Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner mit Webcam Win 7 64bit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.07.2012, 10:31   #1
Maedock
 
GVU Trojaner mit Webcam Win 7 64bit - Standard

GVU Trojaner mit Webcam Win 7 64bit



Hallo Zusammen

ich habe mir am Samstag den GVU TRojaner eingefangen, obwohl auf meinem PC AVIRA läuft und ich 2 Firewalls in Reihe davor geschaltet habe.

Nach Recherche im Netz habe ich dann den Kaspersky Unlocker laufen lassen, leider ohne Erfolg, der PC war immer noch gesperrt.

Habe auch keinerlei der immer wieder beschriebenen Einträge in der REG Datei gefunden.

Zu allerletzt habe ich dann einen Wiederherstellungspunkt vom 25.7. in Wondows aktiviert und seitdem läuft der PC wieder.

Vollscan mit Malwarebytes und Avira haben nichts auf dem PC gefunden.

Ich habe heute dann die 2 Dateien, wie beschrieben mit OTL generiert und diese hier angehängt.

Ist der Trojaner jetzt noch irgendwo auf meinem System?

Windows neu aufsetzen wäre für mich der GAU.

Vielen Dank schonmal vorab für Eure Hilfe

Claus
Angehängte Dateien
Dateityp: txt OTL.Txt (81,0 KB, 160x aufgerufen)

Alt 30.07.2012, 12:40   #2
Maedock
 
GVU Trojaner mit Webcam Win 7 64bit - Standard

GVU Trojaner mit Webcam Win 7 64bit



Hallo nochmals Zusammen

habe nun auch die 2 Logfiles direkt als Code eingefügt:




OTL.TXT:
Code:
ATTFilter
OTL logfile created on: 30.07.2012 10:58:55 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Claus\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 13,58 Gb Available Physical Memory | 85,01% Memory free
31,95 Gb Paging File | 29,40 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 213,80 Gb Total Space | 110,39 Gb Free Space | 51,63% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 741,07 Gb Free Space | 79,56% Space Free | Partition Type: NTFS
 
Computer Name: CLAUS-PC | User Name: claus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.30 10:50:35 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Claus\Downloads\OTL.exe
PRC - [2012.07.28 20:00:04 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.28 09:11:32 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.06.19 13:01:20 | 001,087,745 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
PRC - [2012.05.30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.05.14 14:00:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 14:00:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.14 14:00:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011.11.25 23:11:06 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\MMTaskbar\MultiMon.exe
PRC - [2011.08.13 14:51:24 | 000,030,568 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2011.08.13 14:50:20 | 000,138,600 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2011.06.28 09:18:36 | 000,605,032 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDFCreate\PdfCreate7Hook.exe
PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.05.13 22:48:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010.01.24 17:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009.02.24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.28 20:00:04 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012.06.28 09:11:32 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.11.25 23:11:06 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\MMTaskbar\MultiMon.exe
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011.09.08 19:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.28 20:00:04 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.28 09:11:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.19 13:01:20 | 001,087,745 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe -- (AntiVir Security Management Center Agent)
SRV - [2012.05.14 14:00:38 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.14 14:00:38 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 14:00:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.14 14:00:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.08.13 14:50:20 | 000,138,600 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010.10.27 17:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.24 17:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.14 14:00:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.14 14:00:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.10 11:39:39 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.09.08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.08 18:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.19 18:19:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.08.19 18:19:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.05.04 17:19:06 | 000,340,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010.12.10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.27 16:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 16:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 16:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 16:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 16:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 16:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.04.27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.01.12 19:43:40 | 000,037,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://companyweb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F AB B7 46 2A 0C CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{071F0C18-C493-4005-BAE4-0ED4DEDCB41B}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.28 09:11:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.23 13:57:56 | 000,000,000 | ---D | M]
 
[2012.01.19 15:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claus\AppData\Roaming\mozilla\Extensions
[2012.07.10 12:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\2hogd5sp.default\extensions
[2012.07.10 12:20:39 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\2hogd5sp.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.02.15 10:02:35 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Claus\AppData\Roaming\mozilla\Firefox\Profiles\2hogd5sp.default\extensions\DeviceDetection@logitech.com
[2012.03.22 13:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.19 16:47:00 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.01.19 16:47:00 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.06.28 09:11:32 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 09:11:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.28 09:11:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.28 09:11:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.28 09:11:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.28 09:11:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.28 09:11:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Claus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDFCreate\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFCreHook] C:\Program Files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort14reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ewenzel.net ([]https in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.8.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wenzel.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E00EBC-3810-476D-AA09-EE6CC038C52E}: DhcpNameServer = 192.168.8.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC686F8E-98FC-463E-8114-A77432D89269}: DhcpNameServer = 192.168.9.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.30 10:44:11 | 000,000,000 | R--D | C] -- C:\Users\Claus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012.07.28 18:31:34 | 000,000,000 | ---D | C] -- C:\Users\Claus\AppData\Roaming\Malwarebytes
[2012.07.28 18:31:23 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.28 18:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.28 18:31:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.28 18:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.12 04:00:17 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012.07.11 04:02:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 04:02:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 04:01:17 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 04:00:51 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.07.11 04:00:51 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.07.11 04:00:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 04:00:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 04:00:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 04:00:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 04:00:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 04:00:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 04:00:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 04:00:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 04:00:30 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 04:00:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 04:00:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 04:00:30 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 04:00:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 04:00:19 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.11 04:00:19 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.30 11:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.30 10:52:11 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.30 10:52:11 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.30 10:52:11 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.30 10:52:11 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.30 10:52:11 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.30 10:49:23 | 000,021,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 10:49:23 | 000,021,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.30 10:48:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.30 10:44:06 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.07.30 10:43:36 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.30 10:42:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.30 10:42:11 | 836,273,736 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.30 10:42:11 | 4276,817,918 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.28 20:00:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.28 20:00:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.28 18:31:23 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.28 18:01:02 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad
[2012.07.18 07:43:48 | 000,018,694 | ---- | M] () -- C:\Users\Claus\593217.PDF
[2012.07.11 04:08:40 | 000,446,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.28 18:31:23 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.28 16:28:22 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad
[2012.07.18 07:44:28 | 000,018,694 | ---- | C] () -- C:\Users\Claus\593217.PDF
[2012.05.10 13:45:23 | 000,004,612 | ---- | C] () -- C:\Users\Claus\fehlende Belege.pdf
[2012.03.27 17:05:50 | 000,000,828 | RHS- | C] () -- C:\Users\Claus\ntuser.pol
[2012.03.14 10:12:33 | 000,014,552 | ---- | C] () -- C:\Users\Claus\586350.PDF
[2012.03.08 16:45:13 | 000,043,662 | ---- | C] () -- C:\Users\Claus\586046.PDF
[2012.02.07 12:48:42 | 000,039,483 | ---- | C] () -- C:\Users\Claus\RICO.PDF
[2012.01.31 12:54:40 | 000,017,408 | ---- | C] () -- C:\Users\Claus\AppData\Local\WebpageIcons.db
[2012.01.23 10:27:48 | 000,007,597 | ---- | C] () -- C:\Users\Claus\AppData\Local\resmon.resmoncfg
[2012.01.20 06:38:36 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.19 23:19:48 | 000,006,148 | ---- | C] () -- C:\Users\Claus\.DS_Store
[2012.01.19 22:45:19 | 000,048,614 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.01.19 16:15:31 | 000,001,096 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.01.19 16:15:31 | 000,000,160 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.01.19 16:15:18 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.19 16:13:29 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012.01.19 16:13:29 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.01.19 16:13:29 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.01.19 16:08:02 | 000,000,334 | ---- | C] () -- C:\Windows\BRCALIB.INI
[2012.01.19 16:07:57 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.01.19 16:07:57 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.01.18 10:08:11 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.01.18 09:26:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.17 10:45:20 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.13 14:13:10 | 000,034,481 | ---- | C] () -- C:\Windows\MAXLINK.INI
 
========== LOP Check ==========
 
[2012.01.20 07:11:46 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\.oit
[2012.01.20 06:26:44 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\ADDISON
[2012.02.15 09:16:18 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\Foxit Software
[2012.01.26 12:10:34 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\FreePDF
[2012.01.20 06:37:40 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\GetRightToGo
[2012.01.23 12:35:25 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\KFZ-Fahrtenbuch 2
[2012.01.23 13:02:20 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\KFZ-Fahrtenbuch 2 Backup
[2012.03.22 13:47:25 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\KFZ-Fahrtenbuch 3
[2012.03.22 13:20:21 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\KFZ-Fahrtenbuch 3 Backup
[2012.01.19 11:50:52 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\Leadertech
[2012.01.20 07:05:56 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\Nuance
[2012.03.05 11:13:39 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\PC-FAX TX
[2012.04.17 12:20:34 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\Softland
[2012.02.02 16:48:56 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\TaskX
[2012.01.19 16:19:10 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\Windows Live Writer
[2012.03.27 17:05:50 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\Windows Small Business Server
[2012.01.20 06:41:39 | 000,000,000 | ---D | M] -- C:\Users\Claus\AppData\Roaming\Zeon
[2012.07.29 01:18:34 | 000,028,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\Users\Claus\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:FD9CE1F3

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 30.07.2012 10:58:55 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Claus\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,98 Gb Total Physical Memory | 13,58 Gb Available Physical Memory | 85,01% Memory free
31,95 Gb Paging File | 29,40 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 213,80 Gb Total Space | 110,39 Gb Free Space | 51,63% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 741,07 Gb Free Space | 79,56% Space Free | Partition Type: NTFS
 
Computer Name: CLAUS-PC | User Name: claus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08972A51-5A2D-4839-B19E-862B5A68730C}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{0A64531E-5BEA-41D8-9FE9-7FF6E4C2BED8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1A8808E3-86C8-4016-981D-C091845E2015}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1B72C68B-2454-47D0-99D2-E212794C00CC}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{1DC0C8AC-B8FF-4BD7-A5D0-656AF0440FEA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{20DEF9F8-E545-4B6A-AF0C-497AEEEDBF70}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{292C3169-6C48-42AF-935D-67D223337EE3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2B09BAEC-0F27-44C8-B644-CB3547B4CC91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2C18D0AF-7C59-4E30-AFD5-07AB8FA17A43}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2C1B3A61-6A77-4247-90E2-D1D42A6B58E5}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{2E407AE1-D015-48C2-B515-D72F8B4346E0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2E9A18FE-EE48-4603-9238-32B97E5CE915}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3C69C7C8-AD4D-454D-B96C-5D4435578C1B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{44D09781-B193-4A7C-92DA-A1B7871D0807}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{46129614-25B2-4D83-A4EA-653A043A9DEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{49111870-A1D7-436C-9060-1524042B6917}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{51EC9A22-3CE8-4D52-813D-3959153E4895}" = lport=445 | protocol=6 | dir=in | app=system | 
"{53AC30C4-2A5A-41FC-BDFB-3254A202E06B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{588D0544-82ED-4A66-9DBE-73326076B310}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{59995EEF-9605-442C-8D70-B2EC7033E8D5}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{59AC06C8-F6A4-48B6-91F0-B8493986BA01}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{5E5EA7A2-B635-4F3B-83C3-026E1B784E7C}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{6C1E01AA-9A37-40DC-A05F-21FF9CBB02EB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6CE0C86D-F75C-4343-8991-F46997A8998D}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{6D2403A7-CB07-4BD7-83F5-A165E2E95953}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7416EBA9-1017-4A6E-9991-D1890396523C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{793FF786-BB90-478B-841A-9570B217D083}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7CE1BCED-951D-4E80-BBB6-99C3A84EC69C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7DBC9B8F-B86D-48AB-AE5C-687908CAF9F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{80336F65-05EB-4C80-8490-04F7261CB912}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{807FB2F1-E551-4142-923C-7D2DD8A6B2C7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8F046646-2A30-4390-A5EC-ACD2F997B87A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9BCD023F-F481-4D03-936D-2984EF311F45}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9D73DA1C-31D3-42FB-8C0D-9914E9420EFB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A51C8C25-1789-42E4-BECD-6FCD88BAD406}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{BD4B6DA1-3ED7-40E9-8455-6B4EA5B87644}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0927D24-DE0C-4EAA-837E-15B2835B0E8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CAD383CF-8EAF-4EE2-9CD2-0568511F75C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CD0406C6-6916-47F7-A55B-364CA300ED90}" = rport=137 | protocol=17 | dir=out | app=system | 
"{CDF1D7F9-4E4D-4C7F-9F8B-4678B0C43863}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D28391CF-AA5F-4E34-8FA9-75D2B0BE8E89}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{D29D175C-D39B-441D-8E57-1EE0141D0C15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6AD7AEE-7C3B-4E97-B67A-60C349744251}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D8E7C64A-5768-4B01-8D6C-AEE7159BD75F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{EA9399DE-0687-4BCC-A671-21148E3E6D01}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{EAE9B2B0-D112-44CD-A9FE-1B1953512606}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC3DB94D-4D8C-49EB-A435-CD5600C52463}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{EDE8588F-6736-4E53-ACE2-A943D3154166}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F4D6BF9D-09FF-4466-8E73-E498914055E4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F75438C1-D1E8-47DE-86F3-A04425026342}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA2B2F9B-2286-4F9E-87BD-0F88EFDB02D1}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{FEFA5F8F-B773-4D0C-B651-0D1A26D10542}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C5DDBF-8307-4362-B014-F38AC5A811B8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{05DE8C74-BF42-4684-A32E-F1D464CFBCE9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0C346A04-7A8A-415A-851E-71ABB5A384DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{112F1CD4-4AE1-49CF-9C6F-E18051425723}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{14B484CC-5396-48E1-BB8F-79834769E6C2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1D2981BC-319C-4302-8CE8-AEAF0497C2B9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{20379740-4A36-4F36-A8B4-CB449F982DE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2153A824-3182-4153-AE3D-0DE73FE4652B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{227CE4E7-725C-4096-8FC3-29849A9D4FE1}" = protocol=47 | dir=in | app=system | 
"{24A1D7D6-847B-4A3D-970E-CD4121ECBCA2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{269896B0-739C-4401-91B1-8E3A419846E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2CD70804-88DE-4927-BB9E-04E4C796B559}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{2DE9A687-3F62-4111-B5AF-D1633164FB16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3124185D-41B5-4C2B-AAAE-FFB4B087BDED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{342360C6-9808-4809-98EA-93E22B56D991}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{381B63E7-9238-4723-8BDC-9F8086139E89}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08i\faxrx.exe | 
"{3E0CB6B7-D54B-4476-82AC-C19B75708A24}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{48C946F3-37EB-403F-B383-F0549714C2CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4F532097-CB79-4458-9337-493353702A8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52B855A4-109C-4631-AD59-831791BFD1A2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{560DB75E-5A94-4F3A-8506-504847307F21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{59BB6840-4CC7-445E-8B5B-078353A93398}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{641E26FA-4CF7-4215-A98E-679E81529B08}" = dir=in | app=c:\program files (x86)\avira\avira security management center agent\agent.exe | 
"{65A2E85B-1893-46E1-A1EE-3C7D9AD0C07F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{6A3038D8-C9A8-4519-88C9-5048370C3E9E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6AF71AB8-FA7F-46E4-801A-48157A1E2076}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6E16BF28-54F0-43CA-AAE4-952FD601E0E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F113E89-76E1-446A-9314-3BBBB9C87D8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{78D80794-C67A-4716-9CC5-D365264DF1C7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8293122A-F545-4CE0-BDE6-EAEE078B23E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B6245A1-E876-4A61-9CEB-BFB19C114F49}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08i\faxrx.exe | 
"{8DB4C241-1F33-43E7-B51E-04844201C050}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{97100923-6275-4C38-944A-F356DC23E5B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{98858B41-B263-4238-9B08-9F2E2588BD44}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{AADE04F8-4668-48A6-A4C7-CBA5F35EF645}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{ABDDDB15-AA60-41BE-B3C6-FF5350F004FD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{AC8E2B26-2593-4866-B175-5C3F7BAB322F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B3B04750-87B7-4E64-81C2-0E212ED7BC34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B4AA62EC-82DA-4AC0-BBB9-FB7BDE39758B}" = protocol=6 | dir=out | app=system | 
"{CC3E5A92-05AF-40D6-BEFE-4A34C5FBCA43}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DC5A93C9-DACC-43B8-91CC-7E972A0BB3A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E14F4AC4-E2BA-4C95-ADC2-AA2577DB936A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E2F5339D-15E0-453C-990F-7A8329778660}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9FFF986-0626-4C24-96E2-5A6B6CA338B8}" = protocol=47 | dir=out | app=system | 
"{EF73FB60-0931-493F-8035-E8F3120D0C9D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7456A32-E397-4635-803E-CDB94B8DB99D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FD061F61-6EE3-4F36-ACE8-88BD2D9AEEA6}" = protocol=6 | dir=out | app=system | 
"{FEFA1109-9C65-4AEF-B2FE-414546597B30}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"TCP Query User{024107D4-1533-4FC2-A90E-53056BFD3C0B}C:\program files (x86)\microsoft office\office14\outlook.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"TCP Query User{D9B45540-2C31-4DE3-9F92-07D149EE8A0D}C:\program files\microsoft office\office14\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"UDP Query User{A54B1743-10FD-4D14-B44B-398ACABE0D0A}C:\program files (x86)\microsoft office\office14\outlook.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"UDP Query User{EE26A8B5-C141-42CC-9363-EB142E9D2616}C:\program files\microsoft office\office14\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}" = PaperPort Anywhere 1.1.4241.14593 powered by OfficeDrop
"{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}" = Windows Small Business Server 2011 Standard ClientAgent
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CD7A262C-287E-41DD-A0F7-733856252C6B}" = Nuance PDF Create 7
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"doPDF 7 printer_is1" = doPDF 7.2 printer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B8D14-7E3A-490A-ABB3-753535E169E3}" = Brother MFL-Pro Suite MFC-8370DN
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{123DE6D6-9566-4777-AC81-E6D86FFA95DA}" = HL-4570CDW
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3BF040FC-632F-432B-919E-91EE66F24644}" = KFZ-Fahrtenbuch 3
"{3CCF8C49-DD7B-4DDC-95C5-1F24648427EF}" = KFZ-Fahrtenbuch 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7884A50C-47D3-4F51-B187-CD6DE873B2F0}" = Nuance PaperPort 14
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C0B72E1E-A9D3-4D73-8DA0-ADF8550AD3A8}" = Fahrtenbuch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CD7A262C-287E-41DD-A0F7-733856252C6B}" = Nuance PDF Create 7
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3493E2F-B147-4EDD-9AE2-5DEDB8776232}" = Avira Management Console Agent
"{F7A8377A-3062-43B8-94F4-4E30EA43A9E9}" = Windows Small Business Server 2011 Standard WMI Provider
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Professional Security
"e-Anmeldevordruck 2012" = ewMedien e-Anmeldevordruck
"Euro-Reisekosten 2012" = Euro-Reisekosten 2012 (remove only)
"Foxit Reader_is1" = Foxit Reader 5.1
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"HANDWERK" = ADDISON Handwerk Version 7.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiMon TaskBar_is1" = MultiMon TaskBar PRO 3.5 (Trial)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"WinLiveSuite" = Windows Live Essentials
"Zeiterfassung_is1" = Bee In Time Version 4.0
"ZVEH Prüfbericht_is1" = ZVEH Prüfbericht 8F03
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.07.2012 08:00:21 | Computer Name = Claus-PC.wenzel.local | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0x76f1dfe4]   Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 20.07.2012 15:01:07 | Computer Name = Claus-PC.wenzel.local | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0x76f1dfe4]   Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 21.07.2012 04:00:19 | Computer Name = Claus-PC.wenzel.local | Source = Avira Antivirus | ID = 4129
Description = Das Update von CLAUS-PC (192.168.8.13) ist fehlgeschlagen.  Das Engine/VDF
 Set konnte nicht validiert werden. .  Es wurden keine neuen Dateien geladen.
 
Error - 21.07.2012 15:01:12 | Computer Name = Claus-PC.wenzel.local | Source = Avira Antivirus | ID = 4129
Description = Das Update von CLAUS-PC (192.168.8.13) ist fehlgeschlagen.  Das Engine/VDF
 Set konnte nicht validiert werden. .  Es wurden keine neuen Dateien geladen.
 
Error - 22.07.2012 04:00:06 | Computer Name = Claus-PC.wenzel.local | Source = Avira Antivirus | ID = 4129
Description = Das Update von CLAUS-PC (192.168.8.13) ist fehlgeschlagen.  Das Engine/VDF
 Set konnte nicht validiert werden. .  Es wurden keine neuen Dateien geladen.
 
Error - 22.07.2012 05:35:03 | Computer Name = Claus-PC.wenzel.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_wuauserv, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0x134  Startzeit der fehlerhaften Anwendung: 0x01cd64e5ac899b64
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 832f422c-d3e0-11e1-b6f1-002683163113
 
Error - 22.07.2012 05:35:05 | Computer Name = Claus-PC.wenzel.local | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.07.2012 05:35:05 | Computer Name = Claus-PC.wenzel.local | Source = PerfNet | ID = 2005
Description = 
 
Error - 22.07.2012 12:55:10 | Computer Name = Claus-PC.wenzel.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_wuauserv, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: msi.dll, Version: 5.0.7601.17514,
 Zeitstempel: 0x4ce7c800  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000001f1f96
ID
 des fehlerhaften Prozesses: 0x9c4  Startzeit der fehlerhaften Anwendung: 0x01cd67ed4675838c
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\msi.dll  Berichtskennung: fedc5914-d41d-11e1-b6f1-002683163113
 
Error - 23.07.2012 03:36:15 | Computer Name = Claus-PC.wenzel.local | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 23.07.2012 01:08:37 | Computer Name = Claus-PC.wenzel.local | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Winmgmt erreicht.
 
Error - 23.07.2012 01:09:37 | Computer Name = Claus-PC.wenzel.local | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Winmgmt erreicht.
 
Error - 23.07.2012 01:10:37 | Computer Name = Claus-PC.wenzel.local | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Winmgmt erreicht.
 
Error - 23.07.2012 01:11:37 | Computer Name = Claus-PC.wenzel.local | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Winmgmt erreicht.
 
Error - 23.07.2012 01:12:37 | Computer Name = Claus-PC.wenzel.local | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Winmgmt erreicht.
 
Error - 23.07.2012 01:13:37 | Computer Name = Claus-PC.wenzel.local | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Winmgmt erreicht.
 
Error - 23.07.2012 01:14:37 | Computer Name = Claus-PC.wenzel.local | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Winmgmt erreicht.
 
Error - 23.07.2012 01:15:37 | Computer Name = Claus-PC.wenzel.local | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Winmgmt erreicht.
 
Error - 23.07.2012 01:16:37 | Computer Name = Claus-PC.wenzel.local | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Winmgmt erreicht.
 
Error - 23.07.2012 01:17:37 | Computer Name = Claus-PC.wenzel.local | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Winmgmt erreicht.
 
 
< End of report >
         
Über Eure Hilfe würde ich mich sehr freuen !

Gruss Claus

is there anybody out there who can help me?

Ich getraue mich garnicht mehr, mich an unserem Firmennetz anzumelden, bis ich Gewissheit habe.

THX !

is there anybody out there who can help me?

Ich getraue mich garnicht mehr, mich an unserem Firmennetz anzumelden, bis ich Gewissheit habe.

THX !

Jemand eine Idee oder kann mir Info oder Hilfe geben?

Gruß Claus
__________________


Antwort

Themen zu GVU Trojaner mit Webcam Win 7 64bit
64bit, aktiviert, aufsetzen, avira, datei, dateien, eingefangen, einträge, firewalls, gefangen, gen, heute, kaspersky, laufen, locker, malwarebytes, neu, neu aufsetzen, nichts, samstag, schonmal, system, troja, trojaner, unlocker, webcam, win, win 7 64bit



Ähnliche Themen: GVU Trojaner mit Webcam Win 7 64bit


  1. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  2. GVU-Trojaner mit Webcam Bild auf WIN7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (10)
  3. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 20.01.2013 (17)
  4. GVU-Trojaner 2.04 (mit Webcam)
    Log-Analyse und Auswertung - 29.12.2012 (1)
  5. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (1)
  6. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 11.11.2012 (3)
  7. GVU Trojaner+Webcam Wind7 64Bit, kann einer helfen?
    Log-Analyse und Auswertung - 06.11.2012 (1)
  8. Polizei Virus Östrreich mit webcam, Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (10)
  9. GVU-Trojaner mit Webcam
    Log-Analyse und Auswertung - 03.09.2012 (14)
  10. Win7 home pre 64bit mit gvu trojaner mit webcam
    Log-Analyse und Auswertung - 31.07.2012 (4)
  11. GVU Trojamer mit Webcam - Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (22)
  12. Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (11)
  13. GVU-Trojaner 2.07 mit Webcam-Bild sperrt mein System Win 7 64bit
    Log-Analyse und Auswertung - 20.07.2012 (8)
  14. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 20.07.2012 (9)
  15. GVU Trojaner mit Webcam - Windows7 Pro. 64bit
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (23)
  16. BKA-Trojaner mit Webcam / Win 7 Home Premium 64bit
    Log-Analyse und Auswertung - 13.07.2012 (13)
  17. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 09.07.2012 (3)

Zum Thema GVU Trojaner mit Webcam Win 7 64bit - Hallo Zusammen ich habe mir am Samstag den GVU TRojaner eingefangen, obwohl auf meinem PC AVIRA läuft und ich 2 Firewalls in Reihe davor geschaltet habe. Nach Recherche im Netz - GVU Trojaner mit Webcam Win 7 64bit...
Archiv
Du betrachtest: GVU Trojaner mit Webcam Win 7 64bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.