users\***\AppData\Roaming\NMM-MetaData.db [2009.05.26 11:56:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.06 20:12:17 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini [2009.05.06 20:12:14 | 000,000,030 | ---- | C] () -- C:\Windows\System32\UNWISE.INI [2009.05.06 20:11:35 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2009.05.06 20:11:07 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.05.06 20:11:07 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2009.05.06 20:11:06 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2009.05.06 20:10:01 | 000,002,216 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009.05.06 16:29:22 | 000,000,034 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.log [2009.05.06 16:29:09 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe [2009.05.06 16:29:09 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat [2009.05.06 16:29:09 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf [2009.04.29 12:23:10 | 000,007,366 | ---- | C] () -- C:\Users\***\AppData\Roaming\PStrip.bko [2009.04.29 12:02:59 | 000,009,361 | ---- | C] () -- C:\Users\***\AppData\Roaming\PStrip.bk! [2009.04.29 12:02:57 | 000,009,338 | ---- | C] () -- C:\Users\***\AppData\Roaming\PStrip.bak [2009.04.29 12:00:57 | 000,009,361 | ---- | C] () -- C:\Users\***\AppData\Roaming\PStrip.ini [2009.04.29 11:56:02 | 000,000,064 | ---- | C] () -- C:\Windows\wininit.ini [2009.04.17 15:01:05 | 000,012,800 | ---- | C] () -- C:\Windows\System32\RdCi1021.dll [2009.04.02 22:16:01 | 000,000,095 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2009.03.19 18:44:03 | 000,001,044 | ---- | C] () -- C:\Users\***\AppData\Roaming\vso_ts_preview.xml [2009.03.05 16:53:54 | 001,456,640 | ---- | C] () -- C:\Programme\Common Files\Falk Navi-Manager.msi [2009.02.23 14:57:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.02.23 14:57:16 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.02.18 13:30:29 | 000,150,016 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.09 14:47:32 | 000,000,818 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008.11.30 16:46:49 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.11.26 20:24:03 | 000,000,395 | ---- | C] () -- C:\Windows\BeatBox.INI [2008.11.26 19:06:06 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2008.11.26 19:04:59 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2008.11.26 19:04:25 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.11.26 19:02:38 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.11.07 18:40:25 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.11.07 18:39:55 | 000,000,301 | ---- | C] () -- C:\Windows\game.ini [2008.11.04 12:55:55 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll [2008.11.04 12:55:55 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll [2008.10.21 12:15:27 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.10.20 17:28:40 | 000,033,117 | ---- | C] () -- C:\Windows\Irremote.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.06.12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.04.12 07:41:20 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.04.12 07:30:20 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.01.18 08:33:29 | 000,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll [2007.10.26 13:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2007.03.29 22:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.05.06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2002.10.06 19:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2002.10.05 00:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll [2002.10.05 00:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2002.10.05 00:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6CC69D3C < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.11.2010 17:05:14 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,00 Gb Total Space | 0,87 Gb Free Space | 2,55% Space Free | Partition Type: NTFS
Drive D: | 198,88 Gb Total Space | 9,30 Gb Free Space | 4,67% Space Free | Partition Type: NTFS
Computer Name: DIAGNOSE | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "D:\Programme\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2291405412-476702637-1940178958-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2291405412-476702637-1940178958-1004]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1323DEB6-573B-4437-AB96-63245BAF7CAF}" = lport=445 | protocol=6 | dir=in | app=system |
"{1DC1D2F9-D3E1-4C7C-AE2C-E9EE429C14C4}" = lport=139 | protocol=6 | dir=in | app=system |
"{515E0F9E-986B-47B5-87D1-0655F85919ED}" = lport=137 | protocol=17 | dir=in | app=system |
"{595D04EE-F8C3-4D63-B9C8-3CEADFEC55D5}" = lport=6004 | protocol=17 | dir=in | app=d:\programme\microsoft office\office12\outlook.exe |
"{6CE22A5C-AA53-4E75-8B72-ED0EC217B357}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{780269C3-B657-445F-9263-DBC346A2D756}" = lport=138 | protocol=17 | dir=in | app=system |
"{78EFFE20-B024-46BC-91E9-DE6F3BBC6EE9}" = rport=138 | protocol=17 | dir=out | app=system |
"{8A26755D-D5DD-4952-981D-22566D356565}" = rport=139 | protocol=6 | dir=out | app=system |
"{A45F1B3D-4A9D-4A11-B0F2-2B6747CF6D34}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AD28C03C-0CE3-476F-BFC1-4BBD1F5BF1FE}" = rport=137 | protocol=17 | dir=out | app=system |
"{E4A20AFA-6BC9-4CE1-A1B5-F5818B7C02AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EA6E5729-FFE3-45EC-B4A7-66AF6D41A411}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EF593B-F546-4CF7-B744-AFBEF9EB20EA}" = protocol=6 | dir=in | app=d:\programme\1&1\fritzdsl.exe |
"{040578B0-838C-4D72-B0F1-51F98D603092}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04C11F42-5E3F-4E2C-81FE-8AE749E3D5A2}" = protocol=6 | dir=in | app=d:\programme\icq7.2\aolload.exe |
"{067BD6FF-8BA3-4794-B860-6537F5D6BB67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{072DB738-063F-40D6-9C83-B2D24F2BC13A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{07508E3E-1BA9-47C3-9CE3-F57B9CA5EF63}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0952E550-704B-4CF0-BAB4-DCA5DB1FF82E}" = protocol=17 | dir=in | app=d:\programme\icq7.2\aolload.exe |
"{09A57F1F-3D27-489E-9609-B0B5A7E8A6FF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AD10065-6703-4262-BDF2-7A65B0AA9FF5}" = protocol=6 | dir=in | app=d:\programme\1&1\fritzbox starter\igdctrl.exe |
"{0B15BF63-C844-4266-87C5-E7EE11163014}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C1AA340-7A7A-449D-9401-2BE205D12FF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C8CDD4D-245C-46CF-A1F9-BD9BA9B1D54A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{116C7768-33CF-4D65-AE99-4EDFC7732010}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{127481C8-68EC-4991-B283-6298ADD5BAB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{138E7963-DDA2-42DF-AAE4-9E2590BDC1A0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{14504357-0997-42BE-BE50-27EB641CCE52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{148626E4-F82B-4FF6-BC4D-0FBA2BCD24A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14F41B4F-AD50-42B4-9400-D2771EC15A9D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{173F1DD1-00C5-44F2-8F1A-9809962C1C3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17BCAA10-5C70-4969-99EA-03788F3F3107}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1997FABB-0685-41FC-A095-A58BC8FFF5BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19AFE54D-AA7F-42B2-A5F6-D480A9065D1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A88DCDB-0F39-4A56-911A-E4B1F7873C5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1B63F822-424D-4D87-A9A0-19E066D19490}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C04AD43-A17C-451A-8BE5-39C38EFC7621}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C539FAE-214C-4EB0-9CEB-0006B0C12C17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D303B8A-6FD0-40FE-968A-091ABE541E15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1F5D2EF5-DACB-43DC-BC97-371D274CA7AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1FC4A735-0EFC-47A7-8911-71E26A6546ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2002AC83-A20B-4750-BD9D-B626337DBA1F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{20439282-4E0F-42D4-B598-5A682ED89CB2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{205E5D24-F3F0-4339-BB6F-6743F691BBE4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{20C06C62-D287-4338-93FE-4751165C4E45}" = protocol=17 | dir=in | app=d:\spiele\counter-strike source\cstrike.exe |
"{23E481D6-D7F2-4D9C-8408-16724841F43A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24FD9279-1CB5-41E0-8980-A940BC40067D}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{2877089F-C537-4621-8E75-4AD5236302E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28D85EA7-3E77-4849-8005-31399F3BCDC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28EAE796-0F40-48BA-9795-4B3515533162}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2973899F-EF06-43E4-A365-433C8FA15E33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B19CF1B-7A0C-48C5-8CDE-8915382F62C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B2A4065-7395-4242-85AC-0FAB7E5322EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2BCF0331-0F59-4F15-91BC-3AB6EBE2414E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2BF874CB-81DD-421F-9083-D9D4F88D3D9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{316303BD-39D6-49C3-A575-1F4CF14E8263}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32C1C581-BA86-462F-9EE0-029CBFB56019}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{349EA6D7-AB2C-4BCD-967D-A0137427AD76}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{364A88A4-F9F2-414A-927C-F34B317F08D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3756E044-8DCB-4F54-9AA9-197E7972DD20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C09D00C-9414-4459-852D-9AE996C2E778}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F38915E-9A94-40D5-B150-AF57E629FDA6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F903C0D-67DF-486A-807D-6CFC06EFACCF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F9D1AA1-0BAC-4C84-B740-DD407BFE60A2}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{3FC00382-424C-4BF0-9BDF-83FAD8237E04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FE937E2-30A3-4243-B9BB-51CB9C0A1544}" = protocol=17 | dir=in | app=d:\programme\utorrent\utorrent.exe |
"{4114E90A-1339-4A18-A875-8CD7741A6985}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{419FF65D-8E34-4007-9A05-E87F3D27A972}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{41FB183F-C105-4930-AB99-F29D94CCF25F}" = protocol=6 | dir=in | app=d:\programme\icq7.2\aolload.exe |
"{42CDD3AB-0B64-4AC4-9354-B520580F35EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49308F5B-06A6-43CD-A1F1-8902683FCB47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{496739B0-6A1F-4836-AFAE-D9A8F5CA8599}" = protocol=17 | dir=in | app=d:\programme\icq7.2\aolload.exe |
"{49AC418E-613B-4267-9ABA-3B858B088DC4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A13A920-3C29-42E0-92EB-9FAFAA104E25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A75094D-AEB4-433C-92A3-2C12D4717F9E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4B2101DB-0CFA-4B9A-9CC4-ECC219074F47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BEA3685-EFC8-43C4-855B-3CC5285F0D7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E19DF31-A717-4AD6-A638-4EC74BB5B820}" = protocol=6 | dir=in | app=d:\programme\bittorrent\bittorrent.exe |
"{4EF09980-A8F8-43C2-A382-152B85E29AF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{509EFA52-4654-47FE-9DD9-62C7ED870BE0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{510C101E-7960-473E-90FD-CC114CFD110F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{522A55FF-068C-43E8-B59C-A1644CA9049B}" = protocol=6 | dir=in | app=d:\programme\1&1\fritzbox starter\webwaigd.exe |
"{55281773-2CEE-4537-93B0-6F2FD0244031}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55C769AA-6BEA-401A-A349-15D103B793AF}" = protocol=6 | dir=in | app=c:\programme\bittorrent\bittorrent.exe |
"{55DBE77F-2236-4553-A36D-493F3E11610C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57FAB1CD-3B52-4586-88AA-C3A307956C40}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{58971BBD-DCDB-41F4-854D-CD65FABE17BF}" = protocol=6 | dir=in | app=d:\programme\icq7.2\aolload.exe |
"{58FA7FA1-5AA8-41FE-BF59-FA4ACBC79840}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59448382-C223-4B85-8331-08822AA70301}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{594C5D3D-8195-4657-9FAD-1F3DA396701E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A39C1B9-B894-421B-9C4B-2AE3C030762D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B5D248B-B84D-4C3E-B068-4D76AB383219}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5C559215-922E-4C28-BC88-F98ADF1A050C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CBAAF4A-B576-4D68-AC5C-65286547ADD4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CFFE957-FDA7-4473-9343-FAB05BEBAC31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D19DFD4-9F5E-49FE-AB4D-06066A981E36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F7C0DF3-70B5-4EC2-A20B-E6B5150A9A26}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{605704FD-0149-4A3E-855B-8A4D6F20A448}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{607A37AB-E286-4EC7-8F1C-538D98B170D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{638F5E09-B2FC-4ED2-8828-75ABAF8B4116}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{664763FB-DDA3-4108-9514-29B979813E7B}" = protocol=17 | dir=in | app=d:\programme\1&1\fritzdsl.exe |
"{68C715DF-4EF0-4DD1-B7DB-E5215678C8BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A58D998-3B94-482E-B29F-DFD3FD2D1C6C}" = protocol=6 | dir=in | app=d:\programme\1&1\fritzbox starter\fboxupd.exe |
"{6B324A70-7BF9-4E5E-AE4D-93D404C9585A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6ECF4F52-81F3-423B-A1A9-4E0F0CCC6570}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FF67B02-A77D-4F00-938A-82334C9AD3EA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7185E990-3A0A-4423-B080-008D54FA25C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72629EEA-961C-4E84-B3E1-309E355DB0A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74659F07-2ED9-4EEE-84C4-AF50D73CB1AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76A0359E-C7C1-4B9D-BB6F-CC46EACAAD3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76BD4628-8FD7-48F6-A340-F675C47B9E0D}" = protocol=6 | dir=in | app=d:\programme\filezilla\filezilla.exe |
"{7713E16D-F990-42D9-B03E-BD04EAD48E01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77A3C293-4B4A-4F41-9054-6D4F21DC363A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78DFF025-0C3D-478D-B2AA-58FFF1E5234D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78F276DF-B868-40DB-B948-61E3F87EACAA}" = protocol=17 | dir=in | app=d:\programme\autodesk\backburner\manager.exe |
"{7952FCA1-9244-4DDE-A91F-25922E0D9BC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7CA348FF-EB49-475F-9F40-6111D6238F33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D2A0A77-478B-4F0C-B7E0-5946DC4C6814}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D9D6F91-4576-493D-A715-FF71FC739DA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7E23EAD3-6DC4-482E-8643-E4E66FE02E4E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{825DD84F-606C-4A7D-B746-EE2CB88AA031}" = protocol=6 | dir=in | app=d:\programme\1&1\stcenter.exe |
"{855EB251-72A8-46EE-950D-8F5FC6E832A5}" = protocol=17 | dir=in | app=d:\programme\1&1\fritzbox starter\fboxupd.exe |
"{864C3650-DDB2-4EB7-BE92-737EAC2B4B38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8959F137-4AF1-4503-A454-9ACCB07E11A6}" = protocol=17 | dir=in | app=d:\programme\1&1\fritzbox starter\webwaigd.exe |
"{89753263-0157-49CD-B9BC-6AEE806AB451}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89D976FD-B34F-456F-A3E9-E89CF1A7A0F1}" = protocol=6 | dir=in | app=d:\programme\utorrent\utorrent.exe |
"{8B9923D0-C8F5-48B5-948F-5A3265CC2250}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8C3B1F01-4DE9-4FBD-9740-E52C4919C83F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FBBA0DB-9F46-4AF7-A738-67A0226F1997}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90A689EB-8DF8-4F22-9DCB-F45198CA9812}" = protocol=17 | dir=in | app=d:\programme\bittorrent\bittorrent.exe |
"{93C4D56E-2987-44FC-A8E8-EA14E29B511B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98A90B37-4D54-42B0-A6B2-A0D3E2740791}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99D34560-B0AA-4CE9-B38D-E1DFC46D48CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B92D41C-1BF4-485F-8125-09DC5E957B3E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9C21C7DC-1C54-47ED-848B-DC2E748409BE}" = protocol=17 | dir=in | app=d:\programme\filezilla\filezilla.exe |
"{9C438960-62AD-49EC-818E-5C5FCD64B5FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CEC1B7F-4383-4B0D-ACDA-CE94FF9FC46A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D4407DD-A700-43B5-813B-D8D2ACABF541}" = protocol=17 | dir=in | app=c:\programme\bittorrent\bittorrent.exe |
"{9E50F697-026F-453E-B4C2-4F7026A8664A}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{9E528AD2-9156-4489-81AE-AAD84E808410}" = protocol=6 | dir=in | app=d:\programme\autodesk\backburner\manager.exe |
"{9EB598E0-B65B-4759-A591-B52074421A1D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0540A9B-8B45-42C8-89C7-53860CB2878F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A456F757-2CFE-446E-9A77-1F61DF4CC65B}" = protocol=17 | dir=in | app=d:\programme\1&1\fritzbox starter\igdctrl.exe |
"{A465EA1C-0989-4A19-BC66-EEC681A02477}" = protocol=6 | dir=in | app=d:\spiele\counter-strike source\srcds.exe |
"{A6D8E346-BE49-49A5-9743-CC63EBD5EF46}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A6FB1FE6-4DAC-4BB2-87BF-C3CAC5C38205}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A710254A-FA53-42CD-B4D8-01AC7E283093}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A734E395-1996-4363-9F29-AD58E0C10F24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA872664-A634-4689-9B22-6408F45EB446}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AAC376E4-8537-4957-AFF5-3A575765B337}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB1BF075-2C9D-491F-A60C-4285C431212C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB4DC42C-F9F1-449B-BAFA-4FB586F1A8D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AED6CED3-36FD-48DB-8163-615B36C9DEB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B07962ED-FADA-4B09-AE07-70A0064E4858}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{B1F9981E-25AB-4B69-9DCC-9ABD9C2ADC2D}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\zero gear\zerogear.bat |
"{B229A339-DAE2-4169-A62E-CDE69A706817}" = protocol=17 | dir=in | app=d:\programme\icq7.2\icq.exe |
"{B3375DA3-B7FA-4FB7-B173-A320453BBA69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B687D59F-B432-4C15-B83A-C4C7FA2F6819}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8B29AE3-5C60-44CE-A71C-F71874485919}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B947CC28-579E-4A7A-80E6-AC0E588AB4A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC043D1D-8693-4159-B27D-DDD68B1C9A17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC0C45B3-ED55-4ED3-A291-0831ABAC4093}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD0719E5-B16C-4797-BE9A-7987161CB1E5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{BD198D19-DB78-4647-827E-4C4BCD59A5CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD228B77-FFC4-4890-8C33-4FDBD44B040A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD74EEB2-38E4-4A2A-A520-07961093DC7A}" = protocol=6 | dir=in | app=d:\programme\icq7.2\icq.exe |
"{BD98BF3B-2E52-4537-A3F1-F010EAE60F9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BECA72B0-EEDE-4DFB-BB9D-688ECA2AC3C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C0639085-C41A-45DF-B1FB-97ACEEE790FC}" = protocol=17 | dir=in | app=d:\spiele\counter-strike source\hl2.exe |
"{C224A213-B1AB-4333-9617-12321A413241}" = protocol=17 | dir=in | app=d:\programme\icq7.2\aolload.exe |
"{C2A991BA-2F4A-426F-A2B7-AEDB1B15C06D}" = protocol=17 | dir=in | app=d:\programme\icq7.2\icq.exe |
"{C2D60313-C5DD-4F17-8966-94432CDC89FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C30C77ED-B5C0-4BF2-84A8-B1ED65612A2A}" = protocol=17 | dir=in | app=d:\programme\microsoft office\office12\onenote.exe |
"{C3581C22-5479-43ED-9FEB-2CDEF03478D4}" = protocol=17 | dir=in | app=d:\programme\icq7.2\icq.exe |
"{C35D5A80-E88A-4F23-8CE0-A9D79A5CD5FD}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\zero gear\zerogear.bat |
"{C6731956-3381-477B-B1AF-4BCF0D9D593C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C732E0E8-12C5-4A39-9240-95D8373621ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CAB4C3CB-9DE6-4AE1-97EE-BCE6372586C4}" = protocol=6 | dir=in | app=d:\programme\microsoft office\office12\onenote.exe |
"{CB3CD3A6-3F6D-40EB-9954-6893AFFD0499}" = protocol=17 | dir=in | app=d:\programme\1&1\stcenter.exe |
"{CBB4FF86-0DAE-4D1C-8F7C-F5C6D19FE4ED}" = protocol=6 | dir=in | app=d:\spiele\counter-strike source\cstrike.exe |
"{CE44D0A6-7786-4303-BEAF-766D588D53E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE8A53E3-AF52-4982-A562-E8478613FD87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CEA9FB2D-4EFC-4F03-B8E3-C48C6D61DF8F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF3E49A4-60CB-4758-A9A4-C872B7DD40F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1DDB741-EFFC-4086-83A5-9222786F1A3C}" = protocol=17 | dir=in | app=d:\programme\autodesk\backburner\server.exe |
"{D55EC51A-6602-4B29-A5FB-A7713F1BAF73}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D61C4585-FED8-4A67-8083-90E333A05D16}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D89F279D-50EB-4738-83C8-9440BE04353C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DAB4F599-317E-4407-9EB2-25A3C50D38C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DABA43D0-5B34-4A24-BD16-28F87FF8EFCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDA12EC4-7D4A-40F0-A28B-1F4B7980E631}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDEDA70D-8E1A-43E2-808A-0D27833EAC5C}" = protocol=6 | dir=in | app=d:\programme\autodesk\backburner\monitor.exe |
"{DE47C599-AB11-4D92-9216-03F122634DF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DEB1D165-59D7-4F03-9742-25CA14EBBE7D}" = protocol=6 | dir=in | app=d:\programme\icq7.2\icq.exe |
"{DEB6EF50-8713-401D-AAC1-728DE22124EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DEEE278A-2CFC-4724-9F2C-EEA1A3ADA258}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E095BA93-5788-486F-A276-0C207C63A01C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E18D5FA4-EBAD-4ADC-A7EB-E1134CB065EC}" = protocol=17 | dir=in | app=d:\spiele\counter-strike source\srcds.exe |
"{E33EF6B2-4AF4-4C0F-8BDA-05A3180AA342}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3F87EAD-E77E-4BFC-A3A0-6A1C2BB1DC54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E418F4B8-CCDD-47C5-A154-0D87DAFD0EF8}" = protocol=6 | dir=in | app=c:\programme\bittorrent\bittorrent.exe |
"{E58D8153-B209-41A3-A011-0B2658633F29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6DBA6D7-1C6A-4961-AAEB-32834EEC944B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7BDAE8A-E278-4C6E-BA2D-2467981093AE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8201234-076F-415A-8F8C-B9BD45362AFA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EDE8AB35-A494-4901-8CB4-C1DBC5A2D2D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EEF62E3E-ADCD-4094-9491-F3F012E19895}" = protocol=6 | dir=in | app=d:\programme\icq7.2\icq.exe |
"{F2143FDC-908A-46D4-A67E-FD24D6F2186D}" = protocol=17 | dir=in | app=d:\programme\autodesk\backburner\monitor.exe |
"{F2E43C57-4D79-44CD-B5C7-1E6428E8B156}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F437533F-3CDD-4315-AE14-44DEB68ADD1E}" = protocol=6 | dir=in | app=d:\programme\autodesk\backburner\server.exe |
"{F66F5577-3E91-4050-851F-F6F48839FED4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7C71B22-6DAB-4635-8C59-C43962C5C2A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA3C1E46-E50D-4C4F-B265-9FC4AD4B27BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FAA165F3-9145-4824-B83A-93ED53B46D96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FAF7B3CA-C645-4920-B2AB-720066E5B9E0}" = protocol=17 | dir=in | app=c:\programme\bittorrent\bittorrent.exe |
"{FB03256F-0852-4D22-A2FB-AD6D710E4D7E}" = protocol=6 | dir=in | app=d:\spiele\counter-strike source\hl2.exe |
"{FB4D9482-C36F-4FA0-A095-97176565D120}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FC160D3A-9AF5-4A3D-B1B9-B16316F678E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FFDB3D1A-8074-41D6-87F9-A9787EE31308}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FFE751BD-8475-4BF4-BC3E-C1A4F98E2B78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{062FDBED-1F26-4E4F-BB98-DE1BBA8E992B}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"TCP Query User{09D0BCD4-54F0-4EA8-8556-CC46856E7348}D:\programme\caplio software\rgatelxp.exe" = protocol=6 | dir=in | app=d:\programme\caplio software\rgatelxp.exe |
"TCP Query User{0A1E465C-6710-4066-895A-0C836AA510B5}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{11CD21A2-800E-4256-95E5-3C7960F472FE}D:\programme\icq6\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6\icq.exe |
"TCP Query User{11FEB703-B66F-407B-BF12-7D1BA4CC198E}D:\neu\games\delta force black hawk down\delta force black hawk down\update.exe" = protocol=6 | dir=in | app=d:\neu\games\delta force black hawk down\delta force black hawk down\update.exe |
"TCP Query User{1238918A-0992-417A-AD82-433F2D0CD9E4}D:\programme\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\programme\mozilla firefox\firefox.exe |
"TCP Query User{1342F092-7125-4CD8-934D-58714EFC2FE4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{1B3C3E4D-EA11-47B6-A3F6-8277148F6B24}D:\programme\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=d:\programme\bittorrent\bittorrent.exe |
"TCP Query User{1BB2A92C-0F15-484A-8739-D40F2E6F06B5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{1D7DC569-5E5B-461B-AB30-E4F77462B920}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{1ECA817C-4877-4801-B5D3-F2A6A17885D6}C:\users\***\desktop\eclipse-java-europa-winter-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\eclipse-java-europa-winter-win32\eclipse\eclipse.exe |
"TCP Query User{2491AB7F-2F0E-442F-88C6-4B7D7A7A662E}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{2AD8110B-34F0-41FC-90A4-C0853CC25E66}D:\programme\real player\realplay.exe" = protocol=6 | dir=in | app=d:\programme\real player\realplay.exe |
"TCP Query User{2C8B8978-AB46-4CD4-A43D-97AA905C408A}D:\programme\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\adv\sopadver.exe |
"TCP Query User{3330FF47-6837-487C-BC36-D27526E8C0D1}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{3CD84560-B694-4119-8C7F-2BA43F9994F1}D:\programme\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\programme\trillian\trillian.exe |
"TCP Query User{3EA6CA37-B02B-4C5F-8365-752EBBC3203A}D:\programme\caplio software\rgatelxp.exe" = protocol=6 | dir=in | app=d:\programme\caplio software\rgatelxp.exe |
"TCP Query User{3F2F7F5F-853E-4E7E-BF84-43619B4E0F8B}D:\programme\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\adv\sopadver.exe |
"TCP Query User{40059AC5-94C4-444C-AB0E-B4031DF7C243}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{40BCD606-CAE1-4340-BEC4-7469F7F44DF1}C:\users\***\desktop\sc_serv.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\sc_serv.exe |
"TCP Query User{4DDE9782-06AE-46D7-BF08-4BAED7EC79F9}D:\programme\steam\steamapps\common\zero gear\server\zerogearserver.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\zero gear\server\zerogearserver.exe |
"TCP Query User{55253AE0-B949-4BD7-96DC-E8F8731BF027}D:\programme\icq6\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6\icq.exe |
"TCP Query User{558F757C-847B-4A77-B20A-A0F57AA4EF52}D:\programme\nero 9\nero 9\nero showtime\showtime.exe" = protocol=6 | dir=in | app=d:\programme\nero 9\nero 9\nero showtime\showtime.exe |
"TCP Query User{5B35E8A1-BACB-4EBD-ABCA-8371615E6087}D:\programme\soulseek\slsk.exe" = protocol=6 | dir=in | app=d:\programme\soulseek\slsk.exe |
"TCP Query User{62FE8A37-69D7-4A07-919E-4E8A2D971139}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{656D5200-B9C3-4158-8D6B-9CC33A09F6A7}D:\programme\caplio software\capftpd.exe" = protocol=6 | dir=in | app=d:\programme\caplio software\capftpd.exe |
"TCP Query User{680CCDFA-8153-4FD3-97FD-FB6054EBB869}D:\programme\zattoo\zattood.exe" = protocol=6 | dir=in | app=d:\programme\zattoo\zattood.exe |
"TCP Query User{725BC036-5831-46D9-942F-0905F8312110}D:\programme\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\programme\mozilla firefox\firefox.exe |
"TCP Query User{725E4C15-6377-42FA-A792-721D91FAF9FE}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{81473311-64F0-498D-B85D-E8BF7DF602AB}D:\spiele\sunshine beach volleyball\game.exe" = protocol=6 | dir=in | app=d:\spiele\sunshine beach volleyball\game.exe |
"TCP Query User{818F38B3-C10E-4332-8CC6-39D656BCF640}D:\programme\tvants\tvants.exe" = protocol=6 | dir=in | app=d:\programme\tvants\tvants.exe |
"TCP Query User{927C0811-13C0-4131-A5E3-7B4D8C22E993}D:\programme\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=d:\programme\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{9B5342FC-6D8F-4F8A-9AD2-07EA02C16B50}D:\programme\zattoo\zattoo.exe" = protocol=6 | dir=in | app=d:\programme\zattoo\zattoo.exe |
"TCP Query User{A9BE748C-5544-4B75-AB37-94A547638E1B}D:\programme\autodesk\maya 8.5\bin\maya.exe" = protocol=6 | dir=in | app=d:\programme\autodesk\maya 8.5\bin\maya.exe |
"TCP Query User{AB195F88-D997-4752-857B-7FD7DB832A72}D:\programme\tvants\tvants.exe" = protocol=6 | dir=in | app=d:\programme\tvants\tvants.exe |
"TCP Query User{B61054B7-395A-47CA-9D01-448DC62626E7}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{B67C058E-AC60-4150-BF35-EBC4F8996A6B}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe |
"TCP Query User{BE265231-9994-4C85-BACC-05901DD3B5FD}D:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq6.5\icq.exe |
"TCP Query User{C033086C-3CAB-4D45-A19C-4EE2BA129F96}D:\programme\utorrent\utorrent.exe" = protocol=6 | dir=in | app=d:\programme\utorrent\utorrent.exe |
"TCP Query User{C788A97B-DFF4-4586-998C-6A8BCBCEC983}D:\programme\autodesk\maya 8.5\bin\maya.exe" = protocol=6 | dir=in | app=d:\programme\autodesk\maya 8.5\bin\maya.exe |
"TCP Query User{CC5F6002-C144-42B4-88CA-2C347EB7ACAD}D:\programme\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=6 | dir=in | app=d:\programme\adobe\adobe flash builder 4\flashbuilder.exe |
"TCP Query User{D1631432-050A-498C-9D0B-618EEC3D1B53}D:\programme\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=d:\programme\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{D2106970-AD00-4E85-8AA2-2479FB683940}D:\programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"TCP Query User{E0F17801-A7E7-443F-86E4-6E84AD89A98F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E4E4C2BE-9072-456C-A9BD-428C1F5F82FE}D:\programme\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=6 | dir=in | app=d:\programme\adobe\adobe flash builder 4\flashbuilder.exe |
"TCP Query User{E61848CE-311B-43B3-857A-671463BCF187}D:\programme\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\programme\trillian\trillian.exe |
"TCP Query User{EB0F2D9A-5BF4-4145-A487-47E1C2BD6A3D}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{EFD9BBA9-9F9B-431D-AC21-9B00FE895EE2}D:\programme\zattoo\zattood.exe" = protocol=6 | dir=in | app=d:\programme\zattoo\zattood.exe |
"TCP Query User{F0327EFC-2906-4CBC-A5C0-FE7A50465F39}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{004D92D4-1935-49C2-96E4-360C73FB682E}D:\programme\caplio software\rgatelxp.exe" = protocol=17 | dir=in | app=d:\programme\caplio software\rgatelxp.exe |
"UDP Query User{04BA0D02-A19A-41A2-A930-7B365D9BB699}D:\programme\tvants\tvants.exe" = protocol=17 | dir=in | app=d:\programme\tvants\tvants.exe |
"UDP Query User{0D4EDBDC-4323-46C2-B9C9-8537A4253DA0}D:\programme\real player\realplay.exe" = protocol=17 | dir=in | app=d:\programme\real player\realplay.exe |
"UDP Query User{13CDDBE7-EABE-46FE-ABBC-CE8070A15BBF}D:\programme\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=d:\programme\bittorrent\bittorrent.exe |
"UDP Query User{1CE4518B-B4D5-4736-BF52-F1E43343524B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2803B631-731D-47D0-ACFC-1B0EECA4897A}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe |
"UDP Query User{3054E418-8BD0-4746-B082-390D6E705CBC}C:\users\***\desktop\eclipse-java-europa-winter-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\eclipse-java-europa-winter-win32\eclipse\eclipse.exe |
"UDP Query User{381D7935-361B-4B89-BFDB-368AE473F2F2}D:\programme\autodesk\maya 8.5\bin\maya.exe" = protocol=17 | dir=in | app=d:\programme\autodesk\maya 8.5\bin\maya.exe |
"UDP Query User{3884E2D1-A017-4C02-9E1C-B8FCA5F174F7}D:\programme\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\programme\mozilla firefox\firefox.exe |
"UDP Query User{3FD412D2-449A-45F6-85CE-2A57893F241A}D:\programme\steam\steamapps\common\zero gear\server\zerogearserver.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\zero gear\server\zerogearserver.exe |
"UDP Query User{45169157-A112-4AF1-8D38-1D55E7BE540A}D:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6.5\icq.exe |
"UDP Query User{4CD92BAA-CBF9-44CB-9A6B-332BA98C769F}D:\programme\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=17 | dir=in | app=d:\programme\adobe\adobe flash builder 4\flashbuilder.exe |
"UDP Query User{5C1361B8-D0B9-4C40-B563-5928F3A7BA19}D:\programme\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\programme\trillian\trillian.exe |
"UDP Query User{5E60CF11-060C-45CA-84C2-45FB5668457E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{6467878D-A914-4D19-8D2B-238B4F0BFAA2}D:\programme\autodesk\maya 8.5\bin\maya.exe" = protocol=17 | dir=in | app=d:\programme\autodesk\maya 8.5\bin\maya.exe |
"UDP Query User{66461ADA-EE18-4C12-AF69-2FCC118A8780}D:\programme\zattoo\zattood.exe" = protocol=17 | dir=in | app=d:\programme\zattoo\zattood.exe |
"UDP Query User{6DC1B7D0-C5F2-495C-AA3A-DCB8C878CE99}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{72DC4E15-31CB-410F-9BB8-2DB812EC9E3B}D:\programme\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=17 | dir=in | app=d:\programme\adobe\adobe flash builder 4\flashbuilder.exe |
"UDP Query User{7737C847-2CB3-4C73-8D87-406D48F7FCBB}D:\programme\soulseek\slsk.exe" = protocol=17 | dir=in | app=d:\programme\soulseek\slsk.exe |
"UDP Query User{7B8B625C-091A-4D64-A5CB-982E7A7A62C8}D:\neu\games\delta force black hawk down\delta force black hawk down\update.exe" = protocol=17 | dir=in | app=d:\neu\games\delta force black hawk down\delta force black hawk down\update.exe |
"UDP Query User{7FB47D8E-D117-4CE2-9388-74CEF0A4D7D3}D:\programme\utorrent\utorrent.exe" = protocol=17 | dir=in | app=d:\programme\utorrent\utorrent.exe |
"UDP Query User{8328CB8D-9074-475B-9C1A-E289FD91089F}D:\programme\zattoo\zattoo.exe" = protocol=17 | dir=in | app=d:\programme\zattoo\zattoo.exe |
"UDP Query User{8BF5A1DC-D500-4099-A034-8209CDC1C275}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{8DCA9E78-60AF-4EC8-9BD5-F297F79E7C60}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{90812D39-88AC-43E4-86AF-736EC3B93105}D:\programme\icq6\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6\icq.exe |
"UDP Query User{90F63AA7-DF59-4370-89C2-27BAD5F63744}D:\spiele\sunshine beach volleyball\game.exe" = protocol=17 | dir=in | app=d:\spiele\sunshine beach volleyball\game.exe |
"UDP Query User{91D7BA70-ECAB-4201-ACB5-84871D7C0CAD}D:\programme\caplio software\rgatelxp.exe" = protocol=17 | dir=in | app=d:\programme\caplio software\rgatelxp.exe |
"UDP Query User{91F185A4-E46D-4D1B-8E92-187813F7E4C8}D:\programme\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\adv\sopadver.exe |
"UDP Query User{9660D796-C8A3-4307-8D8D-C604F1BAA9BC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{9B98DD64-79F7-49D7-9291-984A8E895867}D:\programme\tvants\tvants.exe" = protocol=17 | dir=in | app=d:\programme\tvants\tvants.exe |
"UDP Query User{A95911EA-F97F-4A5D-94B3-12984F70B29D}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{AB6D5767-C921-482F-891F-84FE960F2AE4}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{B29F631E-7213-4BF4-8E4F-F260AD115FD7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C7F2EAB9-4565-41AE-ABFE-66FDD4887A09}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{C8D1D6BC-FCFE-4100-93EB-26FCB5E7E334}C:\users\***\desktop\sc_serv.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\sc_serv.exe |
"UDP Query User{CC9E7710-4F28-414D-A04E-F77EAC93A383}D:\programme\zattoo\zattood.exe" = protocol=17 | dir=in | app=d:\programme\zattoo\zattood.exe |
"UDP Query User{D0AC2AB9-BD92-4B67-88B5-734BBA18EBC4}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{D24E4FD2-D66E-45A6-A5AA-9A8293D01065}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D3300E00-685F-45D6-B92F-B46F7484945C}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{DA9E529A-AB2E-4FD8-B005-7C54EF1EB3FF}D:\programme\icq6\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq6\icq.exe |
"UDP Query User{DFB170B4-73DC-430A-8116-3F4E364DC1A9}D:\programme\nero 9\nero 9\nero showtime\showtime.exe" = protocol=17 | dir=in | app=d:\programme\nero 9\nero 9\nero showtime\showtime.exe |
"UDP Query User{E0B4107B-3762-45E4-811D-69887B9F4C1D}D:\programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\sopcast.exe |
"UDP Query User{E0F5AD52-310E-43CB-816C-8A1944D9A7D7}D:\programme\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\programme\mozilla firefox\firefox.exe |
"UDP Query User{EBE24107-F65E-44C0-9AA8-29F17A63C96F}D:\programme\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=d:\programme\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{F1497FF7-2B6C-48E2-94E8-E4F26816C211}D:\programme\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=d:\programme\sopcast\adv\sopadver.exe |
"UDP Query User{F2913BE9-64E0-48FF-91AE-7EC184816E6B}D:\programme\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=d:\programme\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{F2B9C76F-C201-400F-A8CA-D71CA972DB7B}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{FBC8A85E-3624-4542-9260-67A5AD8756B7}D:\programme\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\programme\trillian\trillian.exe |
"UDP Query User{FC8F05CA-E9AB-4274-9DED-743683B166C6}D:\programme\caplio software\capftpd.exe" = protocol=17 | dir=in | app=d:\programme\caplio software\capftpd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3129 Banner Remover 1.0
"{0B56244C-7B61-0407-A739-3E29DDE4DC3C}" = Bluerock Technologies Flight Studio 3ds Max 2009 32-bit
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{177E1CA1-14CC-4398-AB15-A5746EFE8F22}" = Adobe Flash Builder 4
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1EA56FAA-6CA2-4DDB-9FFD-62755076396E}" = Falk Navi-Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B3FD5B-A987-406B-A5B5-CDE3CA1EF4E1}" = Adobe Flash Player 10 ActiveX
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{4F121350-54E4-4348-BA9F-5A7836EF4CCB}" = Falk Navi-Manager
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5AFEABF5-7411-4C29-9FA9-71ABE880662D}" = Nokia PC Suite
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{71414EC2-0684-4A15-A85A-E0E259D117AF}" = Microangelo Toolset 6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{744A5C19-AA4C-0407-BC07-9F4C73C8B247}" = Autodesk 3ds Max 2009 32-Bit Vault 2009 Plug-In
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.3.190
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77C1B8D7-1283-48A4-BD79-79FA37064A13}" = Lenovo Fingerprint Software
"{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}" = Turbo Squid Tentacles 3ds Max 2009 32-bit
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_941" = Adobe Acrobat 9.4.1 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{c4d6eb46-9401-40f3-8f49-d7122a8e8f3d}" = Nero 9
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC9654D2-A845-4439-9C41-8FBDE74646E1}" = Falk Navi-Manager
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DFE506AB-DDEA-4C94-BDE0-C26F4B21C71A}" = Falk Navi-Manager
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EFCBBB01-F876-0407-B91F-7B6132E8BB64}" = Autodesk 3ds Max 2009 32-Bit Vault 2008 Plug-In
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.16 beta
"Absolute Audio Converter_is1" = Absolute Audio Converter 4.1
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Allok Video Joiner_is1" = Allok Video Joiner 4.0.1019
"ASIO4ALL" = ASIO4ALL
"a-squared Free_is1" = a-squared Free 4.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Video Converter 4.3_is1" = AVS Video Converter 4.3.1.371
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CPU-Control_is1" = CPU-Control
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"ID3-TagIT 3_is1" = ID3-TagIT 3
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"IrfanView" = IrfanView (remove only)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.2.4582
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Monopoly Deluxe" = Monopoly Deluxe
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Nakido" = Nakido
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"PDF Splitter and Merger 3.0" = PDF Splitter and Merger 3.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"Rainbow Sentinel Driver" = Sentinel System Driver
"RapidShare Manager" = RapidShare Manager
"RealPlayer 6.0" = RealPlayer
"RolandRDID0021" = EDIROL UA-20 Driver
"SADK" = Die Siedler - Aufbruch der Kulturen
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.0 (remove only)
"SopCast" = SopCast 3.0.3
"Soulseek2" = SoulSeek 157 NS 13c
"StreamTorrent 1.0" = StreamTorrent 1.0
"SystemRequirementsLab" = System Requirements Lab
"Systweak CacheBoost_is1" = Systweak CacheBoost
"TOPSIM - Marketing Participant" = TOPSIM - Marketing Participant
"Trillian" = Trillian
"Tunatic" = Tunatic
"TVAnts 1.0" = TVAnts 1.0
"TweakNow RegCleaner Professional_is1" = TweakNow RegCleaner Professional
"Ultra Video Splitter_is1" = Ultra Video Splitter 5.2.1126
"UltraISO_is1" = UltraISO Premium V9.35
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VexcastPlayer2.0" = VexcastPlayer2.0
"VLC media player" = VLC media player 1.1.4
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Vuze" = Vuze
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WinX HD Video Converter_is1" = WinX Video Converter 4.0
"Xilisoft HD Video Converter" = Xilisoft HD Video Converter
"Xilisoft Video Converter Standard" = Xilisoft Video Converter Standard
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0699682b1bbef526" = ContainerEx Decrypter
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"tc09-DE_SEVENONE_MAIN" = Big Pizza Mountainbike Challenge 09 (SevenOne)
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.03.2010 23:45:35 | Computer Name = diagnose | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.03.2010 23:45:35 | Computer Name = diagnose | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.03.2010 07:00:42 | Computer Name = diagnose | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.03.2010 07:00:42 | Computer Name = diagnose | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.03.2010 07:28:54 | Computer Name = diagnose | Source = System Restore | ID = 8193
Description =
Error - 12.03.2010 20:34:56 | Computer Name = diagnose | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.03.2010 20:34:56 | Computer Name = diagnose | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.03.2010 12:59:14 | Computer Name = diagnose | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.03.2010 12:59:14 | Computer Name = diagnose | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.03.2010 17:09:22 | Computer Name = diagnose | Source = System Restore | ID = 8193
Description =
[ OSession Events ]
Error - 20.07.2009 02:51:52 | Computer Name = diagnose | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6772
seconds with 360 seconds of active time. This session ended with a crash.
Error - 12.10.2009 09:43:48 | Computer Name = diagnose | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5107
seconds with 1980 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 28.11.2010 09:20:06 | Computer Name = diagnose | Source = bowser | ID = 8003
Description =
Error - 28.11.2010 09:20:21 | Computer Name = diagnose | Source = DCOM | ID = 10010
Description =
Error - 28.11.2010 09:21:04 | Computer Name = diagnose | Source = Service Control Manager | ID = 7009
Description =
Error - 28.11.2010 09:33:01 | Computer Name = diagnose | Source = Service Control Manager | ID = 7000
Description =
Error - 28.11.2010 09:33:01 | Computer Name = diagnose | Source = Service Control Manager | ID = 7000
Description =
Error - 28.11.2010 10:36:45 | Computer Name = diagnose | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.
Error - 28.11.2010 10:36:45 | Computer Name = diagnose | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.
Error - 28.11.2010 10:38:37 | Computer Name = diagnose | Source = Service Control Manager | ID = 7031
Description =
Error - 28.11.2010 11:52:40 | Computer Name = diagnose | Source = Service Control Manager | ID = 7000
Description =
Error - 28.11.2010 11:52:40 | Computer Name = diagnose | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Daher hier noch das OTL-Logfile mit den Benutzerdefinierten Scans / Fixes: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Dlewasiwitaf not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yvacudegem not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb1e-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb1e-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb1e-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb1e-bff0-11df-8fda-ead1da458fdb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb34-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb34-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb34-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb34-bff0-11df-8fda-ead1da458fdb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb42-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb42-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb42-bff0-11df-8fda-ead1da458fdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb42-bff0-11df-8fda-ead1da458fdb}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb9d-bff0-11df-8fda-916dece71713}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb9d-bff0-11df-8fda-916dece71713}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfb9d-bff0-11df-8fda-916dece71713}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfb9d-bff0-11df-8fda-916dece71713}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfbb1-bff0-11df-8fda-916dece71713}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfbb1-bff0-11df-8fda-916dece71713}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddabfbb1-bff0-11df-8fda-916dece71713}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddabfbb1-bff0-11df-8fda-916dece71713}\ not found.
File F:\AutoRun.exe not found.
Folder C:\Users\Fritz\AppData\Local\{70EE213A-F41A-4BA8-9682-2FFDFCC15149}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 189300901 bytes
->Temporary Internet Files folder emptied: 249428390 bytes
->Java cache emptied: 33836976 bytes
->FireFox cache emptied: 96995881 bytes
->Flash cache emptied: 728894 bytes
User: Privat
User: Public
User: TEMP(1)
->Temp folder emptied: 32575 bytes
->FireFox cache emptied: 9541280 bytes
->Flash cache emptied: 564 bytes
User: TEMP(64)
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 643441524 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 185853 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 320 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.167,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11282010_171949
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
28.11.2010, 17:40
| #2 |
| | SecurityTool entfernt, aber Unsicherheit, ob es wirklich weg ist ...Fortsetzung...
__________________Und da auch etwas vom MBR-Tool darin stand, auch dieses Logfile direkt hier: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 0769AH8
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 167):
0x82C05000 \SystemRoot\system32\ntoskrnl.exe
0x82FB0000 \SystemRoot\system32\hal.dll
0x8AC05000 \SystemRoot\system32\kdcom.dll
0x8AC0C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8AC7C000 \SystemRoot\system32\PSHED.dll
0x8AC8D000 \SystemRoot\system32\BOOTVID.dll
0x8AC95000 \SystemRoot\system32\CLFS.SYS
0x8ACD6000 \SystemRoot\system32\CI.dll
0x8ADB6000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AE27000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AE35000 \SystemRoot\System32\Drivers\sprp.sys
0x8AF35000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8AF3E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8AF64000 \SystemRoot\system32\drivers\acpi.sys
0x8AFAA000 \SystemRoot\system32\drivers\msisadrv.sys
0x8AFB2000 \SystemRoot\system32\drivers\pci.sys
0x8AFD9000 \SystemRoot\System32\drivers\partmgr.sys
0x8AFE8000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AFEB000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B007000 \SystemRoot\system32\drivers\volmgr.sys
0x8B016000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B060000 \SystemRoot\system32\drivers\intelide.sys
0x8B067000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8B075000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B085000 \SystemRoot\system32\drivers\atapi.sys
0x8B08D000 \SystemRoot\system32\drivers\ataport.SYS
0x8B0AB000 \SystemRoot\system32\drivers\msahci.sys
0x8B0B5000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B0E7000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B0F7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B168000 \SystemRoot\system32\drivers\ndis.sys
0x8B273000 \SystemRoot\system32\drivers\msrpc.sys
0x8B29E000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B2D9000 \SystemRoot\System32\drivers\tcpip.sys
0x8B3C3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B40D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B51D000 \SystemRoot\system32\drivers\volsnap.sys
0x8B556000 \SystemRoot\System32\Drivers\spldr.sys
0x8B55E000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8B579000 \SystemRoot\System32\Drivers\mup.sys
0x8B588000 \SystemRoot\System32\drivers\ecache.sys
0x8B5AF000 \SystemRoot\system32\drivers\disk.sys
0x8B5C0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B5E1000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B60C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B617000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B620000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B62F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F403000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8FB35000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FBD6000 \SystemRoot\System32\drivers\watchdog.sys
0x8FBE2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B638000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FBED000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B676000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FC0B000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x9001E000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x9004D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x9005D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x9006B000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90085000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x90094000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x900A8000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x900F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x900FD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90110000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9011B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90126000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9013E000 \SystemRoot\System32\Drivers\amtb54z6.SYS
0x90175000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x90193000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x901C2000 \SystemRoot\system32\DRIVERS\storport.sys
0x90203000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9020E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90225000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90230000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90253000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90262000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90276000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9028B000 \SystemRoot\System32\Drivers\pcouffin.sys
0x90297000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x90320000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90330000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90332000 \SystemRoot\system32\DRIVERS\ks.sys
0x9035C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90366000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90373000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x903A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x903B9000 \SystemRoot\system32\drivers\HdAudio.sys
0x8B703000 \SystemRoot\system32\drivers\portcls.sys
0x8B730000 \SystemRoot\system32\drivers\drmk.sys
0x90C07000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x90D02000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90D04000 \SystemRoot\system32\drivers\modem.sys
0x90D11000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90D1A000 \SystemRoot\System32\Drivers\Null.SYS
0x90D21000 \SystemRoot\System32\Drivers\Beep.SYS
0x90D31000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90D38000 \SystemRoot\System32\drivers\vga.sys
0x90D44000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90D65000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90D6D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90D75000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90D80000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90D8E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90D97000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90DAD000 \SystemRoot\system32\DRIVERS\smb.sys
0x90DC1000 \SystemRoot\system32\drivers\afd.sys
0x90E09000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90E3B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90E51000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90E5F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90E72000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90E78000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90EB4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90EBE000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x90EC0000 \SystemRoot\system32\drivers\csc.sys
0x90F1B000 \SystemRoot\System32\Drivers\dfsc.sys
0x90F32000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90F55000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90F6C000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90F8D000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x90FB0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90FBD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90FC8000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x90FD2000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8B755000 \SystemRoot\System32\Drivers\bthport.sys
0x8B7D5000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x90FDF000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8B5EA000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9A000000 \SystemRoot\System32\win32k.sys
0x90FE9000 \SystemRoot\System32\drivers\Dxapi.sys
0x8B3DE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A220000 \SystemRoot\System32\TSDDD.dll
0x9A240000 \SystemRoot\System32\cdd.dll
0x9A250000 \SystemRoot\System32\ATMFD.DLL
0x9E009000 \SystemRoot\system32\drivers\luafv.sys
0x9E024000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9E039000 \SystemRoot\system32\drivers\WudfPf.sys
0x9E05B000 \SystemRoot\system32\drivers\spsys.sys
0x9E10B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9E11B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9E145000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9E14F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E162000 \SystemRoot\system32\drivers\HTTP.sys
0x9E1CF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E1EC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E205000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E21A000 \SystemRoot\system32\drivers\mrxdav.sys
0x9E23B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E25A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E293000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E2AB000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E2D3000 \SystemRoot\System32\DRIVERS\srv.sys
0x9E339000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0x9E34B000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9E354000 \??\C:\Windows\system32\drivers\acedrv11.sys
0x9E380000 \SystemRoot\System32\Drivers\adfs.SYS
0xA1C0C000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xA1C9C000 \??\C:\Windows\system32\drivers\hardlock.sys
0xA1D44000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA1D6C000 \SystemRoot\system32\drivers\peauth.sys
0xA1E4A000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA1E54000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1E60000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77500000 \Windows\System32\ntdll.dll
0x10000000 \Programme\DAEMON Tools Lite\daemon.dll
Processes (total 63):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
568 csrss.exe
620 C:\Windows\System32\wininit.exe
628 csrss.exe
664 C:\Windows\System32\services.exe
692 C:\Windows\System32\winlogon.exe
720 C:\Windows\System32\lsass.exe
728 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\nvvsvc.exe
960 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\audiodg.exe
1304 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\SLsvc.exe
1388 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\rundll32.exe
1624 C:\Windows\System32\svchost.exe
1828 C:\Windows\System32\spoolsv.exe
1864 D:\Programme\Avira\AntiVir Desktop\sched.exe
1876 C:\Windows\System32\svchost.exe
400 D:\Programme\a-squared Free\a2service.exe
508 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
556 D:\Programme\Avira\AntiVir Desktop\avguard.exe
1552 C:\Windows\System32\svchost.exe
1672 D:\Programme\Avira\AntiVir Desktop\avshadow.exe
2088 C:\Windows\System32\svchost.exe
2100 D:\Programme\1&1\FritzBox Starter\IGDCTRL.EXE
2156 C:\Windows\System32\svchost.exe
2184 C:\Windows\System32\svchost.exe
2208 C:\Windows\System32\svchost.exe
2228 C:\Windows\System32\svchost.exe
2364 C:\Windows\System32\svchost.exe
2444 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
2980 C:\Windows\System32\dwm.exe
3012 C:\Windows\System32\taskeng.exe
3040 C:\Windows\explorer.exe
3152 C:\Windows\System32\taskeng.exe
3348 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
3356 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
3364 C:\Windows\WindowsMobile\wmdSync.exe
3380 C:\Windows\System32\rundll32.exe
3400 D:\Programme\Avira\AntiVir Desktop\avgnt.exe
3428 C:\Program Files\Windows Sidebar\sidebar.exe
3440 D:\Programme\ObjectDock\ObjectDock.exe
3740 C:\Windows\System32\svchost.exe
4080 C:\Windows\System32\wbem\unsecapp.exe
2252 WmiPrvSE.exe
2764 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
3104 C:\Program Files\Windows Sidebar\sidebar.exe
3324 C:\Program Files\Internet Explorer\iexplore.exe
3256 C:\Program Files\Internet Explorer\iexplore.exe
888 C:\Program Files\Internet Explorer\iexplore.exe
2964 C:\Windows\servicing\TrustedInstaller.exe
1448 C:\Windows\System32\wbem\WMIADAP.exe
992 C:\Program Files\Internet Explorer\iexplore.exe
1360 C:\Users\***\Desktop\MBRCheck.exe
3108 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00008000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000008`80493000 (NTFS)
PhysicalDrive0 Model Number: HITACHIHTS542525K9SA00, Rev: BBFZC3HP
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
P.S.: Hier nochmal eine kurze Zusammenfassung, was ich in welcher Reihenfolge gemacht habe: - mit Tool rkill.com die Prozesse des Security Tool gekillt - anschließend vollständiger Scan mit MBAM inklusive Fixen / Löschen der gefundenen Sachen - OTL normal und mit benutzerdefiniertem Scan / Fix laufen lassen - MBR laufen lassen |
|
| Themen zu SecurityTool entfernt, aber Unsicherheit, ob es wirklich weg ist |
| 32 bit, 7-zip, adblock, alternate, antivir, avgntflt.sys, avira, bho, black, call of duty, corp./icp, counter-strike source, disk director, error, excel.exe, firefox, firefox.exe, flash player, format, helper, hängen, iexplore.exe, igdctrl.exe, indesign, install.exe, langs, lenovo, location, microsoft office word, monitor.exe, mozilla, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl logfile, otl-programm, otl.exe, pixel, plug-in, portwexexe.exe, programdata, real player, registry, rundll, saver, scan, sched.exe, security, security update, senden, server, shell32.dll, sicherheit, skype.exe, software, sptd.sys, start menu, starten, studio, system, system restore, systweak, torrent.exe, trojan.zbot, udp, video converter, vista, vlc media player, vodafone, windows, world at war |
Linear-Darstellung
