Trojaner-Board - Trojaner, HiJACK log Positiv, mehr geht nicht!

die OTL file erstmal, MAlware sollte später folgen :

Code:

OTL logfile created on: 28.04.2010 15:34:41 - Run 1

OTL by OldTimer - Version 3.2.3.0     Folder = C:\Users\Thomas\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free

6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 445,76 Gb Total Space | 48,03 Gb Free Space | 10,77% Space Free | Partition Type: NTFS

Drive D: | 19,99 Gb Total Space | 10,52 Gb Free Space | 52,63% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: WOMB3RT

Current User Name: Thomas

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - C:\Valve\Steam\Steam.exe (Valve Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Users\Thomas\AppData\Local\Temp\Qdt.exe ()

PRC - C:\Users\Thomas\AppData\Local\Temp\Qds.exe ()

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)

PRC - C:\Users\Thomas\Program Files\DNA\btdna.exe (BitTorrent, Inc.)

PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Programme\Sandboxie\SbieCtrl.exe (tzuk)

PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk)

PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation)

PRC - C:\Programme\Veoh\Veoh\VeohClient.exe (Veoh Networks)

PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Programme\PowerStrip\PStrip.exe (EnTech Taiwan)

PRC - C:\Programe\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()

PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()

PRC - C:\Programme\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)

PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)

PRC - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)

PRC - C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)

PRC - C:\Programme\Intel\IntelDH\CCU\CCU_Engine.exe (Intel(R) Corporation)

PRC - C:\Programme\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)

PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel(R) Corporation)

PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)

PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)

PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)

PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)

PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)

PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()

PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)

PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)

PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()

PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Thomas\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirUpgradeService) --  File not found

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3653.dll ()

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (tzuk)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()

SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()

SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)

SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)

SRV - (QualityManager) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe (Intel(R) Corporation)

SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)

SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)

SRV - (DHTRACE) Intel(R) -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel(R) Corporation)

SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)

SRV - (NMSCore) Intel(R) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)

SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()

SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)

SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()

SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®)

SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)

DRV - (PStrip) -- C:\Windows\System32\drivers\pstrip.sys (EnTech Taiwan)

DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()

DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)

DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)

DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology)

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:3.3

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.0.3

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4

FF - prefs.js..extensions.enabledItems: ChoiceGuard@Microsoft:2.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.02.19 14:52:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.27 14:24:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 11:06:14 | 000,000,000 | ---D | M]

 

[2008.07.06 22:05:56 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions

[2010.04.28 15:31:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions

[2009.09.02 16:48:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2008.10.23 20:17:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2008.08.25 18:01:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010.04.02 14:00:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions\ChoiceGuard@Microsoft

[2009.02.07 22:26:57 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions\firefox@tvunetworks.com

[2009.03.25 13:42:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\tfl3rq40.default\extensions\moveplayer@movenetworks.com

[2010.04.27 15:07:49 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-1.xml

[2009.07.22 23:19:03 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-10.xml

[2009.08.06 18:43:07 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-11.xml

[2009.09.10 22:42:26 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-12.xml

[2009.10.30 11:42:16 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-13.xml

[2009.12.22 22:44:38 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-14.xml

[2010.01.06 21:59:32 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-15.xml

[2010.02.20 12:01:21 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-16.xml

[2010.04.02 13:20:08 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-17.xml

[2008.04.17 18:34:00 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-2.xml

[2008.05.01 00:48:42 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-3.xml

[2009.03.24 17:13:42 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-4.xml

[2009.03.28 20:16:09 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-5.xml

[2009.04.23 23:41:08 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-6.xml

[2009.04.30 03:44:38 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-7.xml

[2009.06.14 00:32:01 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-8.xml

[2009.06.14 01:25:40 | 000,000,950 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin-9.xml

[2009.03.01 14:02:44 | 000,000,944 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\tfl3rq40.default\searchplugins\icqplugin.xml

[2009.03.24 10:51:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2009.03.24 10:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.02.19 10:21:33 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.02.19 10:21:33 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.02.19 10:21:33 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.02.19 10:21:33 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.02.19 10:21:33 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: ::1             localhost

O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (adShotHlpr Object) - {5EFBB77D-E919-497A-8EB8-4A255B947383} - C:\Windows\System32\atomdzty.dll File not found

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)

O4 - HKLM..\Run: [ezLife]  File not found

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )

O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)

O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: []  File not found

O4 - HKCU..\Run: [AdobeUpdater] C:\Programme\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [BGNewsAgent] C:\Program Files\BullGuard Software\BullGuard\BgNewsUI.exe File not found

O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Thomas\Program Files\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programe\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU..\Run: [jkklmmdrv] c:\users\thomas\appdata\local\temp\fccdbx.DLL ()

O4 - HKCU..\Run: [PlayNC Launcher]  File not found

O4 - HKCU..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (tzuk)

O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Steam] c:\valve\steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [userinit] C:\Users\Thomas\AppData\Roaming\sdra64.exe ()

O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh\Veoh\VeohClient.exe (Veoh Networks)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\Thomas\AppData\Local\Temp\Qdt.exe ()

O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()

O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk = C:\Programme\PowerStrip\PStrip.exe (EnTech Taiwan)

O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Programme\Taskleiste Ding\ObjectDock\ObjectDock.exe (Stardock)

O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM ()

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\PartyPoker\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Spiele\PartyPoker\PartyPoker\RunApp.exe ()

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{512ecefa-08ba-11dd-8a12-001d927395f1}\Shell - "" = AutoRun

O33 - MountPoints2\{512ecefa-08ba-11dd-8a12-001d927395f1}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.04.28 15:33:07 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe

[2010.04.25 09:54:02 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\backups

[2010.04.25 03:14:52 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Thomas\Desktop\HijackThis.exe

[2010.04.25 03:10:15 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes

[2010.04.25 03:10:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.04.25 03:10:02 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.04.25 03:10:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.04.25 03:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.04.25 03:08:21 | 005,918,776 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Thomas\Desktop\mbam-setup.com

[2010.04.24 22:43:47 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Avira

[2010.04.24 22:37:13 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2010.04.24 22:37:13 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2010.04.24 22:37:13 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys

[2010.04.24 22:37:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2010.04.24 22:37:13 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys

[2010.04.24 22:05:12 | 000,000,000 | ---D | C] -- C:\Programme\Conduit

[2010.04.24 16:49:52 | 000,000,000 | ---D | C] -- C:\Programme\ezLife

[2010.04.24 16:47:07 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\6095BE1BF7DDA9FB6113ACE91B4916DC

[2010.04.24 16:47:04 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\AppData\Roaming\lowsec

[2010.04.17 00:05:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype

[2010.04.16 20:16:58 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\RT

[2010.04.15 18:14:04 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\BDR

[2010.04.15 02:35:49 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010.04.15 02:35:48 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010.04.15 02:35:47 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2010.04.15 02:35:45 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm

[2010.04.15 02:35:45 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm

[2010.04.12 02:09:28 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\PokerStars

[2010.04.12 02:09:10 | 000,000,000 | ---D | C] -- C:\Programme\PokerStars

[2010.04.02 14:00:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Tracing

[2010.04.02 14:00:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft

[2010.04.02 13:59:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2010.04.02 13:59:42 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive

[2010.04.02 13:57:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live

[2010.03.30 19:16:36 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010.03.30 19:16:36 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010.03.30 19:16:36 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010.03.30 19:16:36 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010.03.30 19:16:36 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010.03.30 19:16:36 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010.03.30 19:16:36 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010.03.30 19:16:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2010.03.30 19:16:36 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010.03.30 19:16:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010.03.30 19:16:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010.03.30 19:16:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010.03.30 19:16:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010.03.30 19:16:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010.03.30 19:16:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.04.28 15:39:28 | 012,845,056 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT

[2010.04.28 15:35:15 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.04.28 15:35:15 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.04.28 15:35:15 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.04.28 15:35:14 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.04.28 15:35:14 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.04.28 15:35:06 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1C0EC778-19CE-45A0-8E79-D6D5F574167C}.job

[2010.04.28 15:33:07 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe

[2010.04.28 15:32:01 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

[2010.04.28 15:31:30 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010.04.28 15:28:01 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010.04.28 15:27:35 | 000,006,779 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\PStrip.ini

[2010.04.28 15:27:35 | 000,006,779 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\PStrip.bak

[2010.04.28 15:27:16 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010.04.28 15:27:15 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.04.28 15:27:15 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.04.28 15:27:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.04.28 15:27:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.04.28 15:27:08 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys

[2010.04.27 16:21:07 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2010.04.27 16:21:07 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2010.04.27 16:20:57 | 000,009,180 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\PStrip.bk!

[2010.04.27 16:20:55 | 005,119,217 | -H-- | M] () -- C:\Users\Thomas\AppData\Local\IconCache.db

[2010.04.27 15:48:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010.04.27 14:43:03 | 000,006,779 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\PStrip.bko

[2010.04.25 18:00:04 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job

[2010.04.25 18:00:03 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Thomas.job

[2010.04.25 10:50:40 | 000,002,379 | ---- | M] () -- C:\Users\Thomas\Desktop\Skype.lnk

[2010.04.25 10:48:32 | 000,081,920 | ---- | M] () -- C:\Users\Thomas\Desktop\fragebogen für Pat2.222.doc

[2010.04.25 03:14:22 | 000,318,369 | ---- | M] () -- C:\Users\Thomas\Desktop\HiJackThis.zip

[2010.04.25 03:10:06 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.04.25 03:08:27 | 005,918,776 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Thomas\Desktop\mbam-setup.com

[2010.04.24 23:42:33 | 000,007,592 | ---- | M] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat

[2010.04.24 22:37:20 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010.04.24 22:22:56 | 042,341,360 | ---- | M] () -- C:\Users\Thomas\Desktop\avira_antivir_personal_de.exe

[2010.04.23 22:25:45 | 000,002,158 | ---- | M] () -- C:\Windows\Sandboxie.ini

[2010.04.23 20:29:38 | 000,781,454 | ---- | M] () -- C:\Users\Thomas\Desktop\IMG_0306.JPG

[2010.04.23 15:21:36 | 000,174,592 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.04.20 09:39:56 | 000,081,920 | ---- | M] () -- C:\Users\Thomas\Desktop\fragebogen für Pat2.1.doc

[2010.04.20 09:37:31 | 000,031,158 | ---- | M] () -- C:\Users\Thomas\Desktop\fragebogen für Pat.2.odt

[2010.04.20 09:11:33 | 000,018,235 | ---- | M] () -- C:\Users\Thomas\Desktop\fragebogen für patienten.odt

[2010.04.15 10:02:51 | 000,088,064 | ---- | M] () -- C:\Users\Thomas\Desktop\Unterricht Psychiatrie.ppt

[2010.04.15 10:02:34 | 000,455,260 | ---- | M] () -- C:\Users\Thomas\Desktop\ZusammenfassungPsychiatrischePflege.pdf

[2010.04.13 15:50:18 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2010.04.13 13:18:59 | 000,409,600 | ---- | M] () -- C:\Users\Thomas\Desktop\darkfix.exe

[2010.04.12 02:09:26 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk

[2010.04.09 13:17:37 | 000,519,975 | ---- | M] () -- C:\Users\Thomas\Desktop\IMG_0330.JPG

[2010.04.09 12:56:26 | 000,626,212 | ---- | M] () -- C:\Users\Thomas\Desktop\IMG_0329.JPG

[2010.04.06 19:53:49 | 000,072,192 | ---- | M] () -- C:\Users\Thomas\Desktop\Bewerbung hamburg1.2.doc

[2010.04.06 19:50:00 | 000,038,400 | ---- | M] () -- C:\Users\Thomas\Desktop\Lebenslauf.doc

[2010.04.06 19:39:01 | 000,033,792 | ---- | M] () -- C:\Users\Thomas\Desktop\Bewerbung hamburg1.doc

[2010.04.03 17:08:07 | 000,003,178 | ---- | M] () -- C:\Users\Thomas\Desktop\cfg.rar

[2010.04.02 14:00:31 | 000,000,764 | ---- | M] () -- C:\Users\Thomas\Documents\Meine freigegebenen Ordner.lnk

[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

 
 ========== Files Created - No Company Name ==========

 

[2010.04.25 10:50:33 | 000,002,379 | ---- | C] () -- C:\Users\Thomas\Desktop\Skype.lnk

[2010.04.25 10:48:31 | 000,081,920 | ---- | C] () -- C:\Users\Thomas\Desktop\fragebogen für Pat2.222.doc

[2010.04.25 03:14:21 | 000,318,369 | ---- | C] () -- C:\Users\Thomas\Desktop\HiJackThis.zip

[2010.04.25 03:10:06 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.04.24 22:37:20 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010.04.24 22:22:22 | 042,341,360 | ---- | C] () -- C:\Users\Thomas\Desktop\avira_antivir_personal_de.exe

[2010.04.24 16:55:05 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010.04.24 16:47:06 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

[2010.04.20 09:39:55 | 000,081,920 | ---- | C] () -- C:\Users\Thomas\Desktop\fragebogen für Pat2.1.doc

[2010.04.20 09:37:31 | 000,031,158 | ---- | C] () -- C:\Users\Thomas\Desktop\fragebogen für Pat.2.odt

[2010.04.20 09:11:33 | 000,018,235 | ---- | C] () -- C:\Users\Thomas\Desktop\fragebogen für patienten.odt

[2010.04.15 10:02:50 | 000,088,064 | ---- | C] () -- C:\Users\Thomas\Desktop\Unterricht Psychiatrie.ppt

[2010.04.15 10:02:33 | 000,455,260 | ---- | C] () -- C:\Users\Thomas\Desktop\ZusammenfassungPsychiatrischePflege.pdf

[2010.04.13 22:10:30 | 000,003,178 | ---- | C] () -- C:\Users\Thomas\Desktop\cfg.rar

[2010.04.13 15:50:18 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2010.04.13 13:18:56 | 000,409,600 | ---- | C] () -- C:\Users\Thomas\Desktop\darkfix.exe

[2010.04.12 02:09:26 | 000,000,862 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk

[2010.04.09 13:24:14 | 000,519,975 | ---- | C] () -- C:\Users\Thomas\Desktop\IMG_0330.JPG

[2010.04.09 13:24:12 | 000,626,212 | ---- | C] () -- C:\Users\Thomas\Desktop\IMG_0329.JPG

[2010.04.06 19:53:47 | 000,072,192 | ---- | C] () -- C:\Users\Thomas\Desktop\Bewerbung hamburg1.2.doc

[2010.04.06 19:49:59 | 000,038,400 | ---- | C] () -- C:\Users\Thomas\Desktop\Lebenslauf.doc

[2010.04.06 19:39:01 | 000,033,792 | ---- | C] () -- C:\Users\Thomas\Desktop\Bewerbung hamburg1.doc

[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2009.10.20 14:39:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.06.11 21:38:11 | 000,002,158 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2008.06.14 16:45:16 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2008.06.14 16:45:09 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2008.05.11 10:29:16 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2008.05.11 10:29:16 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2008.05.04 18:56:46 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini

[2008.04.21 14:01:07 | 000,000,063 | ---- | C] () -- C:\Windows\wininit.ini

[2008.04.12 19:59:11 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2008.02.19 16:49:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008.02.19 16:49:48 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll

[2008.02.19 16:49:48 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll

[2008.02.19 15:05:59 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2008.02.19 15:05:58 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2008.02.19 15:04:36 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI

[2008.02.19 11:28:59 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.06.23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

< End of report >

und die OTL Extras.txt

Code:

OTL Extras logfile created on: 28.04.2010 15:34:41 - Run 1

OTL by OldTimer - Version 3.2.3.0     Folder = C:\Users\Thomas\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free

6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 445,76 Gb Total Space | 48,03 Gb Free Space | 10,77% Space Free | Partition Type: NTFS

Drive D: | 19,99 Gb Total Space | 10,52 Gb Free Space | 52,63% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: WOMB3RT

Current User Name: Thomas

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01212A57-44D4-4039-9B78-2103B597717B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 

"{02B19D77-266C-4116-8326-E080DC71949A}" = rport=139 | protocol=6 | dir=out | app=system | 

"{05FAF54E-D9C2-41CD-BAA9-18EBB97A584F}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{106933CF-BA83-4CEB-BC6A-CAAA2146AD95}" = rport=137 | protocol=17 | dir=out | app=system | 

"{14F46104-A5C5-4EB2-8F2A-ABD088D045C0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{16DA6AE4-DBA7-4F58-91FD-C8AACA268B63}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery | 

"{25A4CA32-8173-4909-A12D-62F5583DC3DE}" = lport=139 | protocol=6 | dir=in | app=system | 

"{3F3ECE08-D866-4AD0-858C-4C64EE7D03CE}" = rport=138 | protocol=17 | dir=out | app=system | 

"{404E5100-763F-4D51-A5E4-1B6023873B38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{449340CC-CD1E-4679-83C5-449E6F69B103}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 

"{4B05DD1F-BAE6-4BC0-9662-FDD97F169F4B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{4C82585B-DB79-4B0F-A954-79923D464162}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 

"{4E42CAA0-999A-4447-BD51-51293B7EAD59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 

"{607A16F7-07FB-4D94-A5E2-5F3D59C90EF4}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{6CCFF1E0-5A30-4C08-8EF3-0A45BF98906F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{718F5A09-6615-4CAA-A32C-929499A86AA9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 

"{73F5FA9B-47D2-484D-8157-FB58202796D2}" = lport=137 | protocol=17 | dir=in | app=system | 

"{7473E83E-D439-40BE-BA04-785E0136833E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{75DCCF0F-46A0-4107-9D81-0943B8F8750A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{833DA793-6FC9-47F9-884B-FC4455C1CC1C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 

"{8F2DF4FC-FD1C-4C40-8622-BE3D64349693}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery | 

"{92962189-9CF4-4E1A-828D-5CEAF54C497E}" = lport=138 | protocol=17 | dir=in | app=system | 

"{9317E70F-B91F-41BF-9228-25AA224D3914}" = lport=445 | protocol=6 | dir=in | app=system | 

"{9B7D29EB-8401-45F9-9A2F-5239CB8EFA74}" = rport=2869 | protocol=6 | dir=out | app=system | 

"{9BD1BE4F-EA1C-48D5-83FD-5B012C1ED070}" = rport=445 | protocol=6 | dir=out | app=system | 

"{AC218812-9EF2-4AAD-AC77-26575F86CFFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 

"{AE38952A-6FBC-4A20-BCC9-5585E4318AEB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{B56C4B3B-B919-4016-A18E-6D0A1C6B7306}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{BD95086A-DECB-4C5E-8379-8BF09FDD81BD}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{C901F090-AD82-4546-B5A3-7FACC1582659}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{D5D9F8F6-1368-466B-AB89-DA8DEB9BE7B4}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface | 

"{D9BF3BCB-6B52-414C-A2E2-97AC93E2EB9A}" = lport=28366 | protocol=6 | dir=in | name=azureus | 

"{E06AD4A5-6288-49A3-9260-25495BEB6B8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00FA4EAA-0EB0-4FD1-BCDF-0994D3498FEE}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 

"{0103BA84-73D4-4560-9A15-B95243B6856E}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed\assassinscreed_launcher.exe | 

"{06BDD21C-0A69-458A-AC74-BB1458C4E1B1}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed\assassinscreed_dx9.exe | 

"{08BF464A-27CC-4A73-9DA7-3B4096851584}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 

"{09D70BC7-64EC-4B3D-89BB-C594ACD9D04B}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 

"{1BF7AE71-CD80-4CE2-B1E4-CCFF10E62A9C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 

"{20028EB4-015E-45BB-9BF4-0FA2400C87E5}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 

"{2060CB42-CDD1-4CA4-9C88-5DD4DADDC42B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 

"{2209B862-0FC6-41D0-AF7E-0685A9F34742}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"{2261E2B2-7B92-4881-9803-89A2BC444ACF}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{23141A48-3CA1-44E7-80E9-5BC4993C0C06}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{26E72F3E-AC7A-4D0E-8FAE-00E69000FE70}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{2EF4C937-07CA-4FEC-A672-1ACA2B9F9BE6}" = protocol=17 | dir=in | app=c:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx9.exe | 

"{33B60BE0-F651-45D4-A5AE-3A6F066547C5}" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe | 

"{3FCD6E52-9137-425C-B6BA-2B330958009A}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{46008ADD-40B4-4AC7-A691-ABC443E7A505}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{4A19AB5D-5312-4EE9-B59E-4BA7249B0BF0}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 

"{4C77FD1F-0A87-4C4B-8ADD-476A4D9A448D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{5087BE1E-1068-4359-ACE9-A972E3ECB5A4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{5DD10A86-F424-4C7C-BBA9-1F63B3663A47}" = protocol=6 | dir=in | app=c:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx10.exe | 

"{5F729969-C49F-48A4-9793-386678AD269C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{620F6F8E-F791-4F2A-9A1C-557419CC9D87}" = protocol=6 | dir=in | app=c:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx9.exe | 

"{63A2D57C-F466-41DD-B2A0-910B0D90EC72}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 

"{6595D3AD-0FBB-41A6-8E5F-5F5EF9C3662A}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed\assassinscreed_launcher.exe | 

"{700753F8-0BC6-469F-8CAE-6069CDCC0371}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 

"{70799646-B73A-40C6-8717-F91B6E38C168}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 

"{73C75508-F1BD-4A28-BB67-56C57C79A573}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 

"{7BF2D859-36AA-4EB2-B71E-A471BCEF5539}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 

"{83B8F66E-4862-4FD4-B744-3F44F56B6765}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 

"{850CBDDC-B319-41D0-828D-5B182D38EBCB}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 

"{85223B3A-2D6C-4359-9A68-9C6B31FB1B81}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 

"{8770E655-2C68-4DF5-B5C4-702B68CAF5AB}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed\assassinscreed_dx10.exe | 

"{93572C49-0CFE-44F8-8256-58E25C132FCF}" = protocol=6 | dir=in | app=c:\spiele\ubisoft\assassin's creed\assassinscreed_dx10.exe | 

"{93EE9637-2D2F-47F5-AB42-237760B22282}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"{95ADDE3D-E2E7-4D45-964F-FE6342E813C7}" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe | 

"{999F367E-1A74-4543-9B47-AF6A535088D0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 

"{9D595453-CD4A-4CFF-9FFD-136623996ED8}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 

"{9F501015-5EEA-49F7-87E6-507D3B1A9D47}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 

"{A2AAE02A-335B-427D-AC74-005710FABA80}" = protocol=17 | dir=in | app=c:\spiele\ubisoft\assassin's creed\assassinscreed_dx9.exe | 

"{A7D5C559-78E8-4172-ADD1-5BD35E1F5088}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 

"{A96BB2BD-409A-42B9-A526-2B3717225E15}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 

"{B0F3A79B-994A-40E5-9FCE-BD658D40D43E}" = protocol=17 | dir=in | app=c:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx10.exe | 

"{B2B7A17A-C346-40E4-91DB-6E32448FE1AF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{B5A9E8A1-4646-41C1-919A-CCC1FC15FCEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{BEB8776E-1940-443C-B0CB-5C7603B59201}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{C256B297-66B2-47C9-A5C1-13634F018CAF}" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe | 

"{C338D500-CB52-4FC9-93A8-A083C9048E23}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 

"{C545E12F-4671-4657-A8F8-D33777DA5D29}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 

"{C6812261-0A3C-43C2-8949-9AE5157D671F}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 

"{CADD04FB-0028-492F-99AD-8C962115A357}" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe | 

"{CCD7356D-4D90-4FE0-8CD9-3C268DC1C236}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{D0FF87D6-8FF7-4970-AAE7-0F7F0F116DA4}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 

"{F16DA657-8928-4778-8937-BB90910F5002}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 

"{F3ECBA52-9DCC-47F6-A021-9E923C2C2B01}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 

"{FAB39011-5016-4568-B726-7064EE53E7F3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 

"{FB0CBA55-13A8-40B5-8221-598E452745FE}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 

"TCP Query User{0513570A-B9F5-4308-91EC-4C0CB134DAAE}C:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe | 

"TCP Query User{0A922DC4-B089-45C0-86A6-0DDC54760B3E}C:\users\thomas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 

"TCP Query User{1B777E43-924B-40B8-AE45-32B917489FA2}C:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe | 

"TCP Query User{1E2CC95F-5B05-4993-BC90-F41FE8FA1B1A}C:\programe\azureusneu\azureus.exe" = protocol=6 | dir=in | app=c:\programe\azureusneu\azureus.exe | 

"TCP Query User{1FE4DB7B-8565-4C8A-A15F-9A540DF48D50}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 

"TCP Query User{27FEC7EF-38FA-4CD1-928B-8042430F715A}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 

"TCP Query User{2F45887D-63C3-4C5F-A1B8-AD71E9BFDA55}C:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx9.exe" = protocol=6 | dir=in | app=c:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx9.exe | 

"TCP Query User{4B7C037E-CD04-4530-8109-D261846256C3}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 

"TCP Query User{5177332C-0505-44F0-924E-C362E5EBD118}C:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe | 

"TCP Query User{5A070264-1806-483C-820F-4ACCD07AF252}C:\programe\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\programe\azureus\azureus.exe | 

"TCP Query User{756EAA51-BABB-4DB6-9710-505129D6C9D4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{82347B93-EE1A-4152-BC2D-B2A35D5527BF}C:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe | 

"TCP Query User{8B32BA07-DED8-4F6A-8DBF-7069546508F3}C:\spiele\codemasters\dirt\dirt.exe" = protocol=6 | dir=in | app=c:\spiele\codemasters\dirt\dirt.exe | 

"TCP Query User{8CF23B72-367D-4F99-BE34-4611D214F34F}C:\users\thomas\desktop\wow-burningcrusade-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\thomas\desktop\wow-burningcrusade-dede-installer-downloader.exe | 

"TCP Query User{8DB46259-9728-491B-A9A0-F3E1BFF210E5}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{974817BC-0D45-4891-9CDD-A66671DFF3C3}C:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe | 

"TCP Query User{9A6996B1-61CF-48A6-9425-CB606E578270}C:\users\thomas\desktop\wow-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\thomas\desktop\wow-dede-installer-downloader.exe | 

"TCP Query User{9B3F5298-C001-4FA7-9EB2-1E586C1FEAFD}C:\program files\veoh\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh\veoh\veohclient.exe | 

"TCP Query User{A31EF5CD-A91E-4F8F-B847-CD09A70B713C}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 

"TCP Query User{B6A0ED3D-97BE-4B64-ADFC-00171F6C48A2}C:\users\thomas\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\thomas\program files\dna\btdna.exe | 

"TCP Query User{B6BC4731-C08F-4600-B5D8-F487DD122D58}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"TCP Query User{B7804516-76D9-43F3-91EC-0A393F9A23B5}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 

"TCP Query User{BFE4B3A5-C0D7-48E7-A17C-E43FE096ED24}C:\users\thomas\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\thomas\program files\dna\btdna.exe | 

"TCP Query User{C257F0D8-7005-4F8A-BE1E-75DF60535207}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"TCP Query User{D177F33B-A984-4D71-BD57-A3FEA08C9080}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 

"TCP Query User{E08130AD-7A14-4B22-83BD-B059456C9F1A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{E7823984-35B5-44E4-95E5-D1497F4BEEEA}C:\program files\veoh\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh\veoh\veohclient.exe | 

"TCP Query User{E78BF628-3C12-466F-AC33-BE7685D214BB}C:\valve\steam\steamapps\wandersmann\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\half-life 2 deathmatch\hl2.exe | 

"TCP Query User{EDAEC49B-006E-48C1-A624-EDD6C30EA46A}C:\valve\steam\steamapps\common\lost planet dx10 trial\lostplanetdx10.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\common\lost planet dx10 trial\lostplanetdx10.exe | 

"TCP Query User{EE5398C4-1626-439F-BDCF-8442DD210EE4}C:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe | 

"TCP Query User{F2DEB97B-681C-4C1E-AF36-C05645B0CD36}C:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe | 

"TCP Query User{F33A5DB7-FFAF-4197-83E7-7C693FFA5F7A}C:\programe\azureusneu\azureus.exe" = protocol=6 | dir=in | app=c:\programe\azureusneu\azureus.exe | 

"TCP Query User{FF7CECCB-C7FF-4ADC-892C-D404D9043CE0}C:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe | 

"UDP Query User{0BCF05B1-5D57-438D-9E49-B10884CAA5F4}C:\users\thomas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 

"UDP Query User{152C7085-DAE0-450A-ADE5-E0B177457A07}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{1E5F289D-ED7B-41D0-82DA-0459E4E0A588}C:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe | 

"UDP Query User{2BCF3053-C44B-4CAD-9665-CA7F70E946D8}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{2C8C2B56-E4D6-4CDA-8286-6476F2AFAFA0}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 

"UDP Query User{3C1CDD87-D818-4AE2-BD85-C7D5955B6F4A}C:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe | 

"UDP Query User{3D59F897-DEF3-4EB1-B11A-915ABD72CC83}C:\program files\veoh\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh\veoh\veohclient.exe | 

"UDP Query User{3F0B03EB-6111-4370-9A2B-F3D52C6DA764}C:\valve\steam\steamapps\common\lost planet dx10 trial\lostplanetdx10.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\common\lost planet dx10 trial\lostplanetdx10.exe | 

"UDP Query User{46E6475C-A7EF-4A52-87BD-A42DD440DFFC}C:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe | 

"UDP Query User{511705D9-A958-4CD8-BBB2-7D4D3486ED8A}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 

"UDP Query User{634D50D6-BB40-44E2-AA12-91A85F45B32D}C:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike source\hl2.exe | 

"UDP Query User{64EBD7B2-2E58-4877-86AC-526B71C6535B}C:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe | 

"UDP Query User{8154B5B8-BA18-4F93-A13B-1CE19EA81097}C:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx9.exe" = protocol=17 | dir=in | app=c:\spiele\capcom\lostplanetcolonies\lostplanetcoloniesdx9.exe | 

"UDP Query User{84123C1D-5006-4B5F-A88A-046EF3CF4625}C:\users\thomas\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\thomas\program files\dna\btdna.exe | 

"UDP Query User{8705B6B5-6FE0-4C3B-BCBE-6FB99FC40E02}C:\users\thomas\desktop\wow-burningcrusade-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\thomas\desktop\wow-burningcrusade-dede-installer-downloader.exe | 

"UDP Query User{9370B4CF-D2AB-4C8B-937A-81E26CFFE2CC}C:\spiele\codemasters\dirt\dirt.exe" = protocol=17 | dir=in | app=c:\spiele\codemasters\dirt\dirt.exe | 

"UDP Query User{948FB4C8-CCAC-4150-A62D-36D9C0785338}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 

"UDP Query User{98C9C5DF-CE99-4750-B2FD-D7DABCDECDC7}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 

"UDP Query User{AA476116-FFE1-4A98-B13F-8BFB4FA8B0F6}C:\programe\azureusneu\azureus.exe" = protocol=17 | dir=in | app=c:\programe\azureusneu\azureus.exe | 

"UDP Query User{AACAC9C1-797E-4C8F-9D53-D76B30E6EDCA}C:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\counter-strike\hl.exe | 

"UDP Query User{B9A64FB4-261A-4219-8924-55FF39A3592D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{BA79BE0C-D027-4E64-B5C0-162AE33FDB8C}C:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe | 

"UDP Query User{BE1D43CA-A85E-4185-8765-B55433C33B83}C:\programe\azureusneu\azureus.exe" = protocol=17 | dir=in | app=c:\programe\azureusneu\azureus.exe | 

"UDP Query User{BF784F69-B158-461B-BEFB-F906A6756C5A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"UDP Query User{BF9E368D-5E4F-486B-9A15-4106329D1DE8}C:\valve\steam\steamapps\wandersmann\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\half-life 2 deathmatch\hl2.exe | 

"UDP Query User{C34B53B8-1417-40DC-801C-D601C9E3BF81}C:\users\thomas\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\thomas\program files\dna\btdna.exe | 

"UDP Query User{C6DE5825-6D7A-4391-B4E5-380E01E5D129}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 

"UDP Query User{D28EA19C-4D0B-4F37-A3E2-181FEB47C2CF}C:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\valve\steam\steamapps\wandersmann\day of defeat source\hl2.exe | 

"UDP Query User{E0662AC3-AB5B-46CD-B4E9-497B1EBB1DF4}C:\users\thomas\desktop\wow-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\thomas\desktop\wow-dede-installer-downloader.exe | 

"UDP Query User{E4325CF2-97C6-4842-B6C2-2B920F6F2E73}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"UDP Query User{EE2B9BD2-4D62-4B88-A8DA-F1684BE38AE4}C:\programe\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\programe\azureus\azureus.exe | 

"UDP Query User{F9D1B3EF-6F1E-433B-9174-53EA89CD6C6D}C:\program files\veoh\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh\veoh\veohclient.exe | 

"UDP Query User{FBDB2CE3-4C02-4592-91D3-355295206BAA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable

"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth

"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}_is1" = Deinstallation der Arcor Online Software

"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3

"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6EEEF30E-0AD2-4AD9-B854-22F1488637C7}" = Two Worlds Control Panel 1.0.7

"{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{80A97464-A741-44B0-8AD6-0C16B1FEF7F6}" = Norton Security Scan

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source

"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13

"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0

"{BD5AEA80-86E6-4227-A093-6610BA0DF735}" = Windows Sidebar Styler

"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow

"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)

"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F06EB29F-FA6A-48E6-8F89-3BCB4B015383}" = Aion

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE)

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Akamai" = Akamai NetSession Interface

"ALDI Foto Manager Free Nord D" = ALDI Foto Manager Free Nord

"ALDI Foto Service Nord D" = ALDI Foto Service Nord

"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice

"ALDI Online Druck Service (Nord)" = ALDI Online Druck Service (Nord)

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Azureus" = Azureus

"bwin" = bwin Poker (remove only)

"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero

"Desktop DiaShow" = Desktop DiaShow

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition

"Foto-Mosaik_is1" = Foto-Mosaik 4.1.0

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"Google Desktop" = Google Desktop

"Google Updater" = Google Updater

"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (nur entfernen)

"Handbrake" = Handbrake 0.9.4

"ICQToolbar" = ICQ Toolbar

"InfernalGame" = Infernal

"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"Intel(R) Configuration Center" = Intel® Viiv™ Software

"LetsTrade" = LetsTrade Komponenten

"MakeTorrent 2" = MakeTorrent v2.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)

"NSSSetup.{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan (Symantec Corporation)

"NVIDIA Drivers" = NVIDIA Drivers

"ObjectDock" = ObjectDock

"OpenAL" = OpenAL

"PartyPoker" = PartyPoker

"PokerStars" = PokerStars

"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)

"PROSetDX" = Intel(R) PRO Network Connections 12.2.41.0

"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11

"RealPlayer 6.0" = RealPlayer

"Sandboxie" = Sandboxie 3.38

"Steam" = Steam

"Steam App 10" = Counter-Strike

"Steam App 13210" = Unreal Tournament 3

"Steam App 300" = Day of Defeat: Source

"Steam App 302" = Day of Defeat: Source Beta

"Steam App 400" = Portal

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"TeamViewer 5" = TeamViewer 5

"TmNationsForever_is1" = TmNationsForever

"TVUPlayer" = TVUPlayer 2.3.7.1

"Two Worlds" = Two Worlds

"Uninstall_is1" = Uninstall 1.0.0.1

"Vampire Slayer : Chapter V_is1" = Chapter V

"VentriloMIX" = VentriloMIX

"VLC media player" = VideoLAN VLC media player 0.8.6f

"Winamp" = Winamp

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"X10Hardware" = X10 Hardware(TM)

"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video

"Xvid_is1" = Xvid 1.1.3 final uninstall

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent DNA" = DNA

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >