![]() |
|
Plagegeister aller Art und deren Bekämpfung: Dateien nach Windows DiagnosticWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 | ||
| ![]() Dateien nach Windows Diagnostic Hallo, ich hatte vor einigen Tagen den Trojaner "Windows Diagnostic" auf meinem Pc. Konnte ihn mit der guten Anleitung hier aus dem Forum schnell entfernen. Allerdings werden jetzt sämtliche Dateien, die unter meinem Benutzer gespeichert waren, nicht mehr angezeigt. Ich habe bereits die anderen Threads zu diesem Thema gelesen, dachte nur ich erstell ein eigenes Thema damit man nicht durcheinanderkommt. Habe schon den Malwarebytes und OTL Scan durchgeführt. Hier sind die Logs: Der allerste Malwarebytes-Scan (Quickscan) : Zitat:
Malwarebytes-Vollscan: Zitat:
OTL-Scan OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.03.2011 15:29:17 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Volker\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 4,14 Gb Free Space | 2,87% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 104,19 Gb Free Space | 72,35% Space Free | Partition Type: NTFS Computer Name: VOLKER-PC | User Name: Volker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Volker\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Steam\Steam.exe (Valve Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) ========== Modules (SafeList) ========== MOD - C:\Users\Volker\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation) DRV - (MAUSBFTP) Service for M-Audio Fast Track Pro (WDM) -- C:\Windows\System32\drivers\mausb.sys (Avid Technology, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O) DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys () DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.06 12:59:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.15 22:10:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.15 22:10:22 | 000,000,000 | ---D | M] [2008.11.14 20:43:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Extensions [2011.03.22 22:24:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\84p4wq7f.default\extensions [2009.09.03 15:13:51 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\84p4wq7f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.17 18:50:24 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\84p4wq7f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.12.06 17:38:19 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\84p4wq7f.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2009.12.07 21:15:03 | 000,000,873 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\conduit.xml [2011.03.18 17:08:55 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-1.xml [2011.03.15 22:10:45 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-10.xml [2009.08.18 21:34:11 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-2.xml [2009.09.22 14:23:18 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-3.xml [2009.11.01 10:29:41 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-4.xml [2009.12.30 22:03:23 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-5.xml [2010.01.15 23:21:37 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-6.xml [2010.03.04 21:28:56 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-7.xml [2010.04.05 09:39:42 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-8.xml [2011.03.08 22:29:41 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-9.xml [2008.03.31 08:52:00 | 000,000,168 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin.gif [2008.03.31 08:52:00 | 000,000,618 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin.src [2009.07.24 00:03:06 | 000,000,944 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin.xml [2011.01.13 17:42:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.11.14 20:56:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.07.15 14:44:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.01.13 17:42:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.12.06 12:59:16 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [2009.07.15 14:44:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} [2011.01.13 17:42:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2010.09.18 10:12:22 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll [2011.01.26 15:33:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.01.26 15:33:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.01.26 15:33:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.01.26 15:33:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.01.26 15:33:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Volker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Volker\Pictures\rage-against-the-machine.jpg O24 - Desktop BackupWallPaper: C:\Users\Volker\Pictures\rage-against-the-machine.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d48be40b-ad63-11dd-9b40-001377a9fd0e}\Shell - "" = AutoRun O33 - MountPoints2\{d48be40b-ad63-11dd-9b40-001377a9fd0e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.24 15:27:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe [2011.03.22 18:52:33 | 000,000,000 | -H-D | C] -- C:\Users\Volker\AppData\Roaming\Malwarebytes [2011.03.22 18:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.22 18:52:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.22 18:51:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.03.22 18:51:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.22 18:51:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.21 21:49:11 | 000,000,000 | -H-D | C] -- C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic [2011.03.09 17:43:52 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 17:43:52 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 17:43:51 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 17:43:51 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.02.27 17:30:50 | 000,000,000 | -H-D | C] -- C:\Users\Volker\AppData\Roaming\Softland [2011.02.27 17:30:48 | 000,022,856 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmn7.dll [2011.02.27 17:30:48 | 000,019,784 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmi7.dll [2011.02.27 17:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7 [2011.02.23 22:52:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.02.23 22:49:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.02.23 22:49:37 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.02.23 22:49:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.02.23 22:49:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.02.23 22:49:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.02.23 22:49:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.02.23 22:49:35 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.02.23 22:49:35 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.02.23 22:49:35 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.02.23 22:49:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.02.23 22:49:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.02.23 22:49:28 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.02.23 22:49:28 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.02.23 22:49:28 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.02.23 22:49:28 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.02.23 22:49:28 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2006.11.24 06:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll [2006.11.24 06:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll ========== Files - Modified Within 30 Days ========== [2011.03.24 15:27:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe [2011.03.24 15:22:38 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.24 15:22:38 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.24 15:22:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.24 15:22:29 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys [2011.03.23 21:44:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.23 20:11:10 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E7D34EEB-CE6E-4564-990F-66D07FE2E827}.job [2011.03.23 16:58:48 | 000,000,680 | ---- | M] () -- C:\Users\Volker\AppData\Local\d3d9caps.dat [2011.03.22 20:58:29 | 000,204,864 | ---- | M] () -- C:\Users\Volker\Desktop\DataRecovery_EN_2.4.6.zip [2011.03.22 18:52:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.22 18:38:46 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~42983176 [2011.03.22 18:38:45 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~42983176r [2011.03.22 18:38:41 | 000,198,500 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.03.22 18:36:54 | 000,198,500 | -H-- | M] () -- C:\ProgramData\nvModes.dat [2011.03.22 16:34:04 | 000,000,384 | -H-- | M] () -- C:\ProgramData\42983176 [2011.03.21 21:49:19 | 000,000,587 | -H-- | M] () -- C:\Users\Volker\Desktop\Windows Diagnostic.lnk [2011.03.20 20:35:57 | 000,701,496 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.20 20:35:57 | 000,656,092 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.20 20:35:57 | 000,157,758 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.20 20:35:57 | 000,128,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.17 15:25:45 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.02.27 18:30:14 | 000,005,213 | -H-- | M] () -- C:\Users\Volker\Documents\Wedekind - Jungen und Mädchen.pdf ========== Files Created - No Company Name ========== [2011.03.23 16:58:48 | 000,000,680 | ---- | C] () -- C:\Users\Volker\AppData\Local\d3d9caps.dat [2011.03.22 20:58:23 | 000,204,864 | ---- | C] () -- C:\Users\Volker\Desktop\DataRecovery_EN_2.4.6.zip [2011.03.22 18:52:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.21 21:49:21 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~42983176r [2011.03.21 21:49:19 | 000,000,587 | -H-- | C] () -- C:\Users\Volker\Desktop\Windows Diagnostic.lnk [2011.03.21 21:49:19 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~42983176 [2011.03.21 21:49:02 | 000,000,384 | -H-- | C] () -- C:\ProgramData\42983176 [2011.02.27 18:30:12 | 000,005,213 | -H-- | C] () -- C:\Users\Volker\Documents\Wedekind - Jungen und Mädchen.pdf [2011.02.27 17:30:48 | 000,007,549 | ---- | C] () -- C:\Windows\System32\dopdf7.ctm [2011.02.23 22:49:29 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.02.23 22:49:29 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.02.23 22:49:29 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2010.11.22 13:56:41 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys [2010.11.22 13:56:41 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys [2010.11.07 20:19:14 | 000,115,598 | ---- | C] () -- C:\Windows\GXTranscoder v2 Uninstaller.exe [2010.03.07 17:28:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [2010.02.22 14:28:48 | 000,000,094 | -H-- | C] () -- C:\Users\Volker\AppData\Local\fusioncache.dat [2009.12.06 12:48:13 | 000,176,844 | ---- | C] () -- C:\Windows\hphins33.dat [2009.10.18 14:05:53 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.10.18 14:05:53 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.10.18 14:05:53 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.10.18 10:53:12 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.05.22 10:32:14 | 000,000,586 | ---- | C] () -- C:\Windows\hphmdl33.dat [2009.04.24 15:26:08 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2008.12.27 15:58:54 | 000,010,752 | -H-- | C] () -- C:\Users\Volker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.15 14:52:18 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.12.15 14:52:18 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.11.14 20:50:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.11.03 19:02:28 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.11.03 19:02:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.02 12:33:38 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.11.02 12:33:31 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.07.09 07:09:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.07.08 15:50:18 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini [2008.07.08 15:39:09 | 000,198,500 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2008.07.08 15:39:09 | 000,198,500 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2008.07.08 15:32:17 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2008.07.08 15:31:32 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2008.07.08 15:31:32 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2008.07.08 15:18:03 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe [2008.07.08 15:18:02 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe [2008.07.08 13:54:14 | 000,701,496 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.07.08 13:54:14 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.07.08 13:54:14 | 000,157,758 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.07.08 13:54:14 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.07.08 13:45:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.09 17:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.02.26 08:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat [2007.02.15 08:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll [2006.11.29 09:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe [2006.11.29 09:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,416,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,656,092 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,128,040 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.09 02:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll [2003.08.07 20:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll < End of report > und noch der OTL-"Extra"scan: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.03.2011 15:29:17 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Volker\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 4,14 Gb Free Space | 2,87% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 104,19 Gb Free Space | 72,35% Space Free | Partition Type: NTFS Computer Name: VOLKER-PC | User Name: Volker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0267F2ED-F55F-4222-A168-C3A66000B727}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{03B73A41-25B4-4AF8-81AC-9F482E8F570F}" = rport=2869 | protocol=6 | dir=out | app=system | "{17C9712C-B0FF-4DE2-8825-DACFF07A2A6D}" = lport=445 | protocol=6 | dir=in | app=system | "{182C21C7-1B21-4F5D-A637-A457FCECD69D}" = lport=2869 | protocol=6 | dir=in | app=system | "{1ACC8B81-4A32-4952-B23E-3B83139AA64F}" = lport=138 | protocol=17 | dir=in | app=system | "{1E12C77C-05FD-449A-B56F-0A7FC6FEA8D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{20000877-69F7-4346-B4CE-B9E1BB47C55E}" = rport=138 | protocol=17 | dir=out | app=system | "{2677158A-5F0E-4049-969B-0CF2018C79DB}" = rport=445 | protocol=6 | dir=out | app=system | "{29CB5780-5F94-4108-99E4-BE6F3D1CD409}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2A47494D-9827-4A09-AEE8-9168A3EC50A7}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2DA7B5CC-6D87-4517-AFFE-E4B5004E2B5D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3FD0B431-FA3C-48C4-97FD-5484C4111559}" = rport=137 | protocol=17 | dir=out | app=system | "{46DF001A-8BE4-463B-AF6B-BF164F24AE1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{499568A5-6A44-43D1-AE00-2238D62EECC1}" = lport=10243 | protocol=6 | dir=in | app=system | "{4AE5F0AC-6218-4050-8764-AF2FD8AC3332}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5A5CACB9-A9DC-4CA0-8C73-6ADEB81F3B58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6C935AC1-6182-4ACC-88AD-0FC28844D6B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7687E6B6-E017-46FA-96A3-1ECF2812665A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8159A1F7-6C3E-4A98-9D24-02FAB54323C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{948D0367-5367-484B-88BE-1D5E794F11FE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AE900CAA-AE97-4901-99B5-B257444AAB8C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AF7AD8F8-67F3-4F7A-9860-BD3B5CAB48F8}" = rport=10243 | protocol=6 | dir=out | app=system | "{B209ACD2-D6B6-40F5-8360-B09E3F90A5CC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{B4B35BCD-4451-4BE2-8083-D775F40B5F0A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B879C000-54AF-4B31-8DD2-F5C5E78D58FE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B90197B0-98B8-4132-BB41-BF493DD0CD59}" = lport=139 | protocol=6 | dir=in | app=system | "{C644570E-17B8-4601-A65F-E80EE9425ABE}" = lport=137 | protocol=17 | dir=in | app=system | "{C7AEDA38-0D3C-491D-8638-F59B96CCE3BC}" = lport=2869 | protocol=6 | dir=in | app=system | "{C99B974B-B26C-4D77-B2EA-94D15AFC333F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D1BD2BCD-3029-47C5-BC79-8A13820B7CBA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E0F18376-F1E7-4603-81C9-6688EDF26ACA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{E65B31E3-71BB-4136-A2A1-05418D2DAD4C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{E912E8C0-725B-4AAE-89C4-D664C62E8944}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FA5FB8EC-E43D-4AB6-A6C7-152E25CD3DA6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FC0AEC55-BED7-4381-B956-96A224A80686}" = rport=139 | protocol=6 | dir=out | app=system | "{FD1DEDDA-7061-40D0-8D78-21E1414C4D24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{005BB5EE-A7FD-455C-93CA-4A4B3FE91F63}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{01A11BC5-936F-4A94-8562-DBBA1CB53A3E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{043D666F-5981-476B-B9F8-0AFBC107ABAC}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{04EFE0C2-D3A6-42A3-B6B2-85C234E96591}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{050F0DE3-1182-4B4F-960C-AACF6650A0B3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{068FFCF1-B68C-4591-AF45-CC12FEC20A4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{10FC9E7C-1692-41A6-9885-B39C299CE912}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{12FFE344-EB6E-4D67-B2D7-303550DD7D20}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | "{17AF0867-48C6-427E-BDA7-9D31F1141A23}" = protocol=6 | dir=in | app=d:\spiele\turbine download manager\turbinenetworkservice.exe | "{1F04F4AA-56FC-4955-AA79-35BF422EFD05}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{23B245F5-6C15-49FB-B05E-AC7CEA833046}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{244006FE-AE75-4410-B3B0-2058DE2F1972}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe | "{25EBFEDD-2F22-4A4E-BCC7-99DC9A30C4D7}" = protocol=6 | dir=in | app=d:\spiele\game.dat | "{27B03D3D-22B0-4BE7-9644-639913DD3CA7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xvofferx\sourcesdk\bin\sdklauncher.exe | "{28B2793F-F1CE-49BB-A61A-784F75FA96F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{291D306C-48AA-4223-B4A4-5D53D8E45FDD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{29CF5B6F-4CE6-4E72-8B3C-3A579FBF3B89}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{2EF13111-67CF-41C9-AE5E-88E758CDBBCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{317BA270-0DC9-4A1F-9492-ED0B2B1CCAAE}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | "{31A4C225-DBF4-4735-9957-1CCB6C6AD544}" = protocol=17 | dir=in | app=d:\spiele\turbine download manager\turbinemessageservice.exe | "{31D2E30E-4393-41CB-A2BF-36FB0B76DB6E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{34BF32A3-00D9-4617-AD3F-335224F61389}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xvofferx\sourcesdk\bin\sdklauncher.exe | "{35A3779F-1D36-4A27-B8DA-0771AF95C0DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{44B78938-6BD2-47D0-9A76-3787164BBD15}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{4682EE64-28A1-4948-B789-C0B2A1776ABC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | "{4968FD53-7DEA-4B47-B5E8-1C3AB04DC28E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{4ACBE741-F8EA-4BF0-B4BA-907029212B80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4D6C392C-A335-4C72-AD76-CF3A02C1CBAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4ECD6139-75EB-4DCC-BAC8-190D176B13D4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{4F2170C1-ADB8-43FE-B583-39D8643ACF86}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | "{55BD5398-7EE3-4802-AA3C-FF9B47F1C8CD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | "{5AE82062-F363-4968-8EB2-1773E90F2D10}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{5D17D80C-BDA6-4060-A9DA-E7300D088DFC}" = protocol=17 | dir=in | app=d:\spiele\turbine download manager\turbinenetworkservice.exe | "{67776A70-289C-46F8-8937-28F39FF9F11C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{6779FCAE-5815-46CF-89C3-D6A107FAA6AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{68B5EFF0-B2E5-42AD-99CD-AACDB7AD1584}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6C708175-E552-40D1-A8A6-13CFD9899760}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6FEC7324-116C-4FED-A19F-10AAAE7A42A1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{747C7C60-3385-444B-A61F-B2DC0A64CA15}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{74B11514-A4A6-4787-8C73-87D3EEB83B23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7A430E69-AF3F-47B1-B508-D9E1B7BD397D}" = protocol=17 | dir=in | app=c:\users\volker\appdata\roaming\dropbox\bin\dropbox.exe | "{7AD050A3-0258-43D0-9B6B-087FAD75663B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{82F3AFDC-98E5-4134-91FD-293ABAD13028}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{834F2472-3D8F-4628-9A41-100A7B403E76}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{8BF64F90-1B25-4311-98ED-FEF0757282BE}" = protocol=6 | dir=in | app=d:\spiele\turbine download manager\turbinemessageservice.exe | "{8D42CA55-1180-472D-B9CF-C83FD2C87A4D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{8D72A2AF-6F15-48E7-B545-D2DDD2DF6E8B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{8DD04263-45E2-41A8-9623-C9321C556E59}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8FB359F1-7E7A-4731-B47C-EB6DA8019717}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9080FC1B-F9F6-43C4-B892-AA36809B2D59}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{90BFE075-12F3-4A0E-9252-87F4A954D382}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{911B9C3B-5B33-4EE8-9080-E681880109EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9149E7E3-77B6-41F6-9B77-657511ECA177}" = protocol=6 | dir=in | app=c:\sierra\empire earth\launcher.exe | "{956E1B4E-AA14-4F4B-8F8B-49EE3545D954}" = protocol=17 | dir=in | app=d:\spiele\turbine download manager\turbinenetworkservice.exe | "{98A218E2-2EFA-4708-A83B-CD8DEC773758}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A30BB79A-404A-419E-B690-68F07F905ED7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{A44581E9-D8AF-4E35-8A6D-E407FF9B37C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{A659754E-C3BD-47C3-B055-96D6C202A59C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | "{A84369CD-0104-4B15-8913-CA12E78DB191}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe | "{AC0EB358-85BB-4B8A-8309-506EB7D14E86}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{AEC25E14-65BA-46F9-85AE-AA289C794FDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{B7FAD1A2-8404-4D59-8DF3-1229EDBD343D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{B95ECCFA-2AA3-4DC1-97A7-2293C5133B2F}" = protocol=6 | dir=in | app=c:\users\volker\appdata\roaming\dropbox\bin\dropbox.exe | "{BCAEFB36-3651-49CF-84C7-69E6D6F17BC4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{BE642298-A92E-4BCF-B4A9-A6AE42F47F40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C0EFC0EF-34F2-4CB4-B3E0-02C29AD98489}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{C1CFFAB8-557C-4764-B700-36DD09E8967C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{C391A9E0-CD46-4995-A139-E3AFE4729C3C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{C66F4A61-B793-4E5F-B23E-4C19537BD4E0}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{C81F6994-D1FC-4B20-B7EC-10620BA1DE98}" = protocol=17 | dir=in | app=d:\spiele\game.dat | "{C8D5BCCE-8812-4C57-9301-042EA6D48875}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{CBC9BD84-0C84-4A04-8644-C2AAF6246113}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe | "{CCE47FE5-D80C-43A2-82BE-C99E4CBA864F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{D4630B38-C219-4317-9F26-D4B87669A3B1}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{D5A3EA54-194F-456F-A10E-90088E860DF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D8C3F067-B27D-45E2-A984-533AD8CC39DB}" = protocol=6 | dir=out | app=system | "{DB73A8FD-6C43-43A8-B58D-5CFF82840D62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DCCE7AF5-CF65-44F9-A732-55A24ADAD347}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{E269C668-B0B9-4675-A228-5F2858C61695}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | "{E7198A34-60FE-46AA-B7DF-1683767B32B9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{E75CBF35-506F-418D-825D-14AC26E40972}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{E80F188E-DA5E-4C72-AFF3-7EA21EDE168A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | "{EB957EEF-94A4-4020-BB7B-ACC9DE1BB266}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F0D09E8D-961E-47DD-B12C-45F99C1B0091}" = protocol=6 | dir=in | app=d:\spiele\turbine download manager\turbinenetworkservice.exe | "{F15E31F3-8B0E-4127-BF12-3897E6358C30}" = protocol=17 | dir=in | app=c:\sierra\empire earth\launcher.exe | "{F1ED2C0F-5CE5-4FB3-B056-6D1F3F408B86}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | "{FAFE2374-C706-47F8-8B66-7AFC7356CA01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FD1BB9F0-1DB4-4496-B70D-774E8E7C284F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | "{FFE802C9-B147-4651-9BE1-5B48A6CDC045}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "TCP Query User{03FA3D87-2896-4213-A6FA-7E0978BA6C20}D:\spiele\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | "TCP Query User{09DE31C5-F330-4E54-B94A-78F9E7FCFE10}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{19508545-4C62-4BBB-BF56-9B8127B88520}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\q9ipxton\download[1].exe" = protocol=6 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\q9ipxton\download[1].exe | "TCP Query User{1D495106-B35F-4437-BB2A-FB890B08E87C}C:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe | "TCP Query User{264635D8-EF67-4459-A0FD-459ADE1204E8}C:\world of padman\wop.exe" = protocol=6 | dir=in | app=c:\world of padman\wop.exe | "TCP Query User{349A854A-8E3E-4507-AB18-010222F67C6C}C:\world of padman\wop.exe" = protocol=6 | dir=in | app=c:\world of padman\wop.exe | "TCP Query User{3F5C3B5A-DD1C-43B2-8971-9026CB1E9013}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | "TCP Query User{4C153B2B-D0B3-42D7-91EC-A9E43E99A2BF}D:\spiele\xiii\system\xiii.exe" = protocol=6 | dir=in | app=d:\spiele\xiii\system\xiii.exe | "TCP Query User{54295BCF-7525-454A-9466-915C7DCD7940}D:\spiele\project nomads\run\bin\win32\nomads.exe" = protocol=6 | dir=in | app=d:\spiele\project nomads\run\bin\win32\nomads.exe | "TCP Query User{637517CC-DCCC-48F8-8519-0EDEDB65E761}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{666F6F05-E297-41AF-B5DF-02560AED7E68}C:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe | "TCP Query User{6D49F42B-CB54-4B9A-90D3-42B524509CED}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\3ksfy8lr\download[1].exe" = protocol=6 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\3ksfy8lr\download[1].exe | "TCP Query User{78F8790C-822A-4637-9439-8C1296162BCB}D:\spiele\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=d:\spiele\urbanterror\iourbanterror.exe | "TCP Query User{808EDB7D-1877-4D69-9C31-AAD62B3F7C93}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | "TCP Query User{90D3767B-0E18-426C-99D3-D573B0FAFA00}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "TCP Query User{97469048-8702-4913-A33A-5D67C1CCE71E}C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | "TCP Query User{9AEFAA7C-1D03-4CC3-A2A1-B5331CFA3DC2}D:\spiele\warsow 0.5\warsow_x86.exe" = protocol=6 | dir=in | app=d:\spiele\warsow 0.5\warsow_x86.exe | "TCP Query User{A64209FE-E9BF-4CE9-A423-D33860113E4B}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{B2E01D1E-6B9B-4E2C-83B5-69305DAB7F53}C:\program files\padworld entertainment\world of padman 1.5\wop.exe" = protocol=6 | dir=in | app=c:\program files\padworld entertainment\world of padman 1.5\wop.exe | "TCP Query User{B4E92274-5A67-4EC4-A373-D3B72071D90E}D:\spiele\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=d:\spiele\urbanterror\iourbanterror.exe | "TCP Query User{B95623C8-F7FC-41D7-A912-BBEDC71FE53C}D:\spiele\metin2\metin2.bin" = protocol=6 | dir=in | app=d:\spiele\metin2\metin2.bin | "TCP Query User{BB94A176-F48C-4581-810F-08D889F9CC71}C:\users\volker\desktop\mod. vers\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\volker\desktop\mod. vers\stronghold crusader.exe | "TCP Query User{BE6F3F95-D781-4C5A-8AC4-6495273E6061}D:\spiele\xiii\system\xiii.exe" = protocol=6 | dir=in | app=d:\spiele\xiii\system\xiii.exe | "TCP Query User{BFA6AA61-1FED-4604-9125-C60893DDB430}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "TCP Query User{C516006E-9850-4925-A64B-F8E4607D8F5A}D:\spiele\metin2\metin2client.bin" = protocol=6 | dir=in | app=d:\spiele\metin2\metin2client.bin | "TCP Query User{C9A14C0A-AA60-4469-A63A-CDD7E3C9ABA4}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | "TCP Query User{D1334010-FE21-45A0-9917-0D830A2E0CF6}D:\spiele\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base17326\sc2.exe | "TCP Query User{DF32B924-ACCF-430B-A6AB-7EE5844D0243}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | "TCP Query User{E28E1D8C-FA53-4BCD-A9D2-8C09424DA7CC}D:\spiele\ddo\dndclient.exe" = protocol=6 | dir=in | app=d:\spiele\ddo\dndclient.exe | "TCP Query User{E3E8BC19-4742-4E85-8648-B4B09A5C0815}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{F30DD47F-B20E-4BE1-8953-10E8C5A94632}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\c37e1kzn\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\c37e1kzn\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe | "TCP Query User{F6B734C7-C911-4664-8FF9-F99A88351074}D:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{F9376274-578B-44A4-84F2-3DB9932463C4}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "TCP Query User{FC43D0FD-3C82-423D-9669-74764A608D48}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "TCP Query User{FCDFB046-E3DF-44C4-880F-5B254B5367F4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{08F45A15-EC68-4488-AF67-EEE74534A78E}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\3ksfy8lr\download[1].exe" = protocol=17 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\3ksfy8lr\download[1].exe | "UDP Query User{21A628B6-A5B6-48FF-84EB-2C31F61854B7}D:\spiele\ddo\dndclient.exe" = protocol=17 | dir=in | app=d:\spiele\ddo\dndclient.exe | "UDP Query User{2280E565-E24A-49D5-A8F5-E3A4E548B8EC}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "UDP Query User{2FFDF01D-3F44-455E-B883-8A39478CC746}D:\spiele\xiii\system\xiii.exe" = protocol=17 | dir=in | app=d:\spiele\xiii\system\xiii.exe | "UDP Query User{3397CE13-71FC-4EB3-8B2E-2E8F31D404A1}D:\spiele\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | "UDP Query User{3ADA5E22-FD4F-4434-BA6A-1C597C630847}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\q9ipxton\download[1].exe" = protocol=17 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\q9ipxton\download[1].exe | "UDP Query User{3BA22DEF-91B5-43FE-8187-0312FDD4ED71}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "UDP Query User{4C8F074F-749F-4CE9-9C7E-6197795E2E81}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | "UDP Query User{52523B16-6B07-4A56-A14D-E91FDDCF9C82}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | "UDP Query User{579D8D4F-5042-4DE1-88A2-D6E52069A73E}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | "UDP Query User{6147CEAF-2773-41C2-ADC7-6549475DAC9A}C:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe | "UDP Query User{669372A8-FA33-4828-B588-D8A1AF2DBE53}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\c37e1kzn\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\c37e1kzn\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe | "UDP Query User{6753A0F3-9079-4CE7-A497-CF984C8C4862}C:\world of padman\wop.exe" = protocol=17 | dir=in | app=c:\world of padman\wop.exe | "UDP Query User{67F6DB2C-A68B-4EB2-A3CD-8B2E8D5E822A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{6EDEB0A3-6309-4E34-97DB-FE340B8A11DF}D:\spiele\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=d:\spiele\urbanterror\iourbanterror.exe | "UDP Query User{71FC3027-2AA8-4A50-85C2-8B7DF0BDCD6B}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | "UDP Query User{75F6A091-2B01-4FAC-B58E-AF604DB87B39}D:\spiele\metin2\metin2.bin" = protocol=17 | dir=in | app=d:\spiele\metin2\metin2.bin | "UDP Query User{7755CF80-EB0F-407B-9B84-A73E9A6EC5A8}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{8C47A3A0-8F6E-48A3-A0A8-ACF0F0134E4C}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | "UDP Query User{94826A63-1CF3-4794-80B8-E8C470B09154}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{961720B7-FC0C-4439-BF4D-76E0E6399378}D:\spiele\xiii\system\xiii.exe" = protocol=17 | dir=in | app=d:\spiele\xiii\system\xiii.exe | "UDP Query User{9D4C57F6-D525-4935-B2F4-4A72F562514A}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | "UDP Query User{AF037537-EDD2-490D-978B-D1EF5EEB904B}C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | "UDP Query User{B91A6E74-6EAD-4A28-8DD8-F9070E72BF74}D:\spiele\project nomads\run\bin\win32\nomads.exe" = protocol=17 | dir=in | app=d:\spiele\project nomads\run\bin\win32\nomads.exe | "UDP Query User{BE3AC010-4F4B-4290-92DA-94373991AEE4}D:\spiele\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=d:\spiele\urbanterror\iourbanterror.exe | "UDP Query User{C8CB0EF0-BC7B-4722-B465-4C67D597185F}D:\spiele\warsow 0.5\warsow_x86.exe" = protocol=17 | dir=in | app=d:\spiele\warsow 0.5\warsow_x86.exe | "UDP Query User{CDE0BCB6-1454-4051-B7E4-B3994BA91CF9}C:\users\volker\desktop\mod. vers\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\volker\desktop\mod. vers\stronghold crusader.exe | "UDP Query User{D24C3B81-175E-4D2D-B633-053830F0CB4B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{D4FFC692-69EB-42A6-96C7-AABDF6800AC4}D:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{D55CF884-A369-4EFE-B977-09E812A261A8}D:\spiele\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base17326\sc2.exe | "UDP Query User{DDBDEF57-2F4E-4BC3-9693-0A13EC922834}C:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe | "UDP Query User{E7EF1EA9-0C9B-4D8D-AED1-C5C19B64B5AE}C:\world of padman\wop.exe" = protocol=17 | dir=in | app=c:\world of padman\wop.exe | "UDP Query User{F1036172-B550-40F3-A18C-458F2D1CBEF3}D:\spiele\metin2\metin2client.bin" = protocol=17 | dir=in | app=d:\spiele\metin2\metin2client.bin | "UDP Query User{F58B75A8-ECB7-4E40-9EE3-07701A8BB298}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{FEE68FB5-CEA2-4145-89D1-96ECF029EF6A}C:\program files\padworld entertainment\world of padman 1.5\wop.exe" = protocol=17 | dir=in | app=c:\program files\padworld entertainment\world of padman 1.5\wop.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1 "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth "{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5 "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II "{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox "{2CD0168D-FBBC-4667-8810-105CB6EC6348}" = HP Deskjet D1600 Printer Driver Software 13.0 Rel .6 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II "{3E67F68D-3797-4B6A-B02C-27BC98DFEBDA}" = Fast Track Pro "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13 "{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.2 "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{5727583F-3530-45FD-B09E-7E1CB6C135AD}" = DJ_SF_06_D1600_SW_Min "{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™ "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client "{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9FE15B75-8AD9-4A6F-A57A-7E7C03C4CBEB}" = StarOffice 8 "{A6C2D216-9DAE-43F9-8EFF-F0445E973F52}_is1" = GW-Value "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B1CBE507-887F-4CAE-A84C-9E0F6C81B870}" = StarOffice 8 Product Update 12 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1 "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{EAE8CF06-28CA-4213-839C-A32817A47E00}" = D1600 "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "7-Zip" = 7-Zip 4.57 "AC3Filter" = AC3Filter (remove only) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BestPractice" = BestPractice (remove only) "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "doPDF 7 printer_is1" = doPDF 7.2 printer "DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar "DynaGeo_is1" = DynaGeo 3.0f "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31 "GameSpy Arcade" = GameSpy Arcade "Gothic II" = Gothic II "Guild Wars" = GUILD WARS "GuildWars Visions_is1" = GuildWars Visions v1.08 "Guitar Pro 5_is1" = Guitar Pro 5.2 "GXTranscoder v2" = GXTranscoder v2 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "ICQToolbar" = ICQ Toolbar "iDump" = iDump (Backing up your iPod) "InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Metin2_is1" = Metin2 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "Mumble" = Mumble and Murmur "MuPAD Pro 4.0_is1" = MuPAD Pro 4.0.6 "Niki" = Niki "NVIDIA Drivers" = NVIDIA Drivers "PROHYBRIDR" = 2007 Microsoft Office system "ProInst" = Intel PROSet Wireless "Project Nomads" = Project Nomads "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Shop for HP Supplies" = Shop for HP Supplies "StarCraft II" = StarCraft II "Steam App 11020" = TrackMania Nations Forever "Steam App 211" = Source SDK "Steam App 220" = Half-Life 2 "Steam App 310" = Team Fortress 2 Dedicated Server "Steam App 35420" = Killing Floor Mod: Defence Alliance 2 "Steam App 380" = Half-Life 2: Episode One "Steam App 400" = Portal "Steam App 420" = Half-Life 2: Episode Two "Steam App 440" = Team Fortress 2 "Steam App 630" = Alien Swarm "SyncroSoft Emu" = SyncroSoft Emu (Remove only) "Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle "SynTPDeinstKey" = Synaptics Pointing Device Driver "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Uninstall_is1" = Uninstall 1.0.0.1 "Urban Terror_is1" = Urban Terror 4.1 "VCam 3.1_is1" = VCam 3.1.1 "World of Padman" = World of Padman "World of Padman 1.5" = World of Padman 1.5 "Xfire" = Xfire (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.12.2010 01:50:26 | Computer Name = Volker-PC | Source = WinMgmt | ID = 10 Description = Error - 18.12.2010 07:33:04 | Computer Name = Volker-PC | Source = WinMgmt | ID = 10 Description = Error - 18.12.2010 07:33:15 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 18.12.2010 07:33:15 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 18.12.2010 07:34:09 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 18.12.2010 07:34:14 | Computer Name = Volker-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung cledx.exe, Version 0.3.1412.777, Zeitstempel 0x427ec9c6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x004605d2, Prozess-ID 0x524, Anwendungsstartzeit 01cb9ea76b72d760. Error - 18.12.2010 07:38:14 | Computer Name = Volker-PC | Source = WinMgmt | ID = 10 Description = Error - 18.12.2010 07:38:16 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 18.12.2010 07:38:16 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 18.12.2010 07:38:17 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 23.03.2011 11:56:04 | Computer Name = Volker-PC | Source = HTTP | ID = 15016 Description = Error - 23.03.2011 11:56:39 | Computer Name = Volker-PC | Source = ipnathlp | ID = 34001 Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. Error - 23.03.2011 11:56:39 | Computer Name = Volker-PC | Source = ipnathlp | ID = 30013 Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.101 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren. Error - 23.03.2011 11:57:50 | Computer Name = Volker-PC | Source = Service Control Manager | ID = 7000 Description = Error - 23.03.2011 15:07:47 | Computer Name = Volker-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 24.03.2011 10:22:37 | Computer Name = Volker-PC | Source = HTTP | ID = 15016 Description = Error - 24.03.2011 10:22:55 | Computer Name = Volker-PC | Source = ipnathlp | ID = 34001 Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren. Error - 24.03.2011 10:22:55 | Computer Name = Volker-PC | Source = ipnathlp | ID = 30013 Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.101 deaktiviert, da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren. Error - 24.03.2011 10:24:16 | Computer Name = Volker-PC | Source = Service Control Manager | ID = 7000 Description = Error - 24.03.2011 10:26:37 | Computer Name = Volker-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > Ich hoffe mir kann jemand helfen, mfg. |
Themen zu Dateien nach Windows Diagnostic |
32 bit, 7-zip, adware.gamespyarcade, antivir, audacity, avgntflt.sys, avira, bho, bonjour, conduit, converter, downloader, error, excel.exe, firefox, flash player, home, iexplore.exe, install.exe, ip-adresse, location, logfile, metin2, microsoft office 2003, microsoft office word, mozilla, mp3, nvlddmkm.sys, office 2007, oldtimer, otl scan, otl.exe, pando media booster, plug-in, programdata, realtek, registry, rootkit.tdss.gen, saver, scan, sched.exe, searchplugins, security, security update, server, shell32.dll, skype.exe, software, start menu, svchost.exe, teamspeak, trojan.dropper.pgen, trojaner, vista, windows, ändern |