Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Dateien nach Windows Diagnostic

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 24.03.2011, 15:52   #1
0815User
 
Dateien nach Windows Diagnostic - Standard

Dateien nach Windows Diagnostic



Hallo,

ich hatte vor einigen Tagen den Trojaner "Windows Diagnostic" auf meinem Pc. Konnte ihn mit der guten Anleitung hier aus dem Forum schnell entfernen. Allerdings werden jetzt sämtliche Dateien, die unter meinem Benutzer gespeichert waren, nicht mehr angezeigt. Ich habe bereits die anderen Threads zu diesem Thema gelesen, dachte nur ich erstell ein eigenes Thema damit man nicht durcheinanderkommt. Habe schon den Malwarebytes und OTL Scan durchgeführt.

Hier sind die Logs:

Der allerste Malwarebytes-Scan (Quickscan) :

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6133

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22.03.2011 19:06:41
mbam-log-2011-03-22 (19-06-41).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160645
Laufzeit: 13 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Schmidt-Pro (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSFdrVXAOXpQ (Trojan.FakeAlert) -> Value: SSFdrVXAOXpQ -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\ssfdrvxaoxpq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\42983176.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\Volker\AppData\Local\Temp\a55c.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Users\Volker\AppData\Local\Temp\comver.dll (Adware.GameSpyArcade) -> Quarantined and deleted successfully.
c:\Users\Volker\AppData\Local\Temp\H8SRT631.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\Volker\AppData\Local\Temp\df8e.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\programdata\sysreserve.ini (Malware.Trace) -> Quarantined and deleted successfully.

Malwarebytes-Vollscan:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6133

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

23.03.2011 16:54:20
mbam-log-2011-03-23 (16-54-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 376180
Laufzeit: 2 Stunde(n), 3 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\Visions\updater.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\program files\Visions\Visions.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Users\Volker\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\MM1UCOSB\calc[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

OTL-Scan

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.03.2011 15:29:17 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Volker\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 4,14 Gb Free Space | 2,87% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 104,19 Gb Free Space | 72,35% Space Free | Partition Type: NTFS
 
Computer Name: VOLKER-PC | User Name: Volker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Volker\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Volker\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (MAUSBFTP) Service for M-Audio Fast Track Pro (WDM) -- C:\Windows\System32\drivers\mausb.sys (Avid Technology, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O)
DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys ()
DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.06 12:59:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.15 22:10:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.15 22:10:22 | 000,000,000 | ---D | M]
 
[2008.11.14 20:43:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Extensions
[2011.03.22 22:24:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\84p4wq7f.default\extensions
[2009.09.03 15:13:51 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\84p4wq7f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.17 18:50:24 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\84p4wq7f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.12.06 17:38:19 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\Volker\AppData\Roaming\mozilla\Firefox\Profiles\84p4wq7f.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.12.07 21:15:03 | 000,000,873 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\conduit.xml
[2011.03.18 17:08:55 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-1.xml
[2011.03.15 22:10:45 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-10.xml
[2009.08.18 21:34:11 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-2.xml
[2009.09.22 14:23:18 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-3.xml
[2009.11.01 10:29:41 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-4.xml
[2009.12.30 22:03:23 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-5.xml
[2010.01.15 23:21:37 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-6.xml
[2010.03.04 21:28:56 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-7.xml
[2010.04.05 09:39:42 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-8.xml
[2011.03.08 22:29:41 | 000,000,950 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin-9.xml
[2008.03.31 08:52:00 | 000,000,168 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin.gif
[2008.03.31 08:52:00 | 000,000,618 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin.src
[2009.07.24 00:03:06 | 000,000,944 | -H-- | M] () -- C:\Users\Volker\AppData\Roaming\Mozilla\Firefox\Profiles\84p4wq7f.default\searchplugins\icqplugin.xml
[2011.01.13 17:42:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.11.14 20:56:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.07.15 14:44:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.13 17:42:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.12.06 12:59:16 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009.07.15 14:44:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2011.01.13 17:42:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2010.09.18 10:12:22 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2011.01.26 15:33:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.01.26 15:33:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.01.26 15:33:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.01.26 15:33:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.01.26 15:33:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Volker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Volker\Pictures\rage-against-the-machine.jpg
O24 - Desktop BackupWallPaper: C:\Users\Volker\Pictures\rage-against-the-machine.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d48be40b-ad63-11dd-9b40-001377a9fd0e}\Shell - "" = AutoRun
O33 - MountPoints2\{d48be40b-ad63-11dd-9b40-001377a9fd0e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.24 15:27:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe
[2011.03.22 18:52:33 | 000,000,000 | -H-D | C] -- C:\Users\Volker\AppData\Roaming\Malwarebytes
[2011.03.22 18:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.22 18:52:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.22 18:51:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.03.22 18:51:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.22 18:51:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.21 21:49:11 | 000,000,000 | -H-D | C] -- C:\Users\Volker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
[2011.03.09 17:43:52 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 17:43:52 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 17:43:51 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 17:43:51 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.02.27 17:30:50 | 000,000,000 | -H-D | C] -- C:\Users\Volker\AppData\Roaming\Softland
[2011.02.27 17:30:48 | 000,022,856 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmn7.dll
[2011.02.27 17:30:48 | 000,019,784 | ---- | C] (Softland) -- C:\Windows\System32\dopdfmi7.dll
[2011.02.27 17:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7
[2011.02.23 22:52:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.23 22:49:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.02.23 22:49:37 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.02.23 22:49:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.02.23 22:49:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.02.23 22:49:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.02.23 22:49:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.02.23 22:49:35 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.02.23 22:49:35 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.02.23 22:49:35 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.02.23 22:49:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.02.23 22:49:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.02.23 22:49:28 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.02.23 22:49:28 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.02.23 22:49:28 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.02.23 22:49:28 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.02.23 22:49:28 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2006.11.24 06:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 06:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.24 15:27:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Volker\Desktop\OTL.exe
[2011.03.24 15:22:38 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 15:22:38 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 15:22:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.24 15:22:29 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.23 21:44:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.03.23 20:11:10 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E7D34EEB-CE6E-4564-990F-66D07FE2E827}.job
[2011.03.23 16:58:48 | 000,000,680 | ---- | M] () -- C:\Users\Volker\AppData\Local\d3d9caps.dat
[2011.03.22 20:58:29 | 000,204,864 | ---- | M] () -- C:\Users\Volker\Desktop\DataRecovery_EN_2.4.6.zip
[2011.03.22 18:52:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.22 18:38:46 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~42983176
[2011.03.22 18:38:45 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~42983176r
[2011.03.22 18:38:41 | 000,198,500 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.03.22 18:36:54 | 000,198,500 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.03.22 16:34:04 | 000,000,384 | -H-- | M] () -- C:\ProgramData\42983176
[2011.03.21 21:49:19 | 000,000,587 | -H-- | M] () -- C:\Users\Volker\Desktop\Windows Diagnostic.lnk
[2011.03.20 20:35:57 | 000,701,496 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.20 20:35:57 | 000,656,092 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.20 20:35:57 | 000,157,758 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.20 20:35:57 | 000,128,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.17 15:25:45 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.02.27 18:30:14 | 000,005,213 | -H-- | M] () -- C:\Users\Volker\Documents\Wedekind - Jungen und Mädchen.pdf
 
========== Files Created - No Company Name ==========
 
[2011.03.23 16:58:48 | 000,000,680 | ---- | C] () -- C:\Users\Volker\AppData\Local\d3d9caps.dat
[2011.03.22 20:58:23 | 000,204,864 | ---- | C] () -- C:\Users\Volker\Desktop\DataRecovery_EN_2.4.6.zip
[2011.03.22 18:52:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.21 21:49:21 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~42983176r
[2011.03.21 21:49:19 | 000,000,587 | -H-- | C] () -- C:\Users\Volker\Desktop\Windows Diagnostic.lnk
[2011.03.21 21:49:19 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~42983176
[2011.03.21 21:49:02 | 000,000,384 | -H-- | C] () -- C:\ProgramData\42983176
[2011.02.27 18:30:12 | 000,005,213 | -H-- | C] () -- C:\Users\Volker\Documents\Wedekind - Jungen und Mädchen.pdf
[2011.02.27 17:30:48 | 000,007,549 | ---- | C] () -- C:\Windows\System32\dopdf7.ctm
[2011.02.23 22:49:29 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.23 22:49:29 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.02.23 22:49:29 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010.11.22 13:56:41 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2010.11.22 13:56:41 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2010.11.07 20:19:14 | 000,115,598 | ---- | C] () -- C:\Windows\GXTranscoder v2 Uninstaller.exe
[2010.03.07 17:28:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010.02.22 14:28:48 | 000,000,094 | -H-- | C] () -- C:\Users\Volker\AppData\Local\fusioncache.dat
[2009.12.06 12:48:13 | 000,176,844 | ---- | C] () -- C:\Windows\hphins33.dat
[2009.10.18 14:05:53 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.10.18 14:05:53 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.10.18 14:05:53 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.10.18 10:53:12 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.05.22 10:32:14 | 000,000,586 | ---- | C] () -- C:\Windows\hphmdl33.dat
[2009.04.24 15:26:08 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2008.12.27 15:58:54 | 000,010,752 | -H-- | C] () -- C:\Users\Volker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.15 14:52:18 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008.12.15 14:52:18 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.11.14 20:50:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.03 19:02:28 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.11.03 19:02:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.02 12:33:38 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.11.02 12:33:31 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.07.09 07:09:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.07.08 15:50:18 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.07.08 15:39:09 | 000,198,500 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008.07.08 15:39:09 | 000,198,500 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2008.07.08 15:32:17 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2008.07.08 15:31:32 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.07.08 15:31:32 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.07.08 15:18:03 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2008.07.08 15:18:02 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2008.07.08 13:54:14 | 000,701,496 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.07.08 13:54:14 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.07.08 13:54:14 | 000,157,758 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.07.08 13:54:14 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.07.08 13:45:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.09 17:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.02.26 08:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 08:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 09:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 09:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,416,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,656,092 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,128,040 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.09 02:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2003.08.07 20:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
< End of report >
         
--- --- ---




und noch der OTL-"Extra"scan:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.03.2011 15:29:17 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Volker\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 4,14 Gb Free Space | 2,87% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 104,19 Gb Free Space | 72,35% Space Free | Partition Type: NTFS
 
Computer Name: VOLKER-PC | User Name: Volker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0267F2ED-F55F-4222-A168-C3A66000B727}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{03B73A41-25B4-4AF8-81AC-9F482E8F570F}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{17C9712C-B0FF-4DE2-8825-DACFF07A2A6D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{182C21C7-1B21-4F5D-A637-A457FCECD69D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1ACC8B81-4A32-4952-B23E-3B83139AA64F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1E12C77C-05FD-449A-B56F-0A7FC6FEA8D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{20000877-69F7-4346-B4CE-B9E1BB47C55E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2677158A-5F0E-4049-969B-0CF2018C79DB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{29CB5780-5F94-4108-99E4-BE6F3D1CD409}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2A47494D-9827-4A09-AEE8-9168A3EC50A7}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2DA7B5CC-6D87-4517-AFFE-E4B5004E2B5D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3FD0B431-FA3C-48C4-97FD-5484C4111559}" = rport=137 | protocol=17 | dir=out | app=system | 
"{46DF001A-8BE4-463B-AF6B-BF164F24AE1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{499568A5-6A44-43D1-AE00-2238D62EECC1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4AE5F0AC-6218-4050-8764-AF2FD8AC3332}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A5CACB9-A9DC-4CA0-8C73-6ADEB81F3B58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6C935AC1-6182-4ACC-88AD-0FC28844D6B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7687E6B6-E017-46FA-96A3-1ECF2812665A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8159A1F7-6C3E-4A98-9D24-02FAB54323C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{948D0367-5367-484B-88BE-1D5E794F11FE}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{AE900CAA-AE97-4901-99B5-B257444AAB8C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AF7AD8F8-67F3-4F7A-9860-BD3B5CAB48F8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B209ACD2-D6B6-40F5-8360-B09E3F90A5CC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B4B35BCD-4451-4BE2-8083-D775F40B5F0A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B879C000-54AF-4B31-8DD2-F5C5E78D58FE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B90197B0-98B8-4132-BB41-BF493DD0CD59}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C644570E-17B8-4601-A65F-E80EE9425ABE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C7AEDA38-0D3C-491D-8638-F59B96CCE3BC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C99B974B-B26C-4D77-B2EA-94D15AFC333F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D1BD2BCD-3029-47C5-BC79-8A13820B7CBA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E0F18376-F1E7-4603-81C9-6688EDF26ACA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{E65B31E3-71BB-4136-A2A1-05418D2DAD4C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E912E8C0-725B-4AAE-89C4-D664C62E8944}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FA5FB8EC-E43D-4AB6-A6C7-152E25CD3DA6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FC0AEC55-BED7-4381-B956-96A224A80686}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FD1DEDDA-7061-40D0-8D78-21E1414C4D24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005BB5EE-A7FD-455C-93CA-4A4B3FE91F63}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{01A11BC5-936F-4A94-8562-DBBA1CB53A3E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{043D666F-5981-476B-B9F8-0AFBC107ABAC}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{04EFE0C2-D3A6-42A3-B6B2-85C234E96591}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{050F0DE3-1182-4B4F-960C-AACF6650A0B3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{068FFCF1-B68C-4591-AF45-CC12FEC20A4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{10FC9E7C-1692-41A6-9885-B39C299CE912}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{12FFE344-EB6E-4D67-B2D7-303550DD7D20}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{17AF0867-48C6-427E-BDA7-9D31F1141A23}" = protocol=6 | dir=in | app=d:\spiele\turbine download manager\turbinenetworkservice.exe | 
"{1F04F4AA-56FC-4955-AA79-35BF422EFD05}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{23B245F5-6C15-49FB-B05E-AC7CEA833046}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{244006FE-AE75-4410-B3B0-2058DE2F1972}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe | 
"{25EBFEDD-2F22-4A4E-BCC7-99DC9A30C4D7}" = protocol=6 | dir=in | app=d:\spiele\game.dat | 
"{27B03D3D-22B0-4BE7-9644-639913DD3CA7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xvofferx\sourcesdk\bin\sdklauncher.exe | 
"{28B2793F-F1CE-49BB-A61A-784F75FA96F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{291D306C-48AA-4223-B4A4-5D53D8E45FDD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{29CF5B6F-4CE6-4E72-8B3C-3A579FBF3B89}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{2EF13111-67CF-41C9-AE5E-88E758CDBBCC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{317BA270-0DC9-4A1F-9492-ED0B2B1CCAAE}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{31A4C225-DBF4-4735-9957-1CCB6C6AD544}" = protocol=17 | dir=in | app=d:\spiele\turbine download manager\turbinemessageservice.exe | 
"{31D2E30E-4393-41CB-A2BF-36FB0B76DB6E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{34BF32A3-00D9-4617-AD3F-335224F61389}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xvofferx\sourcesdk\bin\sdklauncher.exe | 
"{35A3779F-1D36-4A27-B8DA-0771AF95C0DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{44B78938-6BD2-47D0-9A76-3787164BBD15}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4682EE64-28A1-4948-B789-C0B2A1776ABC}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{4968FD53-7DEA-4B47-B5E8-1C3AB04DC28E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{4ACBE741-F8EA-4BF0-B4BA-907029212B80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4D6C392C-A335-4C72-AD76-CF3A02C1CBAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4ECD6139-75EB-4DCC-BAC8-190D176B13D4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4F2170C1-ADB8-43FE-B583-39D8643ACF86}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{55BD5398-7EE3-4802-AA3C-FF9B47F1C8CD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{5AE82062-F363-4968-8EB2-1773E90F2D10}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{5D17D80C-BDA6-4060-A9DA-E7300D088DFC}" = protocol=17 | dir=in | app=d:\spiele\turbine download manager\turbinenetworkservice.exe | 
"{67776A70-289C-46F8-8937-28F39FF9F11C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6779FCAE-5815-46CF-89C3-D6A107FAA6AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{68B5EFF0-B2E5-42AD-99CD-AACDB7AD1584}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C708175-E552-40D1-A8A6-13CFD9899760}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6FEC7324-116C-4FED-A19F-10AAAE7A42A1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{747C7C60-3385-444B-A61F-B2DC0A64CA15}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{74B11514-A4A6-4787-8C73-87D3EEB83B23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7A430E69-AF3F-47B1-B508-D9E1B7BD397D}" = protocol=17 | dir=in | app=c:\users\volker\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7AD050A3-0258-43D0-9B6B-087FAD75663B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{82F3AFDC-98E5-4134-91FD-293ABAD13028}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{834F2472-3D8F-4628-9A41-100A7B403E76}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{8BF64F90-1B25-4311-98ED-FEF0757282BE}" = protocol=6 | dir=in | app=d:\spiele\turbine download manager\turbinemessageservice.exe | 
"{8D42CA55-1180-472D-B9CF-C83FD2C87A4D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8D72A2AF-6F15-48E7-B545-D2DDD2DF6E8B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{8DD04263-45E2-41A8-9623-C9321C556E59}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8FB359F1-7E7A-4731-B47C-EB6DA8019717}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9080FC1B-F9F6-43C4-B892-AA36809B2D59}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{90BFE075-12F3-4A0E-9252-87F4A954D382}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{911B9C3B-5B33-4EE8-9080-E681880109EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9149E7E3-77B6-41F6-9B77-657511ECA177}" = protocol=6 | dir=in | app=c:\sierra\empire earth\launcher.exe | 
"{956E1B4E-AA14-4F4B-8F8B-49EE3545D954}" = protocol=17 | dir=in | app=d:\spiele\turbine download manager\turbinenetworkservice.exe | 
"{98A218E2-2EFA-4708-A83B-CD8DEC773758}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A30BB79A-404A-419E-B690-68F07F905ED7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{A44581E9-D8AF-4E35-8A6D-E407FF9B37C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{A659754E-C3BD-47C3-B055-96D6C202A59C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe | 
"{A84369CD-0104-4B15-8913-CA12E78DB191}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe | 
"{AC0EB358-85BB-4B8A-8309-506EB7D14E86}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{AEC25E14-65BA-46F9-85AE-AA289C794FDD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{B7FAD1A2-8404-4D59-8DF3-1229EDBD343D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{B95ECCFA-2AA3-4DC1-97A7-2293C5133B2F}" = protocol=6 | dir=in | app=c:\users\volker\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BCAEFB36-3651-49CF-84C7-69E6D6F17BC4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{BE642298-A92E-4BCF-B4A9-A6AE42F47F40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C0EFC0EF-34F2-4CB4-B3E0-02C29AD98489}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{C1CFFAB8-557C-4764-B700-36DD09E8967C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{C391A9E0-CD46-4995-A139-E3AFE4729C3C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{C66F4A61-B793-4E5F-B23E-4C19537BD4E0}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{C81F6994-D1FC-4B20-B7EC-10620BA1DE98}" = protocol=17 | dir=in | app=d:\spiele\game.dat | 
"{C8D5BCCE-8812-4C57-9301-042EA6D48875}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{CBC9BD84-0C84-4A04-8644-C2AAF6246113}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{CCE47FE5-D80C-43A2-82BE-C99E4CBA864F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{D4630B38-C219-4317-9F26-D4B87669A3B1}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D5A3EA54-194F-456F-A10E-90088E860DF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D8C3F067-B27D-45E2-A984-533AD8CC39DB}" = protocol=6 | dir=out | app=system | 
"{DB73A8FD-6C43-43A8-B58D-5CFF82840D62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCCE7AF5-CF65-44F9-A732-55A24ADAD347}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{E269C668-B0B9-4675-A228-5F2858C61695}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{E7198A34-60FE-46AA-B7DF-1683767B32B9}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{E75CBF35-506F-418D-825D-14AC26E40972}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{E80F188E-DA5E-4C72-AFF3-7EA21EDE168A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{EB957EEF-94A4-4020-BB7B-ACC9DE1BB266}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F0D09E8D-961E-47DD-B12C-45F99C1B0091}" = protocol=6 | dir=in | app=d:\spiele\turbine download manager\turbinenetworkservice.exe | 
"{F15E31F3-8B0E-4127-BF12-3897E6358C30}" = protocol=17 | dir=in | app=c:\sierra\empire earth\launcher.exe | 
"{F1ED2C0F-5CE5-4FB3-B056-6D1F3F408B86}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"{FAFE2374-C706-47F8-8B66-7AFC7356CA01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD1BB9F0-1DB4-4496-B70D-774E8E7C284F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{FFE802C9-B147-4651-9BE1-5B48A6CDC045}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"TCP Query User{03FA3D87-2896-4213-A6FA-7E0978BA6C20}D:\spiele\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | 
"TCP Query User{09DE31C5-F330-4E54-B94A-78F9E7FCFE10}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{19508545-4C62-4BBB-BF56-9B8127B88520}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\q9ipxton\download[1].exe" = protocol=6 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\q9ipxton\download[1].exe | 
"TCP Query User{1D495106-B35F-4437-BB2A-FB890B08E87C}C:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe | 
"TCP Query User{264635D8-EF67-4459-A0FD-459ADE1204E8}C:\world of padman\wop.exe" = protocol=6 | dir=in | app=c:\world of padman\wop.exe | 
"TCP Query User{349A854A-8E3E-4507-AB18-010222F67C6C}C:\world of padman\wop.exe" = protocol=6 | dir=in | app=c:\world of padman\wop.exe | 
"TCP Query User{3F5C3B5A-DD1C-43B2-8971-9026CB1E9013}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | 
"TCP Query User{4C153B2B-D0B3-42D7-91EC-A9E43E99A2BF}D:\spiele\xiii\system\xiii.exe" = protocol=6 | dir=in | app=d:\spiele\xiii\system\xiii.exe | 
"TCP Query User{54295BCF-7525-454A-9466-915C7DCD7940}D:\spiele\project nomads\run\bin\win32\nomads.exe" = protocol=6 | dir=in | app=d:\spiele\project nomads\run\bin\win32\nomads.exe | 
"TCP Query User{637517CC-DCCC-48F8-8519-0EDEDB65E761}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{666F6F05-E297-41AF-B5DF-02560AED7E68}C:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe | 
"TCP Query User{6D49F42B-CB54-4B9A-90D3-42B524509CED}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\3ksfy8lr\download[1].exe" = protocol=6 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\3ksfy8lr\download[1].exe | 
"TCP Query User{78F8790C-822A-4637-9439-8C1296162BCB}D:\spiele\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=d:\spiele\urbanterror\iourbanterror.exe | 
"TCP Query User{808EDB7D-1877-4D69-9C31-AAD62B3F7C93}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{90D3767B-0E18-426C-99D3-D573B0FAFA00}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{97469048-8702-4913-A33A-5D67C1CCE71E}C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"TCP Query User{9AEFAA7C-1D03-4CC3-A2A1-B5331CFA3DC2}D:\spiele\warsow 0.5\warsow_x86.exe" = protocol=6 | dir=in | app=d:\spiele\warsow 0.5\warsow_x86.exe | 
"TCP Query User{A64209FE-E9BF-4CE9-A423-D33860113E4B}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{B2E01D1E-6B9B-4E2C-83B5-69305DAB7F53}C:\program files\padworld entertainment\world of padman 1.5\wop.exe" = protocol=6 | dir=in | app=c:\program files\padworld entertainment\world of padman 1.5\wop.exe | 
"TCP Query User{B4E92274-5A67-4EC4-A373-D3B72071D90E}D:\spiele\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=d:\spiele\urbanterror\iourbanterror.exe | 
"TCP Query User{B95623C8-F7FC-41D7-A912-BBEDC71FE53C}D:\spiele\metin2\metin2.bin" = protocol=6 | dir=in | app=d:\spiele\metin2\metin2.bin | 
"TCP Query User{BB94A176-F48C-4581-810F-08D889F9CC71}C:\users\volker\desktop\mod. vers\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\users\volker\desktop\mod. vers\stronghold crusader.exe | 
"TCP Query User{BE6F3F95-D781-4C5A-8AC4-6495273E6061}D:\spiele\xiii\system\xiii.exe" = protocol=6 | dir=in | app=d:\spiele\xiii\system\xiii.exe | 
"TCP Query User{BFA6AA61-1FED-4604-9125-C60893DDB430}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{C516006E-9850-4925-A64B-F8E4607D8F5A}D:\spiele\metin2\metin2client.bin" = protocol=6 | dir=in | app=d:\spiele\metin2\metin2client.bin | 
"TCP Query User{C9A14C0A-AA60-4469-A63A-CDD7E3C9ABA4}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"TCP Query User{D1334010-FE21-45A0-9917-0D830A2E0CF6}D:\spiele\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{DF32B924-ACCF-430B-A6AB-7EE5844D0243}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"TCP Query User{E28E1D8C-FA53-4BCD-A9D2-8C09424DA7CC}D:\spiele\ddo\dndclient.exe" = protocol=6 | dir=in | app=d:\spiele\ddo\dndclient.exe | 
"TCP Query User{E3E8BC19-4742-4E85-8648-B4B09A5C0815}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{F30DD47F-B20E-4BE1-8953-10E8C5A94632}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\c37e1kzn\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\c37e1kzn\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe | 
"TCP Query User{F6B734C7-C911-4664-8FF9-F99A88351074}D:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{F9376274-578B-44A4-84F2-3DB9932463C4}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"TCP Query User{FC43D0FD-3C82-423D-9669-74764A608D48}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"TCP Query User{FCDFB046-E3DF-44C4-880F-5B254B5367F4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{08F45A15-EC68-4488-AF67-EEE74534A78E}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\3ksfy8lr\download[1].exe" = protocol=17 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\3ksfy8lr\download[1].exe | 
"UDP Query User{21A628B6-A5B6-48FF-84EB-2C31F61854B7}D:\spiele\ddo\dndclient.exe" = protocol=17 | dir=in | app=d:\spiele\ddo\dndclient.exe | 
"UDP Query User{2280E565-E24A-49D5-A8F5-E3A4E548B8EC}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"UDP Query User{2FFDF01D-3F44-455E-B883-8A39478CC746}D:\spiele\xiii\system\xiii.exe" = protocol=17 | dir=in | app=d:\spiele\xiii\system\xiii.exe | 
"UDP Query User{3397CE13-71FC-4EB3-8B2E-2E8F31D404A1}D:\spiele\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | 
"UDP Query User{3ADA5E22-FD4F-4434-BA6A-1C597C630847}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\q9ipxton\download[1].exe" = protocol=17 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\q9ipxton\download[1].exe | 
"UDP Query User{3BA22DEF-91B5-43FE-8187-0312FDD4ED71}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{4C8F074F-749F-4CE9-9C7E-6197795E2E81}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"UDP Query User{52523B16-6B07-4A56-A14D-E91FDDCF9C82}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{579D8D4F-5042-4DE1-88A2-D6E52069A73E}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{6147CEAF-2773-41C2-ADC7-6549475DAC9A}C:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe | 
"UDP Query User{669372A8-FA33-4828-B588-D8A1AF2DBE53}C:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\c37e1kzn\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\volker\appdata\local\microsoft\windows\temporary internet files\content.ie5\c37e1kzn\sc2-wingsofliberty-enus-demo-installer-downloader[1].exe | 
"UDP Query User{6753A0F3-9079-4CE7-A497-CF984C8C4862}C:\world of padman\wop.exe" = protocol=17 | dir=in | app=c:\world of padman\wop.exe | 
"UDP Query User{67F6DB2C-A68B-4EB2-A3CD-8B2E8D5E822A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{6EDEB0A3-6309-4E34-97DB-FE340B8A11DF}D:\spiele\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=d:\spiele\urbanterror\iourbanterror.exe | 
"UDP Query User{71FC3027-2AA8-4A50-85C2-8B7DF0BDCD6B}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | 
"UDP Query User{75F6A091-2B01-4FAC-B58E-AF604DB87B39}D:\spiele\metin2\metin2.bin" = protocol=17 | dir=in | app=d:\spiele\metin2\metin2.bin | 
"UDP Query User{7755CF80-EB0F-407B-9B84-A73E9A6EC5A8}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{8C47A3A0-8F6E-48A3-A0A8-ACF0F0134E4C}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"UDP Query User{94826A63-1CF3-4794-80B8-E8C470B09154}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{961720B7-FC0C-4439-BF4D-76E0E6399378}D:\spiele\xiii\system\xiii.exe" = protocol=17 | dir=in | app=d:\spiele\xiii\system\xiii.exe | 
"UDP Query User{9D4C57F6-D525-4935-B2F4-4A72F562514A}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"UDP Query User{AF037537-EDD2-490D-978B-D1EF5EEB904B}C:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe | 
"UDP Query User{B91A6E74-6EAD-4A28-8DD8-F9070E72BF74}D:\spiele\project nomads\run\bin\win32\nomads.exe" = protocol=17 | dir=in | app=d:\spiele\project nomads\run\bin\win32\nomads.exe | 
"UDP Query User{BE3AC010-4F4B-4290-92DA-94373991AEE4}D:\spiele\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=d:\spiele\urbanterror\iourbanterror.exe | 
"UDP Query User{C8CB0EF0-BC7B-4722-B465-4C67D597185F}D:\spiele\warsow 0.5\warsow_x86.exe" = protocol=17 | dir=in | app=d:\spiele\warsow 0.5\warsow_x86.exe | 
"UDP Query User{CDE0BCB6-1454-4051-B7E4-B3994BA91CF9}C:\users\volker\desktop\mod. vers\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\users\volker\desktop\mod. vers\stronghold crusader.exe | 
"UDP Query User{D24C3B81-175E-4D2D-B633-053830F0CB4B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{D4FFC692-69EB-42A6-96C7-AABDF6800AC4}D:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{D55CF884-A369-4EFE-B977-09E812A261A8}D:\spiele\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{DDBDEF57-2F4E-4BC3-9693-0A13EC922834}C:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\xvofferx\team fortress 2\hl2.exe | 
"UDP Query User{E7EF1EA9-0C9B-4D8D-AED1-C5C19B64B5AE}C:\world of padman\wop.exe" = protocol=17 | dir=in | app=c:\world of padman\wop.exe | 
"UDP Query User{F1036172-B550-40F3-A18C-458F2D1CBEF3}D:\spiele\metin2\metin2client.bin" = protocol=17 | dir=in | app=d:\spiele\metin2\metin2client.bin | 
"UDP Query User{F58B75A8-ECB7-4E40-9EE3-07701A8BB298}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{FEE68FB5-CEA2-4145-89D1-96ECF029EF6A}C:\program files\padworld entertainment\world of padman 1.5\wop.exe" = protocol=17 | dir=in | app=c:\program files\padworld entertainment\world of padman 1.5\wop.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2CD0168D-FBBC-4667-8810-105CB6EC6348}" = HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3E67F68D-3797-4B6A-B02C-27BC98DFEBDA}" = Fast Track Pro
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.2
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5727583F-3530-45FD-B09E-7E1CB6C135AD}" = DJ_SF_06_D1600_SW_Min
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9FE15B75-8AD9-4A6F-A57A-7E7C03C4CBEB}" = StarOffice 8
"{A6C2D216-9DAE-43F9-8EFF-F0445E973F52}_is1" = GW-Value
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B1CBE507-887F-4CAE-A84C-9E0F6C81B870}" = StarOffice 8 Product Update 12
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EAE8CF06-28CA-4213-839C-A32817A47E00}" = D1600
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.57
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BestPractice" = BestPractice (remove only)
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"doPDF 7 printer_is1" = doPDF 7.2 printer
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DynaGeo_is1" = DynaGeo 3.0f
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"GameSpy Arcade" = GameSpy Arcade
"Gothic II" = Gothic II
"Guild Wars" = GUILD WARS
"GuildWars Visions_is1" = GuildWars Visions v1.08
"Guitar Pro 5_is1" = Guitar Pro 5.2
"GXTranscoder v2" = GXTranscoder v2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ICQToolbar" = ICQ Toolbar
"iDump" = iDump (Backing up your iPod)
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metin2_is1" = Metin2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mumble" = Mumble and Murmur
"MuPAD Pro 4.0_is1" = MuPAD Pro 4.0.6
"Niki" = Niki
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"Project Nomads" = Project Nomads
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shop for HP Supplies" = Shop for HP Supplies
"StarCraft II" = StarCraft II
"Steam App 11020" = TrackMania Nations Forever
"Steam App 211" = Source SDK
"Steam App 220" = Half-Life 2
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Urban Terror_is1" = Urban Terror 4.1
"VCam 3.1_is1" = VCam 3.1.1
"World of Padman" = World of Padman
"World of Padman 1.5" = World of Padman 1.5
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.12.2010 01:50:26 | Computer Name = Volker-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.12.2010 07:33:04 | Computer Name = Volker-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.12.2010 07:33:15 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.12.2010 07:33:15 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.12.2010 07:34:09 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.12.2010 07:34:14 | Computer Name = Volker-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cledx.exe, Version 0.3.1412.777, Zeitstempel
0x427ec9c6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x004605d2, Prozess-ID 0x524, Anwendungsstartzeit
01cb9ea76b72d760.
 
Error - 18.12.2010 07:38:14 | Computer Name = Volker-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.12.2010 07:38:16 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.12.2010 07:38:16 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.12.2010 07:38:17 | Computer Name = Volker-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 23.03.2011 11:56:04 | Computer Name = Volker-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 23.03.2011 11:56:39 | Computer Name = Volker-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 23.03.2011 11:56:39 | Computer Name = Volker-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.101 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 23.03.2011 11:57:50 | Computer Name = Volker-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.03.2011 15:07:47 | Computer Name = Volker-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 24.03.2011 10:22:37 | Computer Name = Volker-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 24.03.2011 10:22:55 | Computer Name = Volker-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 24.03.2011 10:22:55 | Computer Name = Volker-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.101 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
 
Error - 24.03.2011 10:24:16 | Computer Name = Volker-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.03.2011 10:26:37 | Computer Name = Volker-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---



Ich hoffe mir kann jemand helfen,

mfg.

 

Themen zu Dateien nach Windows Diagnostic
32 bit, 7-zip, adware.gamespyarcade, antivir, audacity, avgntflt.sys, avira, bho, bonjour, conduit, converter, downloader, error, excel.exe, firefox, flash player, home, iexplore.exe, install.exe, ip-adresse, location, logfile, metin2, microsoft office 2003, microsoft office word, mozilla, mp3, nvlddmkm.sys, office 2007, oldtimer, otl scan, otl.exe, pando media booster, plug-in, programdata, realtek, registry, rootkit.tdss.gen, saver, scan, sched.exe, searchplugins, security, security update, server, shell32.dll, skype.exe, software, start menu, svchost.exe, teamspeak, trojan.dropper.pgen, trojaner, vista, windows, ändern




Ähnliche Themen: Dateien nach Windows Diagnostic


  1. Win 7 - AVG entdeckt Virus - *.sys dateien im windows ordner- Nach Löschung entstehen neue befallene Dateien
    Plagegeister aller Art und deren Bekämpfung - 14.09.2013 (13)
  2. Windows Diagnostic vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (11)
  3. Nach dem "Windows diagnostic" virus- alle programme wird nicht angezeigt+ skype funzt. nicht
    Plagegeister aller Art und deren Bekämpfung - 24.04.2011 (6)
  4. HDD Diagnostic entfernt,Desktop ist fast leer u. kein Zugriff auf Programme u. Dateien
    Plagegeister aller Art und deren Bekämpfung - 17.04.2011 (36)
  5. Windows Diagnostic - Verzeichnisse unsichtbar
    Plagegeister aller Art und deren Bekämpfung - 06.04.2011 (15)
  6. Windows Diagnostic - richtig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 05.04.2011 (23)
  7. Windows Diagnostic, Daten wiederherstellen
    Log-Analyse und Auswertung - 02.04.2011 (28)
  8. Windows diagnostic Trojaner, Logs
    Log-Analyse und Auswertung - 27.03.2011 (10)
  9. Windows Diagnostic - Opfer -
    Plagegeister aller Art und deren Bekämpfung - 24.03.2011 (6)
  10. Windows Diagnostic Malware entfernen
    Log-Analyse und Auswertung - 24.03.2011 (4)
  11. Windows Diagnostic wirklich entfernt? - Log files
    Plagegeister aller Art und deren Bekämpfung - 24.03.2011 (16)
  12. Windows Diagnostic und Folgen
    Log-Analyse und Auswertung - 24.03.2011 (8)
  13. Windows Diagnostic Desktop Symbole verschunden
    Plagegeister aller Art und deren Bekämpfung - 22.03.2011 (1)
  14. Windows Diagnostic - entfernt oder nicht?
    Log-Analyse und Auswertung - 22.03.2011 (1)
  15. Virus Windows Diagnostic > Alle Dateien gelöscht
    Log-Analyse und Auswertung - 22.03.2011 (1)
  16. Lösung zu Windows Diagnostic - Dateien sind nicht weg!
    Log-Analyse und Auswertung - 22.03.2011 (0)
  17. Windows Diagnostic entfernen
    Anleitungen, FAQs & Links - 18.03.2011 (2)

Zum Thema Dateien nach Windows Diagnostic - Hallo, ich hatte vor einigen Tagen den Trojaner "Windows Diagnostic" auf meinem Pc. Konnte ihn mit der guten Anleitung hier aus dem Forum schnell entfernen. Allerdings werden jetzt sämtliche Dateien, - Dateien nach Windows Diagnostic...
Archiv
Du betrachtest: Dateien nach Windows Diagnostic auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.