Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Noch ein Fall von "Mail delivery failed: returning message to sender"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.10.2012, 01:23   #1
Pill3
 
Noch ein Fall von "Mail delivery failed: returning message to sender" - Standard

Noch ein Fall von "Mail delivery failed: returning message to sender"



Hallo Forum,

jetzt scheint es auch meine web.de-Adresse erwischt zu haben.
Ich bekomme seit ein paar Tagen haufenweise folgendes von und auf web.de gesendet:



This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

"genna0412@mail.ru":
SMTP error from remote server after transfer of mail text:
host: mxs.mail.ru
spam message rejected. Please visit hxxp://mail.ru/notspam/abuse?c=428wVMAr-jeKaXvEoBmHjZTQqGxUq-cBdlLMdZgFf20jNOiZeI8RjgYAAABDLQAAb66IDA~~ or report details to abuse@corp.mail.ru. Error code: 54306FE337FA2BC0C47B698A8D8719A06CA8D09401E7AB5475CC52766D7F059899E834238E118F78. ID: 0000000600002D430C88AE6F.


--- The header of the original message is following. ---

Received: from web.de ([180.210.205.73]) by smtp.web.de (mrweb102) with ESMTPA
(Nemesis) id 0LfzxX-1TjAuN1TgZ-00pb9y for <genna0412@mail.ru>; Mon, 08 Oct
2012 05:46:53 +0200
Date: Mon, 8 Oct 2012 11:46:46 +0400
From: =?windows-1251?Q?Violetta_Trushevskaya?= <pilleeichi@web.de>
Organization: uijdzbfdrpwpk
X-Priority: 3 (Normal)
Message-ID: <1119029615.20121008114646@web.de>
To: genna0412@mail.ru
Subject: =?windows-1251?Q?drasti_miliy_=21_?=
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 8bit
X-Provags-ID: V02:K0:t+o+u3gEs5h9ScouYOGnpsPx7/U15x8A3oc4pqfI8SY
nPCwSN9FqzjKXIf1+xcLigb3XMX+/7F2s4zRy/n910T/NFPIcT
VSoFnu1s/mf3QJUJVG1yBTV0Z2OgToQnlC1KWWGC+Pc3VScJhM
oGiDAiQwp5EwZfba+B+D7Mb8X6Uj/RM16pJiTVw8Ids7Gta7HE
4GFzmetDCjvaZN5A7WYog==




Ein paar vereinzelte sind satt "@mail.ru" mit "@list.ru"

Malwarebytes Anti-Malware und OTL habe ich mit folgenden Ergebnissen laufen lassen:

Malewarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.08.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

09.10.2012 17:30:11
mbam-log-2012-10-09 (18-48-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 505852
Laufzeit: 1 Stunde(n), 17 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
E:\Mail_in\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Keine Aktion durchgeführt.

(Ende)
         
OTL:
Code:
ATTFilter
OTL logfile created on: 09.10.2012 21:43:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pille\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 32,74% Memory free
10,00 Gb Paging File | 6,32 Gb Available in Paging File | 63,24% Paging File free
Paging file location(s): c:\pagefile.sys 6142 6142 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,85 Gb Total Space | 4,84 Gb Free Space | 11,86% Space Free | Partition Type: NTFS
Drive D: | 115,29 Gb Total Space | 8,53 Gb Free Space | 7,40% Space Free | Partition Type: NTFS
Drive E: | 440,03 Gb Total Space | 45,30 Gb Free Space | 10,30% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: Pille | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Pille\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programme\Napster 5\Napster 5.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Pille\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Programme\BOINC DATA\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.40_windows_intelx86 (New York University Center For Comparative Functional Genomics in collaboration with the University of Washington and IBM Corporation)
PRC - D:\Programme\BOINC DATA\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.40_windows_intelx86 (The Scripps Research Institute and IBM Corporation)
PRC - D:\Programme\BOINC DATA\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.42_windows_intelx86 ()
PRC - D:\Programme\BOINC DATA\projects\www.worldcommunitygrid.org\wcg_hfcc_autodock_6.40_windows_intelx86 (The Scripps Research Institute and IBM Corporation)
PRC - D:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - D:\Programme\Cobian Backup 10\cbInterface.exe (Luis Cobian, CobianSoft)
PRC - d:\Programme\Cobian Backup 10\cbService.exe (Luis Cobian, CobianSoft)
PRC - D:\Programme\Mozilla Sunbird\sunbird.exe (Mozilla)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Pille\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Pille\AppData\Local\Temp\sfareca00001.dll ()
MOD - c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll ()
MOD - c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll ()
MOD - D:\Programme\Napster 5\Napster 5.exe ()
MOD - D:\Programme\BOINC DATA\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.42_windows_intelx86 ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- D:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (CobianBackup10) -- d:\Programme\Cobian Backup 10\cbService.exe (Luis Cobian, CobianSoft)
SRV - (cbVSCService) -- d:\Programme\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (ithsgt) -- C:\Windows\SysNative\drivers\ithsgt.sys ()
DRV:64bit: - (lilsgt) -- C:\Windows\SysNative\drivers\lilsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (s117unic) -- C:\Windows\SysNative\drivers\s117unic.sys (MCCI Corporation)
DRV:64bit: - (s117obex) -- C:\Windows\SysNative\drivers\s117obex.sys (MCCI Corporation)
DRV:64bit: - (s117nd5) -- C:\Windows\SysNative\drivers\s117nd5.sys (MCCI Corporation)
DRV:64bit: - (s117mdm) -- C:\Windows\SysNative\drivers\s117mdm.sys (MCCI Corporation)
DRV:64bit: - (s117mgmt) -- C:\Windows\SysNative\drivers\s117mgmt.sys (MCCI Corporation)
DRV:64bit: - (s117mdfl) -- C:\Windows\SysNative\drivers\s117mdfl.sys (MCCI Corporation)
DRV:64bit: - (s117bus) -- C:\Windows\SysNative\drivers\s117bus.sys (MCCI Corporation)
DRV:64bit: - (tap0801) -- C:\Windows\SysNative\drivers\tap0801.sys (The OpenVPN Project)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1931835600-3465660405-1110096234-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-1931835600-3465660405-1110096234-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1931835600-3465660405-1110096234-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1931835600-3465660405-1110096234-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 D1 85 2B 06 6B CA 01  [binary data]
IE - HKU\S-1-5-21-1931835600-3465660405-1110096234-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1931835600-3465660405-1110096234-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1931835600-3465660405-1110096234-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-1931835600-3465660405-1110096234-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: FF_AddOn@viewtubes.de:3.2.0
FF - prefs.js..network.proxy.autoconfig_url: "chrome://viewtubes/content/viewtubes_false.pac"
FF - prefs.js..network.proxy.backup.ftp: "173.190.218.30"
FF - prefs.js..network.proxy.backup.ftp_port: 16379
FF - prefs.js..network.proxy.backup.socks: "173.190.218.30"
FF - prefs.js..network.proxy.backup.socks_port: 16379
FF - prefs.js..network.proxy.backup.ssl: "173.190.218.30"
FF - prefs.js..network.proxy.backup.ssl_port: 16379
FF - prefs.js..network.proxy.ftp: "96.3.178.103"
FF - prefs.js..network.proxy.ftp_port: 23112
FF - prefs.js..network.proxy.http: "96.3.178.103"
FF - prefs.js..network.proxy.http_port: 23112
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "96.3.178.103"
FF - prefs.js..network.proxy.socks_port: 23112
FF - prefs.js..network.proxy.ssl: "96.3.178.103"
FF - prefs.js..network.proxy.ssl_port: 23112
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010.04.17 22:23:04 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: d:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010.04.17 22:23:04 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109:  File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: d:\Programme\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.09.11 11:15:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.03 09:34:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: d:\Programme\Mozilla Firefox\components [2012.09.09 20:49:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: d:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: D:\Programme\Mozilla Sunbird\components [2010.04.14 00:47:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: D:\Programme\Mozilla Sunbird\plugins [2011.05.04 21:08:44 | 000,000,000 | ---D | M]
 
[2012.09.09 20:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pille\AppData\Roaming\mozilla\Extensions
[2012.09.16 23:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pille\AppData\Roaming\mozilla\Firefox\Profiles\fdypsb4v.default\extensions
[2012.09.16 23:27:52 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Pille\AppData\Roaming\mozilla\Firefox\Profiles\fdypsb4v.default\extensions\ich@maltegoetz.de
[2012.10.09 19:05:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pille\AppData\Roaming\mozilla\Sunbird\Profiles\0im0evx5.default\extensions
[2009.11.21 01:23:19 | 000,000,000 | ---D | M] (Provider for Google Calendar) -- C:\Users\Pille\AppData\Roaming\mozilla\Sunbird\Profiles\0im0evx5.default\extensions\{a62ef8ec-5fdc-40c2-873c-223b8a6925cc}
[2009.12.30 19:56:15 | 000,000,000 | ---D | M] (.vcs Support) -- C:\Users\Pille\AppData\Roaming\mozilla\Sunbird\Profiles\0im0evx5.default\extensions\{efcbec50-6821-11db-bd13-0800200c9a66}
[2009.11.08 02:48:44 | 000,000,000 | ---D | M] (MyPhoneExplorer) -- C:\Users\Pille\AppData\Roaming\mozilla\Sunbird\Profiles\0im0evx5.default\extensions\myphoneexplorer@fjsoft.at
[2012.09.13 23:42:52 | 000,012,042 | ---- | M] () (No name found) -- C:\Users\Pille\AppData\Roaming\mozilla\firefox\profiles\fdypsb4v.default\extensions\FF_AddOn@viewtubes.de.xpi
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [boincmgr] D:\Programme\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4:64bit: - HKLM..\Run: [boinctray] D:\Programme\BOINC\boinctray.exe (Space Sciences Laboratory)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cobian Backup 10 Interface] D:\Programme\Cobian Backup 10\cbInterface.exe (Luis Cobian, CobianSoft)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1931835600-3465660405-1110096234-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Pille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Pille\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Pille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sunbird.exe.lnk = D:\Programme\Mozilla Sunbird\sunbird.exe (Mozilla)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A82592-84EC-4E7A-A6D9-DACF6713082C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{67520250-1e6c-11e0-bab6-001d929b85e8}\Shell - "" = AutoRun
O33 - MountPoints2\{67520250-1e6c-11e0-bab6-001d929b85e8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{705d1025-d756-11de-b0f0-001d929b85e8}\Shell - "" = AutoRun
O33 - MountPoints2\{705d1025-d756-11de-b0f0-001d929b85e8}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{cc7703fc-809d-11e0-9db4-001d929b85e8}\Shell - "" = AutoRun
O33 - MountPoints2\{cc7703fc-809d-11e0-9db4-001d929b85e8}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{e76824c8-1d83-11df-8685-001d929b85e8}\Shell - "" = AutoRun
O33 - MountPoints2\{e76824c8-1d83-11df-8685-001d929b85e8}\Shell\AutoRun\command - "" = "J:\Adobe CS5\Set-up.exe"
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.09 21:40:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pille\Desktop\OTL.exe
[2012.10.09 01:22:49 | 000,000,000 | ---D | C] -- C:\Users\Pille\AppData\Roaming\Malwarebytes
[2012.10.09 01:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.09 01:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.09 01:22:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.09 01:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.09 01:22:04 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Pille\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.26 07:35:13 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.23 13:21:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stalker-shoc
[2012.09.23 11:25:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.23 11:25:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.23 11:25:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.23 11:25:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.23 11:25:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.23 11:25:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.23 11:25:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.23 11:25:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.23 11:25:36 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.23 11:25:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.23 11:25:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.23 11:25:36 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.23 11:25:35 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.23 11:25:35 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.23 11:25:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.12 10:52:44 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 10:52:44 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.09.12 10:52:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.12 10:52:43 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.11 11:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.09.11 00:22:14 | 000,000,000 | ---D | C] -- C:\Users\Pille\Documents\SEGA
[2012.09.10 01:54:50 | 000,000,000 | ---D | C] -- C:\Users\Pille\Desktop\Gesa_21_Infiltrator_120612_4f393a9
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.09 21:40:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pille\Desktop\OTL.exe
[2012.10.09 19:02:31 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 19:02:31 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.09 18:55:03 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.10.09 18:54:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.09 18:54:51 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 18:54:13 | 000,000,020 | ---- | M] () -- C:\Users\Pille\defogger_reenable
[2012.10.09 18:51:03 | 097,008,497 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.10.09 01:22:37 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.09 01:22:13 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Pille\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.08 23:04:54 | 001,565,939 | ---- | M] () -- C:\Users\Pille\Desktop\Unbenannt-1.jpg
[2012.10.06 11:17:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.09.30 23:17:27 | 001,492,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.30 23:17:27 | 000,651,996 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.30 23:17:27 | 000,614,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.30 23:17:27 | 000,129,036 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.30 23:17:27 | 000,105,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.30 17:52:59 | 000,503,057 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.09.29 02:57:02 | 000,000,212 | ---- | M] () -- C:\Users\Pille\Desktop\XCOM Enemy Unknown Demo.url
[2012.09.23 14:38:30 | 000,000,079 | ---- | M] () -- C:\Users\Pille\AppData\Local\CrystalDiskMark30.ini
[2012.09.12 23:43:48 | 000,000,209 | ---- | M] () -- C:\Users\Pille\Desktop\Portal 2.url
[2012.09.12 11:24:58 | 000,000,210 | ---- | M] () -- C:\Users\Pille\Desktop\S.T.A.L.K.E.R. Shadow of Chernobyl.url
 
========== Files Created - No Company Name ==========
 
[2012.10.09 18:54:12 | 000,000,020 | ---- | C] () -- C:\Users\Pille\defogger_reenable
[2012.10.09 01:22:37 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.08 23:04:51 | 001,565,939 | ---- | C] () -- C:\Users\Pille\Desktop\Unbenannt-1.jpg
[2012.09.29 02:57:02 | 000,000,212 | ---- | C] () -- C:\Users\Pille\Desktop\XCOM Enemy Unknown Demo.url
[2012.09.23 14:35:19 | 000,000,079 | ---- | C] () -- C:\Users\Pille\AppData\Local\CrystalDiskMark30.ini
[2012.09.12 23:43:48 | 000,000,209 | ---- | C] () -- C:\Users\Pille\Desktop\Portal 2.url
[2012.09.12 11:24:58 | 000,000,210 | ---- | C] () -- C:\Users\Pille\Desktop\S.T.A.L.K.E.R. Shadow of Chernobyl.url
[2012.07.23 02:33:16 | 000,001,456 | ---- | C] () -- C:\Users\Pille\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.11.27 22:51:13 | 000,000,478 | ---- | C] () -- C:\Users\Pille\AppData\Roaming\GPU Monitor_Settings.ini
[2011.11.10 04:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 04:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.11.05 13:43:26 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011.11.05 13:43:26 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011.11.05 13:43:26 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011.11.05 13:43:26 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011.11.05 13:43:26 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011.09.30 00:49:57 | 001,589,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.22 18:03:53 | 000,000,000 | ---- | C] () -- C:\Users\Pille\AppData\Local\{752C8005-72D3-41A2-8ED7-D8DA4D677E44}
[2011.01.31 14:56:01 | 000,001,655 | ---- | C] () -- C:\Users\Pille\AppData\Roaming\SvcTraceViewer.exe.settings
[2011.01.21 16:59:34 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2010.12.30 22:16:16 | 000,033,937 | ---- | C] () -- C:\Windows\scunin.dat
[2010.09.12 13:41:47 | 000,001,031 | ---- | C] () -- C:\Users\Pille\AppData\Roaming\ShiftN.ini
[2010.08.03 01:23:41 | 000,007,680 | ---- | C] () -- C:\Users\Pille\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.24 23:53:04 | 000,000,118 | ---- | C] () -- C:\Users\Pille\AppData\Local\Config_4E29823E.dat
[2010.01.24 23:53:04 | 000,000,036 | ---- | C] () -- C:\Users\Pille\AppData\Local\Index_4E29823E.dat
[2009.12.24 01:13:26 | 000,007,604 | ---- | C] () -- C:\Users\Pille\AppData\Local\Resmon.ResmonCfg
[2009.11.21 00:47:18 | 000,002,528 | ---- | C] () -- C:\Users\Pille\AppData\Roaming\$_hpcst$.hpc
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2009.11.22 12:47:14 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Acronis
[2010.07.18 12:57:09 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\aicon
[2012.02.04 18:37:55 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Auslogics
[2012.01.26 15:24:46 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\AVG2012
[2010.01.01 16:48:58 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Azureus
[2012.03.29 21:13:32 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\com.Rhapsody.Napster5
[2010.08.09 01:55:35 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\cPicture
[2009.12.04 21:23:03 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Cuttermaran
[2010.02.28 23:20:53 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\DAEMON Tools
[2010.01.01 22:06:42 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\DAEMON Tools Lite
[2009.12.26 13:19:54 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\DeepBurner
[2012.02.20 20:05:30 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\DesktopIconForAmazon
[2012.10.09 21:25:09 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Dropbox
[2011.12.20 01:41:06 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\DVDVideoSoft
[2011.12.20 01:40:58 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.02 01:32:41 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\eFMer
[2010.02.23 01:12:05 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\EPSON
[2012.08.14 01:00:31 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\JAM Software
[2012.02.12 19:53:45 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Kalypso Media
[2011.09.28 10:59:46 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Lexware
[2009.11.21 14:27:39 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\ML
[2011.11.01 13:52:48 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\MOGware, Inc
[2012.01.27 01:31:13 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Mp3tag
[2012.04.17 19:04:04 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\MusicBrainz
[2009.11.21 18:15:59 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\MyPhoneExplorer
[2012.08.30 12:49:51 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Opera
[2012.08.29 12:02:46 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Origin
[2010.02.20 00:50:28 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\PacificPoker
[2009.11.20 23:57:25 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\PC Suite
[2010.10.15 11:19:34 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\QIP
[2010.11.14 15:11:03 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Samsung
[2011.12.08 17:54:46 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.06.27 00:13:33 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\SteelSeries Xai
[2010.11.28 22:54:40 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Systweak
[2011.10.11 23:40:16 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Ubisoft
[2011.12.04 15:00:32 | 000,000,000 | ---D | M] -- C:\Users\Pille\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C895616B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7631EA83

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 09.10.2012 21:43:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pille\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 32,74% Memory free
10,00 Gb Paging File | 6,32 Gb Available in Paging File | 63,24% Paging File free
Paging file location(s): c:\pagefile.sys 6142 6142 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,85 Gb Total Space | 4,84 Gb Free Space | 11,86% Space Free | Partition Type: NTFS
Drive D: | 115,29 Gb Total Space | 8,53 Gb Free Space | 7,40% Space Free | Partition Type: NTFS
Drive E: | 440,03 Gb Total Space | 45,30 Gb Free Space | 10,30% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: Pille | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe\Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "d:\Programme\CEWE COLOR\FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "d:\Programme\CEWE COLOR\FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "d:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe\Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "d:\Programme\CEWE COLOR\FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "d:\Programme\CEWE COLOR\FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "d:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03BF3EB3-3282-4BFA-B8AB-5109B4F27FE1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{04E5E58E-C53D-4AF5-ABC3-1E979C4D70FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0D724183-F593-4EDB-A422-0BBC6585F09C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{17126863-7484-4701-834E-505078CB19A3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1B4E3875-73D0-477A-862A-848F2E234A04}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1C9B22C3-746E-4177-A2C0-D3940B3EF2E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{26105809-C47A-4285-B595-AB819BAFAE14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3BE0375E-80BB-4D1D-9101-171792F726CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A643558-4B52-432B-9FED-B9076B670F38}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5A9929A9-FC4B-4365-94D2-ADF6FA33CF32}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{622A68FB-96AA-4197-868D-6089644C6D39}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{673226B7-648D-4426-8129-706AB71C3CCD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{838F9F36-BE21-4E28-8468-C1E91D9BE943}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8471CFCD-E4CC-4300-92C0-C9DFD3A23226}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8B3F1443-4AC0-4A89-B800-D5D9B538ADA1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8CEC30E5-EDAE-4BBC-B97D-97429DAEB289}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe | 
"{9879ADDD-67DA-4CCD-8020-B81E3788DC42}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9890C982-03BC-4270-A24A-0C8B6469B855}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{989B5877-15F3-4F69-92EB-E3C5F20C3C69}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A6779F43-2748-4A2C-BB1B-D4D3526A6431}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B47DB911-706B-439D-B14B-E89CB6E4B2F5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B597E769-22B9-49A8-97C3-3568B5357686}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B8C20AFF-EC23-413F-8D47-84DB678096A7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C822EA41-D7DD-4D5E-9369-576BCE7B29FC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D00CBC74-0ADF-4031-BF4E-3CBBAEE3D1B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DA05CEAE-93FE-4AF9-9B67-82F23E4404F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E8C9A929-FD54-418B-B2DB-4C87F9830815}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EB0616B4-FF45-4A81-8260-F2B719DB0E1A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ED0CCD24-CC17-4DAC-806F-0020171AB632}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ED37BE3F-8D9C-47F3-98E5-86ACA1DD184B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EE77BE5B-F840-45D7-AC17-F99C91667E21}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F14AB106-192E-45A5-A2C7-5A68E245C3F5}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04052B7F-1CED-43A7-B84A-C49D785ECDB6}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\xcom-enemy-unknown-demo\binaries\win32\xcomgame.exe | 
"{042BAD3A-DB4E-47E9-97A5-F62E35007350}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{04E63DFF-726E-491B-9C9B-38B100967DC1}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\portal 2\portal2.exe | 
"{09C6E213-D851-4D4C-A7EE-D4B292B61177}" = protocol=17 | dir=in | app=d:\spiele\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe | 
"{0A9FFCDA-996F-4330-ABCA-7FABF2614EE6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0CA388B7-7131-4C5C-8E29-CBAFA0F242F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1331AD8A-7287-4504-9A0A-78BDA227A004}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\portal 2\portal2.exe | 
"{16434E63-DCC4-4829-8B3C-CBCACAFC59FA}" = protocol=6 | dir=in | app=d:\programme\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{169FA8E1-7C77-45E3-B895-F6481D323EB7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{16A9BE05-17FA-42AC-932B-31233C428339}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1BC52C72-8E1A-4DE8-8F9D-D4C43865371E}" = protocol=17 | dir=in | app=d:\programme\opera x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{20B3C555-F9A0-40F8-A7CA-AE901B22F830}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{2759CBDA-4FFB-4553-B22F-357CA3743C35}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\assassin's creed revelations\acrsp.exe | 
"{30CB77F2-AF8D-474C-BFFC-0CE194D6BA4D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{32AB8257-12E6-4710-ABE8-6DE0CB989036}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | 
"{3AF250AB-C7D4-4EB6-BD69-F621CC7D1209}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{44A9930B-4F3A-4CED-B0FB-8D692311E1C3}" = protocol=6 | dir=in | app=d:\programme\samsung\npsvsvr.exe | 
"{47F7111F-E41F-4B92-82B1-81CEEDFA9C13}" = protocol=6 | dir=in | app=d:\spiele\call of duty 5\codwawmp.exe | 
"{4A7394D1-CFD2-4F4D-899D-F61812BC155E}" = protocol=17 | dir=in | app=d:\spiele\call of duty 5\codwaw.exe | 
"{4CD98398-9179-43B6-81EB-D68061C6938A}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{4D61F543-53CA-405E-9081-081D3AC570B5}" = protocol=6 | dir=in | app=d:\programme\samsung\npsasvr.exe | 
"{4FB8514E-6B7B-4F22-853F-C5F0BBF0A78B}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | 
"{4FF8FEAA-C9DD-44F7-B8E6-9C171D065B42}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | 
"{52801498-AA3D-4439-89DB-9408893ED738}" = protocol=17 | dir=in | app=d:\programme\opera x64\opera.exe | 
"{53B88378-484F-4376-A1BB-08F6B6911F90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{547072D5-3CC0-4694-8452-841629ACD876}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{56133C48-BCB1-474D-9F8E-7CAF36FA6BBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{58867118-6A30-4B5A-A19C-FCCF3772FB70}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{59149081-CF50-4F5B-B81D-695F403DB454}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe | 
"{5C9CE9B8-96B7-41BD-BFBE-FD403FAB2519}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{5E1FA221-6203-470E-9154-153E33137122}" = protocol=6 | dir=in | app=d:\spiele\call of duty 5\codwaw.exe | 
"{5E9F9E8A-178F-488D-917E-85023E6B9FBC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{691C0C51-2349-4C0B-BD2F-4FD549962A72}" = protocol=17 | dir=in | app=d:\programme\samsung\npsvsvr.exe | 
"{6E9819DF-5BB8-4952-B93E-25084E2F0A75}" = dir=in | app=d:\programme\skype\phone\skype.exe | 
"{718BB11C-B4CB-4A97-B200-7AE1237A35B7}" = protocol=6 | dir=out | app=system | 
"{72DE592B-7E3D-456A-8A79-4D1D702282BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7531A644-04AE-4741-B948-24A4FEEB8F1B}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe | 
"{7ABAF6FF-C022-4CE1-9947-3862FDCDC96B}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\assassin's creed revelations\acrsp.exe | 
"{7FDC725E-E1E6-4B65-A225-723880F6C9C4}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe | 
"{871C2753-1128-449B-9CE6-E648A4AA4D7B}" = dir=out | app=d:\programme\adobe\photoshop cs5\adobe photoshop cs5 (64 bit)\logtransport2.exe | 
"{87569B2F-7689-4D6E-BDF5-6A0723150F65}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8A90FDF9-EDBC-47AB-9CE2-CA66C0569CF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{91C22B7E-311F-4CAA-ABD7-07208814B234}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{93E59738-BCFC-4395-8712-2388BC35E219}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{961DBA26-38DF-4E30-887B-9C70165CF8A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C7BBE9B-5A93-4BD5-8855-09724DB7767F}" = protocol=17 | dir=in | app=c:\users\pille\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9F717F51-801C-45D9-9D1E-AAE57AA25036}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{9F816EDA-0AD0-4BA1-9240-EC207CF11796}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{A1760288-FA87-4CED-9C00-C68D2C878050}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A3A13F0C-429F-4DF8-8C07-03DFD08519AB}" = protocol=17 | dir=in | app=d:\programme\samsung\npsasvr.exe | 
"{A972B135-471A-4602-9FBD-81302CD5241A}" = protocol=6 | dir=in | app=d:\programme\opera x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{ACD4E87D-C2B2-4FF8-9EE3-FA2D984DC5A7}" = protocol=17 | dir=in | app=d:\programme\samsung\npsguide.exe | 
"{ADC76708-CCEB-45C0-B86A-B5CD5CB13352}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B73467DF-BC96-41B1-B053-1ECBAE36EB6B}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\renegade ops\renegadeops.exe | 
"{B7BCE167-5E92-478E-9394-9DDF8313A534}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe | 
"{B94BE3E6-91E3-49AC-801C-95037AA6713B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{B997585C-86EB-48AE-A376-E3D357249A61}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{BBF77D71-2649-4393-9CC9-8A033DFC95C5}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{C0F67B61-56D5-4821-835F-A37448230370}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\xcom-enemy-unknown-demo\binaries\win32\xcomgame.exe | 
"{C6F8EF3F-04A8-42C6-9C3B-9695FE76CA6C}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{C8389598-821C-4289-BD16-14B9ACEE56A8}" = dir=out | app=d:\programme\adobe\photoshop cs5\adobe photoshop cs5 (64 bit)\photoshop.exe | 
"{C94E3E6C-12D5-49A7-9763-FAD47CCB77B4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{CA49C49E-3DDE-4CB1-BD24-481BDE0F9951}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\renegade ops\renegadeops.exe | 
"{CE42B98C-EAD6-4EDD-8DB2-BF0B2C582833}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D413F0BA-A777-4A50-9E28-74C3D1B8D656}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{D5D1564E-64E1-4BC3-8DFC-A4941515EF27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D8957D20-5DF8-4DA4-A41D-796771B86F66}" = protocol=6 | dir=in | app=c:\users\pille\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DAEBB9C1-1AD7-49CF-B959-687C9203A2DA}" = protocol=17 | dir=in | app=d:\programme\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{DCC29FE2-D132-41CD-AAF3-DFEE8C09BD46}" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\grid\grid.exe | 
"{DFF8A626-B3F9-4159-A1DD-8E813701D8AF}" = protocol=17 | dir=in | app=d:\spiele\call of duty 5\codwawmp.exe | 
"{E3B36DBC-8FDC-4714-A144-5FB9B379E05D}" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\grid\grid.exe | 
"{E53B677D-1FC7-46AF-A6CD-59706CA59410}" = protocol=6 | dir=in | app=d:\spiele\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe | 
"{E76E3C1C-CD51-42E2-B135-0BC491F7D061}" = protocol=6 | dir=in | app=d:\programme\samsung\npsguide.exe | 
"{E7C363B7-6266-420B-8CBC-CB50A6D6A3F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ED9900C0-4011-44E5-BC12-4A0DFB4DF2FF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{EDC297E5-0FB8-4E22-B46D-83A716BAD399}" = protocol=6 | dir=in | app=d:\programme\opera x64\opera.exe | 
"{F32D0DDB-0C9B-40B7-8638-97D930306358}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F4E0816B-C205-498F-B5FA-785E26B3CAC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF0BE6CE-4B18-4D74-92FD-EA096514FFE1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"TCP Query User{0C69500A-884C-4F88-87D0-10CAE1174FA2}D:\programme\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=d:\programme\musicbrainz picard\picard.exe | 
"TCP Query User{2906D72A-1E78-4382-B341-6BF48D4E0B35}D:\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\spiele\call of duty 2\cod2mp_s.exe | 
"TCP Query User{2974E429-B758-4ADD-81EC-9F715264AC94}D:\programme\samsung\npsdmpplayer.exe" = protocol=6 | dir=in | app=d:\programme\samsung\npsdmpplayer.exe | 
"TCP Query User{43BF5DE5-816A-46E4-A334-92932D359E35}D:\programme\qip\qip.exe" = protocol=6 | dir=in | app=d:\programme\qip\qip.exe | 
"TCP Query User{495DC0C4-8C9C-4E03-88CF-D0372BE83055}D:\spiele\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{80D1F695-0670-41DB-B7CF-AA8F43D43613}C:\users\pille\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\pille\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{9F1BDC67-F0FD-4B8A-9740-A23ADEB48E38}\\***\spiele\flatout2\flatout2.exe" = protocol=6 | dir=in | app=\\***\spiele\flatout2\flatout2.exe | 
"TCP Query User{B8443AE4-70DC-462D-8497-99525EECE22C}D:\spiele\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires ii\age2_x1.exe | 
"TCP Query User{CE4BE159-53AF-4644-B8C7-0926D3A307D0}D:\programme\steam\steamapps\common\assassin's creed revelations\acrpr.exe" = protocol=6 | dir=in | app=d:\programme\steam\steamapps\common\assassin's creed revelations\acrpr.exe | 
"TCP Query User{D03BF8EC-0092-46E9-80ED-A5E49CC90715}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E1F19C63-72AC-4226-8BF8-6B25D5991E60}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{E70F4D2A-1CDF-44A6-B7E9-68E6F904FBB2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{EBFDF0C6-804F-47AA-954A-69EFCA9E9591}D:\programme\emule\emule.exe" = protocol=6 | dir=in | app=d:\programme\emule\emule.exe | 
"TCP Query User{F7661099-BF0B-41C0-BE38-4FAB28DE8389}D:\programme\qip\qip.exe" = protocol=6 | dir=in | app=d:\programme\qip\qip.exe | 
"UDP Query User{0C496F0E-9485-44C9-A5A0-56FE3C010F17}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{2F6E25E6-FB73-4B2A-B1AD-C87DD1172F4C}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{3904F8BF-9960-4B6A-B8ED-FE8D6CA5C949}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{4C26BD5C-16E9-4499-9E5A-C3F673C4AD87}D:\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\spiele\call of duty 2\cod2mp_s.exe | 
"UDP Query User{612B149E-F68F-494A-912B-3FF7702F8DC0}D:\spiele\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires ii\age2_x1.exe | 
"UDP Query User{618D0430-7291-4AD8-95C3-ED81E76E2CFE}D:\programme\steam\steamapps\common\assassin's creed revelations\acrpr.exe" = protocol=17 | dir=in | app=d:\programme\steam\steamapps\common\assassin's creed revelations\acrpr.exe | 
"UDP Query User{69AF59C5-B38B-4862-A48A-E2525172B451}D:\programme\qip\qip.exe" = protocol=17 | dir=in | app=d:\programme\qip\qip.exe | 
"UDP Query User{7176C3D4-5B83-4549-B75F-848AB6FC2B6C}D:\programme\samsung\npsdmpplayer.exe" = protocol=17 | dir=in | app=d:\programme\samsung\npsdmpplayer.exe | 
"UDP Query User{742421D8-1CA0-4099-BDB0-5C31A5CAEA4E}\\***\spiele\flatout2\flatout2.exe" = protocol=17 | dir=in | app=\\***\spiele\flatout2\flatout2.exe | 
"UDP Query User{9348871E-843F-4E68-A933-583002831100}D:\programme\qip\qip.exe" = protocol=17 | dir=in | app=d:\programme\qip\qip.exe | 
"UDP Query User{D99F029A-642D-4A99-9CC9-CD6B68A682E4}D:\programme\emule\emule.exe" = protocol=17 | dir=in | app=d:\programme\emule\emule.exe | 
"UDP Query User{E73C9315-DE93-4A23-A7E3-C7BA0E2CD9E7}C:\users\pille\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\pille\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{E798B193-53A8-41ED-B7E2-11CF97DDB217}D:\programme\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=d:\programme\musicbrainz picard\picard.exe | 
"UDP Query User{F134F2EA-0DFC-4E84-96BB-52FBED409071}D:\spiele\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires ii\age2_x1\age2_x1.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU 
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
"{361A49FA-59B3-49FB-8C3E-08AF3EA5791A}" = Application Verifier (x64)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6F29F195-B11C-3EAD-B883-997BB29DFA17}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3826F5-A2C1-40E3-A03F-49EFB2ABF62A}" = BOINC
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU 
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{965DF723-5688-359E-84D2-417CAFE644B5}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"AVG" = AVG 2012
"camcodec" = CamStudio Lossless Codec
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"MediaInfo" = MediaInfo 0.7.25
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Opera 12.02.1578" = Opera 12.02
"Pen Tablet Driver" = Bamboo
"Recuva" = Recuva
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.3
"{1D9943F4-2568-6DE3-0F01-C4A5BC665703}" = Napster 5 Beta
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44D9A2CB-0692-3180-B5E2-26F4E807D067}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FFEC1CA-DD48-43C4-8BA1-01A82B2C8837}" = QIP 2010 4444 Jeak-Edition
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E57197-30EC-444F-B1B8-A99AA2A45794}" = SteelSeries Xai Laser Mouse
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{CD27A577-BD77-481D-9E07-314AE9059A77}" = bcTester 4.9 (de)
"{D16CBD59-07B3-4F98-A404-01B6D87A90F2}" = BoneLab
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Active@ DVD Eraser v 1.1" = Active@ DVD Eraser v 1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Airport Mania" = Airport Mania
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CobBackup10" = Cobian Backup 10
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.Rhapsody.Napster5" = Napster 5 Beta
"Cpukiller3_is1" = Cpukiller3 v1.0.5
"Dangerous Waters_is1" = Dangerous Waters
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"GetASFStream" = GetASFStream
"Google Updater" = Google Updater
"GPS-Track-Analyse.NET_is1" = 5.0.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mp3tag" = Mp3tag v2.49b
"MPE" = MyPhoneExplorer
"MusicBrainz Picard" = MusicBrainz Picard
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.1.2
"Origin" = Origin
"PC Wizard 2012_is1" = PC Wizard 2012.2.0
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"rayatitray" = Ray Adams ATI Tray Tools
"Revo Uninstaller" = Revo Uninstaller 1.92
"SpeedFan" = SpeedFan (remove only)
"Starcraft" = Starcraft
"Steam App 12750" = GRID
"Steam App 17460" = Mass Effect
"Steam App 201870" = Assassin's Creed Revelations
"Steam App 216690" = XCOM: Enemy Unknown Demo
"Steam App 400" = Portal
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 620" = Portal 2
"Steam App 99300" = Renegade Ops
"TreeSize Free_is1" = TreeSize Free V2.7
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.1
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"XviD" = XviD MPEG-4 Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1931835600-3465660405-1110096234-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.08.2011 16:02:34 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Microsoft Visual Studio 9.0\VC\bin\ia64\pgosweep.exe".  Die abhängige Assemblierung
 "Microsoft.VC90.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.08.2011 16:05:03 | Computer Name = *** | Source = VSS | ID = 8194
Description = 
 
Error - 01.08.2011 16:10:04 | Computer Name = *** | Source = VSS | ID = 8194
Description = 
 
Error - 02.08.2011 16:00:05 | Computer Name = *** | Source = VSS | ID = 8194
Description = 
 
Error - 02.08.2011 16:05:03 | Computer Name = *** | Source = VSS | ID = 8194
Description = 
 
Error - 03.08.2011 16:00:05 | Computer Name = *** | Source = VSS | ID = 8194
Description = 
 
Error - 03.08.2011 16:05:04 | Computer Name = *** | Source = VSS | ID = 8194
Description = 
 
Error - 03.08.2011 16:10:04 | Computer Name = *** | Source = VSS | ID = 8194
Description = 
 
Error - 04.08.2011 16:00:06 | Computer Name = *** | Source = VSS | ID = 8194
Description = 
 
Error - 04.08.2011 16:05:04 | Computer Name = *** | Source = VSS | ID = 8194
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 02.02.2012 09:37:55 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
Error - 02.02.2012 09:38:25 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: URL::URL File: .\Utility\URL.cpp Line: 38 Invoked Function:
 URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL parameter=
 
Error - 02.02.2012 09:38:33 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
 1051 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 02.02.2012 09:38:33 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 02.02.2012 09:38:33 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
 1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 02.02.2012 09:38:33 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1019 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target 
 
Error - 02.02.2012 09:38:33 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 855 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
Error - 02.02.2012 09:38:33 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
Error - 02.02.2012 10:04:28 | Computer Name = *** | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
 
Error - 02.02.2012 10:04:28 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ Cobian Backup Boletus VSC Service Events ]
Error - 01.10.2010 13:55:38 | Computer Name = *** | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Timeout für den Vorgang wurde überschritten.
 
Error - 01.10.2010 14:40:28 | Computer Name = *** | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Timeout für den Vorgang wurde überschritten.
 
Error - 01.10.2010 14:52:33 | Computer Name = *** | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Timeout für den Vorgang wurde überschritten.
 
Error - 01.10.2010 15:11:17 | Computer Name = *** | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Protocol inconsistency. Purging the current snapshot set
 
Error - 01.10.2010 15:11:23 | Computer Name = *** | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Deletion of snapshot failed: The requested object does not exist.
 
Error - 01.10.2010 15:23:08 | Computer Name = *** | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Timeout für den Vorgang wurde überschritten.
 
Error - 01.10.2010 16:00:03 | Computer Name = *** | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Protocol inconsistency. Purging the current snapshot set
 
Error - 27.01.2011 17:10:03 | Computer Name = *** | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = The creation of a shadow copy is already in progress.
 
[ OSession Events ]
Error - 02.02.2012 12:42:15 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 415
 seconds with 360 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 08.10.2012 01:16:58 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lilsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 08.10.2012 01:17:25 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 08.10.2012 13:10:08 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ithsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 08.10.2012 13:10:08 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lilsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 09.10.2012 01:14:27 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ithsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 09.10.2012 01:14:27 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lilsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 09.10.2012 11:19:50 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ithsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 09.10.2012 11:19:50 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lilsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 09.10.2012 12:55:05 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ithsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
Error - 09.10.2012 12:55:05 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lilsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%577
 
 
< End of report >
         
Was kann ich nun weiter tun?

Alt 10.10.2012, 17:13   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Noch ein Fall von "Mail delivery failed: returning message to sender" - Standard

Noch ein Fall von "Mail delivery failed: returning message to sender"



Zitat:
Ich bekomme seit ein paar Tagen haufenweise folgendes von und auf web.de gesendet:
Schonmal davon gehört, dass Spammer ihre Absendeadressen fälschen?
Das ist nichts neues, rate mal wer die ganzen Error-Meldungen o.ä. vom MAILERDAEMON bekommt, wenn sie "zufällig" deine Mailadresse als Absenderadresse nehmen um Spam zu versenden

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 10.10.2012, 17:26   #3
Pill3
 
Noch ein Fall von "Mail delivery failed: returning message to sender" - Standard

Noch ein Fall von "Mail delivery failed: returning message to sender"



Zitat:
Schonmal davon gehört, dass Spammer ihre Absendeadressen fälschen?
Das ist nichts neues, rate mal wer die ganzen Error-Meldungen o.ä. vom MAILERDAEMON bekommt, wenn sie "zufällig" deine Mailadresse als Absenderadresse nehmen um Spam zu versenden
Schon klar, war nur gestern nicht mehr der wachste und hab wohl etwas umständlich formuliert... O:-)

Zitat:
Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Ja, den Abend vorher. Habs aber abgebrochen weils mir zu lange gedauert hat.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.08.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

09.10.2012 01:23:48
mbam-log-2012-10-09 (01-23-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 106904
Laufzeit: 23 Minute(n), 53 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Antwort

Themen zu Noch ein Fall von "Mail delivery failed: returning message to sender"
7-zip, adobe, application/pdf:, audacity, autorun, avg, bho, browser, eraser, explorer, failed, fehler, firefox, flash player, format, helper, index, install.exe, logfile, mail delivery, mail delivery failed, mozilla, mp3, myphoneexplorer, nemesis, object, office 2007, photoshop, realtek, recuva, registry, returning message to sender, rundll, scan, security, server, svchost.exe, tablet, tracker, udp, visual studio



Ähnliche Themen: Noch ein Fall von "Mail delivery failed: returning message to sender"


  1. bis zu 50 x am Tag: mail delivery failed: Returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 23.11.2015 (25)
  2. keineantwortadresse@web.de/Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 18.08.2014 (6)
  3. Mail delivery failed: returning message to sender
    Überwachung, Datenschutz und Spam - 16.07.2014 (3)
  4. mail delivery failed: returning message to sender - web.de account
    Plagegeister aller Art und deren Bekämpfung - 23.03.2014 (9)
  5. "Mail delivery failed: returning message to sender" bei web.de
    Log-Analyse und Auswertung - 28.01.2014 (1)
  6. Mail delivery failed: returning message to sender
    Log-Analyse und Auswertung - 06.12.2013 (7)
  7. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (11)
  8. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (8)
  9. Viele "Mail delivery failed: returning message to sender" und komische Emails im Postfach!
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (3)
  10. mail delivery failed: returning message to sender - web.de account
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (9)
  11. mail delivery failed: returning message to sender im gmx account
    Log-Analyse und Auswertung - 12.07.2013 (5)
  12. Mail delivery failed returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 14.06.2013 (7)
  13. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (3)
  14. mail delivery failed: returning message to sender bei web.de
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (11)
  15. Mail delivery failed: returning message to sender bei web.de
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (11)
  16. mail delivery failed: returning message to sender im web.de account
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (3)
  17. Mail Delivery Failed: Returning Message to Sender
    Alles rund um Windows - 10.10.2012 (1)

Zum Thema Noch ein Fall von "Mail delivery failed: returning message to sender" - Hallo Forum, jetzt scheint es auch meine web.de-Adresse erwischt zu haben. Ich bekomme seit ein paar Tagen haufenweise folgendes von und auf web.de gesendet: This message was created automatically by - Noch ein Fall von "Mail delivery failed: returning message to sender"...
Archiv
Du betrachtest: Noch ein Fall von "Mail delivery failed: returning message to sender" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.