Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TrojanDownloader: Win32/Renos.JM

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.02.2010, 12:01   #1
spiezzer
 
TrojanDownloader: Win32/Renos.JM - Ausrufezeichen

TrojanDownloader: Win32/Renos.JM



Hallo,
ich habe seit gestern ein Problem mit dem TrojanDownloader: Win32/renos.jm .
Windows Defender zeigt ihn und wenn man ihn löscht erscheint er kurze Zeit wieder im Defender.
Ich habe schon einen älteren Systemwiederherstellungspunkt geladen. Leider funktionierte danach mein Avira AntiVir nicht mehr, sprich der Guard startet nicht mehr und eine Systemüberprüfung ist auch nicht mehr möglich.

Guard Fehlermeldung:

Fehler in AntiVir Guard.
Fehlertext: ENGINE
Fehlercode: [<0x00000057> <0x000003E9>]

Systemüberprüfung Fehlerfenster:

Beim Laden des Moduls (aecore.dll) ist folgender Fehler aufgetreten:
User Record wurde verändert.


Außerdem habe ich gelesen, dass eine Systemwiederherstellung die Datei nicht entfernt.

Ich habe Windows Vista Ultimate 64Bit und habe CCleaner schon laufen lassen, nun weiß ich allerdings nicht ob ich die nächsten Schritte auch machen kann, da ich ja ein 64Bit System habe.

Bitte um Hilfe, möchte mein System nicht wieder neu auflegen.
Danke.

Mit freundlichen Grüßen spiezzer.

Geändert von spiezzer (02.02.2010 um 12:32 Uhr)

Alt 02.02.2010, 12:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



Hallo und

Hinweis: Du nutzt ein 64-Bit-Windows. Viele Tools, die wir hier als Hilfsmittel zum Bereinigen einsetzen, sind mit nem 64-Bit-Windows nicht kompatibel - das macht eine Bereinigung schwerer als sie ohnehin schon ist.

Mach bitte einen Durchgang mit Malwarebytes und poste das Log.
__________________

__________________

Alt 02.02.2010, 19:15   #3
spiezzer
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



Hallo,
hier die log.


Zitat:
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3677
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

02.02.2010 19:11:12
mbam-log-2010-02-02 (19-11-12).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 632984
Laufzeit: 2 hour(s), 57 minute(s), 29 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Setup\SCRIPTS\START.EXE (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\Backup\Diverse\Screensaver\Christmas\3D.Merry.Christmas.ScreenSaver\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
__________________

Alt 02.02.2010, 19:30   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



Das wirds wahrscheinlich noch nicht gewesen sein

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.02.2010, 19:32   #5
spiezzer
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



Wird gemacht.
Aber das der nichts Verdächtiges findet kann nicht mit Systemwiederherstellung zusammenhängen?


Alt 02.02.2010, 19:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



Kann ich so noch nicht genau sagen. Evtl. seh ich mehr schädliche EInträge im OTL-Log.
__________________
--> TrojanDownloader: Win32/Renos.JM

Alt 02.02.2010, 20:18   #7
spiezzer
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



Hier die OTL.txt

Zitat:
OTL logfile created on: 02.02.2010 19:34:52 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Heiner\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): c:\pagefile.sys 6139 6139 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 21,89 Gb Free Space | 8,96% Space Free | Partition Type: NTFS
Drive D: | 221,61 Gb Total Space | 51,19 Gb Free Space | 23,10% Space Free | Partition Type: NTFS
Drive E: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WOHNI
Current User Name: Heiner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Heiner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Programme\SetPoint\x86\SetPoint32.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Heiner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcp80.dll (Microsoft Corporation)
MOD - C:\Programme\SetPoint\x86\lgscroll.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (iPod Service) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (TeamViewer4) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Adobe LM Service) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 14:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (LibUsb-Win32)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV:64bit: - (Si3531) -- C:\Windows\SysNative\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\DRIVERS\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (MODEMCSA) -- C:\Windows\SysNative\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (s217mdm) -- C:\Windows\SysNative\DRIVERS\s217mdm.sys (MCCI Corporation)
DRV:64bit: - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\SysNative\DRIVERS\s217unic.sys (MCCI)
DRV:64bit: - (s217obex) -- C:\Windows\SysNative\DRIVERS\s217obex.sys (MCCI Corporation)
DRV:64bit: - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\SysNative\DRIVERS\s217nd5.sys (MCCI Corporation)
DRV:64bit: - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s217bus.sys (MCCI Corporation)
DRV:64bit: - (s217mdfl) -- C:\Windows\SysNative\DRIVERS\s217mdfl.sys (MCCI Corporation)
DRV:64bit: - (NWUSBPort) -- C:\Windows\SysNative\DRIVERS\nwusbser.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBModem) -- C:\Windows\SysNative\DRIVERS\nwusbmdm.sys (Novatel Wireless Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (TTCinergyT2) TerraTec Cinergy T² (BDA) -- C:\Windows\SysNative\DRIVERS\TTCinergyT2BDA.sys (TerraTec Electronic GmbH)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (NETw4v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys (Intel Corporation)
DRV:64bit: - (ElbyDelay) -- C:\Windows\SysNative\Drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (PStrip64) -- C:\Windows\SysNative\DRIVERS\PSTRIP64.SYS ()
DRV:64bit: - (smserial) -- C:\Windows\SysNative\DRIVERS\smserl64.sys (Motorola Inc.)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys (LibUsb-Win32)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (cdrbsdrv) -- C:\Windows\SysWOW64\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (itecir) -- C:\Windows\ITECIR [2008.08.27 23:05:10 | 000,000,000 | ---D | M]
DRV - (CSC) -- C:\Windows\CSC [2008.08.27 17:22:04 | 000,000,000 | ---D | M]
DRV - (adfs) -- C:\Windows\SysWOW64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyDelay) -- C:\Windows\SysWOW64\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (hotcore2) -- C:\Windows\system32\drivers\hotcore2.sys (Paragon Software Group)
DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: kosa@kallout.com:1.3.1.46
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.1
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.01.18 18:34:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.01.18 18:34:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\components [2010.01.18 18:34:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6b5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\plugins [2010.01.18 18:34:05 | 000,000,000 | ---D | M]

[2009.05.04 13:19:04 | 000,000,000 | ---D | M] -- C:\Users\Heiner\AppData\Roaming\mozilla\Extensions
[2010.01.31 16:32:59 | 000,000,000 | ---D | M] -- C:\Users\Heiner\AppData\Roaming\mozilla\Firefox\Profiles\ey95xvu7.default\extensions
[2009.08.24 14:32:11 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Heiner\AppData\Roaming\mozilla\Firefox\Profiles\ey95xvu7.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2009.10.29 18:34:42 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Heiner\AppData\Roaming\mozilla\Firefox\Profiles\ey95xvu7.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009.08.13 12:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiner\AppData\Roaming\mozilla\Firefox\Profiles\ey95xvu7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.06.14 12:35:32 | 000,000,000 | ---D | M] (JetFox Aqua) -- C:\Users\Heiner\AppData\Roaming\mozilla\Firefox\Profiles\ey95xvu7.default\extensions\{bdf8fec0-4c8b-11dd-ae16-0800200c9a66}
[2009.05.04 14:15:45 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Heiner\AppData\Roaming\mozilla\Firefox\Profiles\ey95xvu7.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.10.29 18:34:43 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Heiner\AppData\Roaming\mozilla\Firefox\Profiles\ey95xvu7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.11.02 15:33:10 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Heiner\AppData\Roaming\mozilla\Firefox\Profiles\ey95xvu7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.11.02 15:38:12 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Heiner\AppData\Roaming\mozilla\Firefox\Profiles\ey95xvu7.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.01.28 14:32:54 | 000,000,000 | ---D | M] -- C:\Users\Heiner\AppData\Roaming\mozilla\Firefox\Profiles\ey95xvu7.default\extensions\battlefieldheroespatcher@ea.com
[2009.10.28 14:23:06 | 000,000,000 | ---D | M] -- C:\Users\Heiner\AppData\Roaming\mozilla\Firefox\Profiles\ey95xvu7.default\extensions\kosa@kallout.com
[2009.09.18 15:59:32 | 000,000,000 | ---D | M] -- C:\Users\Heiner\AppData\Roaming\mozilla\Firefox\Profiles\ey95xvu7.default\extensions\moveplayer@movenetworks.com
[2010.01.25 18:10:10 | 000,000,950 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-1.xml
[2009.12.10 19:06:45 | 000,000,950 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-10.xml
[2009.12.12 19:42:10 | 000,000,950 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-11.xml
[2009.12.12 19:45:43 | 000,000,961 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-12.xml
[2009.12.13 17:43:41 | 000,000,950 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-13.xml
[2010.01.10 14:38:00 | 000,000,961 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-14.xml
[2010.01.14 15:54:16 | 000,000,950 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-15.xml
[2010.01.18 17:25:00 | 000,000,950 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-16.xml
[2010.01.19 16:02:34 | 000,000,950 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-17.xml
[2010.01.29 21:35:45 | 000,000,950 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-18.xml
[2010.01.31 16:32:57 | 000,000,961 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-19.xml
[2009.08.11 19:04:26 | 000,000,950 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-2.xml
[2010.02.01 21:34:36 | 000,000,950 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-20.xml
[2010.02.01 23:26:07 | 000,000,950 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-21.xml
[2009.08.13 12:44:03 | 000,000,950 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-3.xml
[2009.09.11 18:21:20 | 000,000,961 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-4.xml
[2009.11.02 15:32:07 | 000,000,961 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-5.xml
[2009.11.09 18:28:00 | 000,000,961 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-6.xml
[2009.11.09 19:20:38 | 000,000,961 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-7.xml
[2009.11.18 16:17:13 | 000,000,950 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-8.xml
[2009.12.04 14:34:59 | 000,000,961 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin-9.xml
[2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\Mozilla\FireFox\Profiles\ey95xvu7.default\searchplugins\icqplugin.xml
[2010.01.31 16:32:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.19 16:02:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.08.25 18:57:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.08.25 18:57:44 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009.08.25 18:57:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.09.11 18:21:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.08.25 18:57:44 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.05.04 13:47:47 | 000,001,239 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (Best Download Manager - FlashGet)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (Best Download Manager - FlashGet)
O3:64bit: - HKLM\..\Toolbar: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files (x86)\BS.Player ControlBar\BSToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Translate with &Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Translate with &Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9:64bit: - Extra Button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshel...onGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: D:\yodm3d\desktopwallpaper0.bmp
O24 - Desktop BackupWallPaper: D:\yodm3d\desktopwallpaper0.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.04 07:10:22 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.09.04 07:10:22 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{2b4f8f5a-79eb-11dd-b606-001060d0fb8e}\Shell\AutoRun\command - "" = start.exe
O33 - MountPoints2\{946d90ce-e239-11dd-a6f2-001060d0fb8e}\Shell - "" = AutoRun
O33 - MountPoints2\{946d90ce-e239-11dd-a6f2-001060d0fb8e}\Shell\AutoRun\command - "" = F:\start.exe -- File not found
O33 - MountPoints2\{d0150a4a-2cfe-11de-b8de-001060d0fb8e}\Shell\AutoRun\command - "" = start.exe
O33 - MountPoints2\{fe4c037e-7453-11dd-a2c4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe4c037e-7453-11dd-a2c4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009.09.04 07:10:22 | 000,214,408 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.02.02 19:34:00 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Heiner\Desktop\OTL.exe
[2010.02.02 19:19:03 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2010.02.02 12:53:27 | 000,000,000 | ---D | C] -- C:\Users\Heiner\AppData\Roaming\Malwarebytes
[2010.02.02 12:53:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.02.02 12:53:20 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.02.02 12:53:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.02.02 12:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.02.02 12:52:57 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Heiner\Desktop\mbam-setup.exe
[2010.02.01 23:14:33 | 061,379,912 | ---- | C] (Avira GmbH) -- C:\Users\Heiner\Desktop\rescue_system-common-en.exe
[2010.01.29 22:12:00 | 000,000,000 | ---D | C] -- C:\Users\Heiner\Desktop\Selig - Und endlich Unendlich
[2010.01.29 14:59:41 | 000,000,000 | ---D | C] -- C:\Users\Heiner\AppData\Roaming\InstallShield
[2010.01.25 16:17:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Camera_Bison_7.96.701.07_Vistax86
[2010.01.25 15:43:28 | 000,000,000 | ---D | C] -- C:\Windows\Snapshot
[2010.01.24 21:04:11 | 000,000,000 | ---D | C] -- C:\DRIVERS
[2010.01.24 20:37:06 | 000,000,000 | ---D | C] -- C:\Users\Heiner\AppData\Roaming\CyberLink
[2010.01.23 18:16:00 | 000,000,000 | ---D | C] -- C:\Users\Heiner\AppData\Roaming\Pegasys Inc
[2010.01.22 16:04:58 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.01.22 16:04:56 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.01.22 16:04:50 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.01.22 16:04:49 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.01.22 16:04:49 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.01.22 16:04:49 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010.01.22 16:04:49 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010.01.22 16:04:47 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010.01.22 16:04:46 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010.01.19 16:01:50 | 000,000,000 | ---D | C] -- C:\Users\Heiner\AppData\Local\AOL
[2010.01.19 16:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.0
[2010.01.18 18:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2010.01.18 18:36:51 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.01.18 18:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.01.12 21:32:33 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.01.12 21:32:33 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.01.12 21:32:33 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.01.12 21:32:33 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.01.11 18:38:13 | 000,000,000 | ---D | C] -- C:\Users\Heiner\Documents\KONAMI
[2010.01.11 18:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI
[2010.01.11 18:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI
[2010.01.05 18:51:35 | 000,000,000 | ---D | C] -- C:\Users\Heiner\Musik
[2007.10.22 03:31:06 | 001,673,224 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dsetup32.dll
[2007.10.22 03:31:06 | 000,502,792 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\DXSETUP.exe
[2007.10.22 03:31:06 | 000,076,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\DSETUP.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.02.02 19:35:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1E54261E-F0B5-4D29-A3C8-99305EF5D914}.job
[2010.02.02 19:34:59 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C38AAB0D-F01B-4FC8-9AB3-8786558E2E85}.job
[2010.02.02 19:34:36 | 005,767,168 | -HS- | M] () -- C:\Users\Heiner\ntuser.dat
[2010.02.02 19:34:00 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Heiner\Desktop\OTL.exe
[2010.02.02 19:25:09 | 001,647,594 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.02.02 19:25:09 | 000,704,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.02.02 19:25:09 | 000,658,764 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.02.02 19:25:09 | 000,159,322 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.02.02 19:25:09 | 000,130,498 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.02.02 19:21:15 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.02.02 19:19:32 | 000,002,497 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2010.02.02 19:19:31 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.02.02 19:19:08 | 000,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.02.02 19:19:08 | 000,003,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.02.02 19:19:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.02.02 19:18:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.02.02 19:18:57 | 4293,320,704 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.02 19:16:55 | 000,524,288 | -HS- | M] () -- C:\Users\Heiner\ntuser.dat{54366e83-0d13-11df-ac23-001060d0fb8e}.TMContainer00000000000000000001.regtrans-ms
[2010.02.02 19:16:55 | 000,065,536 | -HS- | M] () -- C:\Users\Heiner\ntuser.dat{54366e83-0d13-11df-ac23-001060d0fb8e}.TM.blf
[2010.02.02 19:16:48 | 000,001,627 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.02.02 19:16:37 | 003,314,431 | -H-- | M] () -- C:\Users\Heiner\AppData\Local\IconCache.db
[2010.02.02 18:52:55 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.02.02 12:53:24 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.02 12:52:59 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Heiner\Desktop\mbam-setup.exe
[2010.02.02 11:49:48 | 000,006,556 | ---- | M] () -- C:\Users\Heiner\Desktop\cc_20100202_114925.reg
[2010.02.02 11:49:06 | 000,070,918 | ---- | M] () -- C:\Users\Heiner\Desktop\cc_20100202_114840.reg
[2010.02.02 11:35:38 | 000,524,288 | -HS- | M] () -- C:\Users\Heiner\ntuser.dat{54366e83-0d13-11df-ac23-001060d0fb8e}.TMContainer00000000000000000002.regtrans-ms
[2010.02.01 23:16:19 | 061,379,912 | ---- | M] (Avira GmbH) -- C:\Users\Heiner\Desktop\rescue_system-common-en.exe
[2010.02.01 22:59:24 | 005,767,168 | -HS- | M] () -- C:\Users\Heiner\ntuser.dat_previous
[2010.02.01 22:59:23 | 000,524,288 | -HS- | M] () -- C:\Users\Heiner\ntuser.dat{9921dff5-b4d6-11de-bc9c-001060d0fb8e}.TMContainer00000000000000000001.regtrans-ms
[2010.02.01 22:59:23 | 000,065,536 | -HS- | M] () -- C:\Users\Heiner\ntuser.dat{9921dff5-b4d6-11de-bc9c-001060d0fb8e}.TM.blf
[2010.01.30 14:56:28 | 000,375,595 | ---- | M] () -- C:\Users\Heiner\Desktop\Produktvergleich.mht
[2010.01.29 14:59:51 | 000,000,583 | ---- | M] () -- C:\Windows\win.ini
[2010.01.28 14:44:19 | 000,190,160 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.01.28 14:44:19 | 000,190,160 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.01.24 20:49:15 | 003,223,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.01.23 18:34:20 | 000,051,712 | ---- | M] () -- C:\Users\Heiner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.23 11:02:36 | 000,000,600 | ---- | M] () -- C:\Users\Heiner\AppData\Roaming\winscp.rnd
[2010.01.12 19:28:15 | 000,000,034 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010.01.07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.01.07 16:07:06 | 000,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.02.02 12:53:24 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.02 12:11:47 | 4293,320,704 | -HS- | C] () -- C:\hiberfil.sys
[2010.02.02 11:49:26 | 000,006,556 | ---- | C] () -- C:\Users\Heiner\Desktop\cc_20100202_114925.reg
[2010.02.02 11:48:45 | 000,070,918 | ---- | C] () -- C:\Users\Heiner\Desktop\cc_20100202_114840.reg
[2010.02.01 23:01:44 | 000,524,288 | -HS- | C] () -- C:\Users\Heiner\ntuser.dat{54366e83-0d13-11df-ac23-001060d0fb8e}.TMContainer00000000000000000002.regtrans-ms
[2010.02.01 23:01:44 | 000,524,288 | -HS- | C] () -- C:\Users\Heiner\ntuser.dat{54366e83-0d13-11df-ac23-001060d0fb8e}.TMContainer00000000000000000001.regtrans-ms
[2010.02.01 23:01:44 | 000,065,536 | -HS- | C] () -- C:\Users\Heiner\ntuser.dat{54366e83-0d13-11df-ac23-001060d0fb8e}.TM.blf
[2010.01.30 14:56:28 | 000,375,595 | ---- | C] () -- C:\Users\Heiner\Desktop\Produktvergleich.mht
[2010.01.05 18:55:33 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.12.29 15:56:48 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\decdll.dll
[2009.11.07 17:35:50 | 000,000,080 | R--- | C] () -- C:\Windows\OEM.ini
[2009.09.11 14:07:20 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.11 14:05:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.10 10:21:38 | 000,425,572 | ---- | C] () -- C:\Users\Heiner\AppData\Local\dd_vcredistMSI57B0.txt
[2009.07.10 10:21:38 | 000,011,450 | ---- | C] () -- C:\Users\Heiner\AppData\Local\dd_vcredistUI57B0.txt
[2009.06.04 15:05:14 | 000,000,576 | ---- | C] () -- C:\ProgramData\afl.log
[2009.06.02 15:44:31 | 000,612,470 | ---- | C] () -- C:\Users\Heiner\AppData\Local\dd_NET_Framework35_LangPack_MSI35C2.txt
[2009.06.02 15:44:28 | 000,077,772 | ---- | C] () -- C:\Users\Heiner\AppData\Local\dd_dotnetfx35install_lp.txt
[2009.06.02 15:44:28 | 000,000,002 | ---- | C] () -- C:\Users\Heiner\AppData\Local\dd_dotnetfx35error_lp.txt
[2009.06.02 15:43:33 | 001,865,054 | ---- | C] () -- C:\Users\Heiner\AppData\Local\dd_NET_Framework35_x64_MSI3505.txt
[2009.06.02 15:42:10 | 000,232,450 | ---- | C] () -- C:\Users\Heiner\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009.06.02 15:42:06 | 000,231,434 | ---- | C] () -- C:\Users\Heiner\AppData\Local\dd_dotnetfx35install.txt
[2009.06.02 15:42:06 | 000,005,882 | ---- | C] () -- C:\Users\Heiner\AppData\Local\uxeventlog.txt
[2009.06.02 15:42:06 | 000,000,002 | ---- | C] () -- C:\Users\Heiner\AppData\Local\dd_dotnetfx35error.txt
[2009.06.01 16:34:51 | 000,000,600 | ---- | C] () -- C:\Users\Heiner\AppData\Roaming\winscp.rnd
[2009.05.26 14:55:42 | 000,000,009 | -HS- | C] () -- C:\Users\Heiner\AppData\Local\systemCurUses
[2009.05.26 14:55:41 | 000,000,006 | -HS- | C] () -- C:\Users\Heiner\AppData\Local\systemHdID
[2009.05.08 14:08:40 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2009.04.24 12:58:29 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.03.04 15:28:50 | 000,000,094 | ---- | C] () -- C:\Users\Heiner\AppData\Local\fusioncache.dat
[2009.02.11 19:39:32 | 000,283,070 | ---- | C] () -- C:\Users\Heiner\AppData\Local\qsdfiz_nav.dat
[2009.02.11 19:39:02 | 000,003,000 | ---- | C] () -- C:\Users\Heiner\AppData\Local\qsdfiz.dat
[2009.02.11 19:39:02 | 000,000,330 | ---- | C] () -- C:\Users\Heiner\AppData\Local\qsdfiz_navps.dat
[2009.02.11 19:39:02 | 000,000,090 | ---- | C] () -- C:\Users\Heiner\AppData\Local\qsdfiz.bat
[2009.01.15 20:19:27 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2008.11.15 12:25:13 | 000,051,712 | ---- | C] () -- C:\Users\Heiner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.29 17:57:52 | 000,000,023 | -HS- | C] () -- C:\Windows\SysWow64\ebcacfdfabc_z.dll
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.10.05 09:36:49 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2008.09.17 21:44:51 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\imgproc.dll
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.09.16 01:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008.09.16 01:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008.09.16 01:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008.09.12 21:17:28 | 000,042,226 | ---- | C] () -- C:\Windows\php.ini
[2008.09.09 10:38:33 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2008.09.09 10:37:25 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.09.04 19:46:09 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.09.04 19:46:09 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008.09.03 09:03:33 | 004,239,360 | ---- | C] () -- C:\Windows\SysWow64\qtp-mt334.dll
[2008.09.03 09:03:33 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll
[2008.08.28 02:24:42 | 000,000,088 | RHS- | C] () -- C:\ProgramData\BF99FCB3F6.sys
[2008.08.28 02:24:41 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.08.28 00:00:45 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.08.27 23:02:15 | 000,056,414 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.08.27 23:02:15 | 000,056,414 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.08.27 21:56:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.08.27 21:17:40 | 001,630,270 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.01.21 03:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.11.02 03:27:18 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\Spyder3.sys
[2007.11.02 03:27:18 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\Spyder3.sys
[2007.10.22 03:49:52 | 001,805,306 | ---- | C] () -- C:\Program Files (x86)\NOV2007_d3dx9_36_x64.cab
[2007.10.22 03:49:50 | 000,867,848 | ---- | C] () -- C:\Program Files (x86)\NOV2007_d3dx10_36_x64.cab
[2007.10.22 03:49:48 | 001,712,608 | ---- | C] () -- C:\Program Files (x86)\NOV2007_d3dx9_36_x86.cab
[2007.10.22 03:49:48 | 000,807,132 | ---- | C] () -- C:\Program Files (x86)\NOV2007_d3dx10_36_x86.cab
[2007.10.22 03:49:48 | 000,200,010 | ---- | C] () -- C:\Program Files (x86)\NOV2007_XACT_x64.cab
[2007.10.22 03:49:48 | 000,151,512 | ---- | C] () -- C:\Program Files (x86)\NOV2007_XACT_x86.cab
[2007.10.22 03:49:48 | 000,049,392 | ---- | C] () -- C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab
[2007.10.22 03:49:48 | 000,044,850 | ---- | C] () -- C:\Program Files (x86)\dxdllreg_x86.cab
[2007.10.22 03:49:48 | 000,021,744 | ---- | C] () -- C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab
[2007.10.22 03:31:06 | 001,611,374 | ---- | C] () -- C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab
[2007.10.22 03:31:06 | 001,610,886 | ---- | C] () -- C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab
[2007.10.22 03:31:06 | 001,413,862 | ---- | C] () -- C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab
[2007.10.22 03:31:06 | 001,128,177 | ---- | C] () -- C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab
[2007.10.22 03:31:06 | 000,702,644 | ---- | C] () -- C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab
[2007.10.22 03:31:06 | 000,702,072 | ---- | C] () -- C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab
[2007.10.22 03:31:06 | 000,200,722 | ---- | C] () -- C:\Program Files (x86)\JUN2007_XACT_x64.cab
[2007.10.22 03:31:06 | 000,183,321 | ---- | C] () -- C:\Program Files (x86)\OCT2006_XACT_x64.cab
[2007.10.22 03:31:06 | 000,181,745 | ---- | C] () -- C:\Program Files (x86)\JUN2006_XACT_x64.cab
[2007.10.22 03:31:06 | 000,156,509 | ---- | C] () -- C:\Program Files (x86)\JUN2007_XACT_x86.cab
[2007.10.22 03:31:06 | 000,138,977 | ---- | C] () -- C:\Program Files (x86)\OCT2006_XACT_x86.cab
[2007.10.22 03:31:06 | 000,134,631 | ---- | C] () -- C:\Program Files (x86)\JUN2006_XACT_x86.cab
[2007.10.22 03:31:06 | 000,086,925 | ---- | C] () -- C:\Program Files (x86)\Oct2005_xinput_x64.cab
[2007.10.22 03:31:06 | 000,086,802 | ---- | C] () -- C:\Program Files (x86)\dxupdate.cab
[2007.10.22 03:31:06 | 000,046,247 | ---- | C] () -- C:\Program Files (x86)\Oct2005_xinput_x86.cab
[2007.10.22 03:31:04 | 001,803,760 | ---- | C] () -- C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab
[2007.10.22 03:31:04 | 001,711,752 | ---- | C] () -- C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab
[2007.10.22 03:31:04 | 001,575,336 | ---- | C] () -- C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab
[2007.10.22 03:31:04 | 001,572,114 | ---- | C] () -- C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab
[2007.10.22 03:31:04 | 001,363,684 | ---- | C] () -- C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
[2007.10.22 03:31:04 | 001,358,864 | ---- | C] () -- C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
[2007.10.22 03:31:04 | 001,351,430 | ---- | C] () -- C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
[2007.10.22 03:31:04 | 001,336,890 | ---- | C] () -- C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
[2007.10.22 03:31:04 | 001,248,387 | ---- | C] () -- C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
[2007.10.22 03:31:04 | 001,085,608 | ---- | C] () -- C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
[2007.10.22 03:31:04 | 001,080,344 | ---- | C] () -- C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
[2007.10.22 03:31:04 | 001,078,532 | ---- | C] () -- C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
[2007.10.22 03:31:04 | 001,065,813 | ---- | C] () -- C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
[2007.10.22 03:31:04 | 001,014,113 | ---- | C] () -- C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
[2007.10.22 03:31:04 | 000,855,886 | ---- | C] () -- C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab
[2007.10.22 03:31:04 | 000,800,467 | ---- | C] () -- C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab
[2007.10.22 03:31:04 | 000,213,767 | ---- | C] () -- C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab
[2007.10.22 03:31:04 | 000,201,696 | ---- | C] () -- C:\Program Files (x86)\AUG2007_XACT_x64.cab
[2007.10.22 03:31:04 | 000,198,275 | ---- | C] () -- C:\Program Files (x86)\FEB2007_XACT_x64.cab
[2007.10.22 03:31:04 | 000,193,435 | ---- | C] () -- C:\Program Files (x86)\DEC2006_XACT_x64.cab
[2007.10.22 03:31:04 | 000,192,680 | ---- | C] () -- C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab
[2007.10.22 03:31:04 | 000,183,863 | ---- | C] () -- C:\Program Files (x86)\AUG2006_XACT_x64.cab
[2007.10.22 03:31:04 | 000,179,247 | ---- | C] () -- C:\Program Files (x86)\Feb2006_XACT_x64.cab
[2007.10.22 03:31:04 | 000,156,612 | ---- | C] () -- C:\Program Files (x86)\AUG2007_XACT_x86.cab
[2007.10.22 03:31:04 | 000,154,825 | ---- | C] () -- C:\Program Files (x86)\APR2007_XACT_x86.cab
[2007.10.22 03:31:04 | 000,151,583 | ---- | C] () -- C:\Program Files (x86)\FEB2007_XACT_x86.cab
[2007.10.22 03:31:04 | 000,146,559 | ---- | C] () -- C:\Program Files (x86)\DEC2006_XACT_x86.cab
[2007.10.22 03:31:04 | 000,138,195 | ---- | C] () -- C:\Program Files (x86)\AUG2006_XACT_x86.cab
[2007.10.22 03:31:04 | 000,133,297 | ---- | C] () -- C:\Program Files (x86)\Feb2006_XACT_x86.cab
[2007.10.22 03:31:04 | 000,100,417 | ---- | C] () -- C:\Program Files (x86)\APR2007_xinput_x64.cab
[2007.10.22 03:31:04 | 000,088,102 | ---- | C] () -- C:\Program Files (x86)\AUG2006_xinput_x64.cab
[2007.10.22 03:31:04 | 000,056,902 | ---- | C] () -- C:\Program Files (x86)\APR2007_xinput_x86.cab
[2007.10.22 03:31:04 | 000,047,018 | ---- | C] () -- C:\Program Files (x86)\AUG2006_xinput_x86.cab
[2007.10.22 03:31:02 | 013,265,040 | ---- | C] () -- C:\Program Files (x86)\dxnt.cab
[2007.10.22 03:31:02 | 004,163,518 | ---- | C] () -- C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
[2007.10.22 03:31:02 | 001,610,958 | ---- | C] () -- C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
[2007.10.22 03:31:02 | 001,609,639 | ---- | C] () -- C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
[2007.10.22 03:31:02 | 001,398,718 | ---- | C] () -- C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
[2007.10.22 03:31:02 | 001,348,242 | ---- | C] () -- C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
[2007.10.22 03:31:02 | 001,156,363 | ---- | C] () -- C:\Program Files (x86)\BDANT.cab
[2007.10.22 03:31:02 | 001,116,109 | ---- | C] () -- C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
[2007.10.22 03:31:02 | 001,079,850 | ---- | C] () -- C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
[2007.10.22 03:31:02 | 000,976,020 | ---- | C] () -- C:\Program Files (x86)\BDAXP.cab
[2007.10.22 03:31:02 | 000,917,318 | ---- | C] () -- C:\Program Files (x86)\Apr2006_MDX1_x86.cab
[2007.10.22 03:31:02 | 000,702,212 | ---- | C] () -- C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
[2007.10.22 03:31:02 | 000,699,465 | ---- | C] () -- C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
[2007.10.22 03:31:02 | 000,199,366 | ---- | C] () -- C:\Program Files (x86)\APR2007_XACT_x64.cab
[2007.10.22 03:31:02 | 000,180,021 | ---- | C] () -- C:\Program Files (x86)\Apr2006_XACT_x64.cab
[2007.10.22 03:31:02 | 000,133,991 | ---- | C] () -- C:\Program Files (x86)\Apr2006_XACT_x86.cab
[2007.10.22 03:31:02 | 000,087,989 | ---- | C] () -- C:\Program Files (x86)\Apr2006_xinput_x64.cab
[2007.10.22 03:31:02 | 000,046,898 | ---- | C] () -- C:\Program Files (x86)\Apr2006_xinput_x86.cab
[2007.10.18 15:35:44 | 000,044,344 | ---- | C] () -- C:\Windows\SysWow64\i1display.sys
[2007.10.18 15:35:44 | 000,044,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\i1display.sys
[2007.10.18 14:44:25 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\Spyder2.sys
[2007.10.18 14:44:25 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\Spyder2.sys
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007.03.12 20:31:28 | 001,732,608 | ---- | C] () -- C:\Windows\SysWow64\BCGPStyle2007Luna.dll
[2006.12.27 12:43:19 | 000,044,344 | ---- | C] () -- C:\Windows\SysWow64\seqcal.sys
[2006.12.27 12:43:19 | 000,044,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\seqcal.sys
[2005.11.10 02:52:42 | 000,059,392 | ---- | C] () -- C:\Windows\sm56spn.dll
[2005.11.10 02:52:42 | 000,059,392 | ---- | C] () -- C:\Windows\sm56itl.dll
[2005.11.10 02:52:42 | 000,059,392 | ---- | C] () -- C:\Windows\sm56eng.dll
[2005.11.10 02:52:42 | 000,059,392 | ---- | C] () -- C:\Windows\sm56brz.dll
[2005.11.10 02:52:42 | 000,053,248 | ---- | C] () -- C:\Windows\sm56ger.dll
[2005.11.10 02:52:42 | 000,053,248 | ---- | C] () -- C:\Windows\sm56fra.dll
[2005.11.10 02:52:42 | 000,045,056 | ---- | C] () -- C:\Windows\sm56jpn.dll
[2005.11.10 02:52:42 | 000,040,960 | ---- | C] () -- C:\Windows\sm56cht.dll
[2005.11.10 02:52:42 | 000,040,960 | ---- | C] () -- C:\Windows\sm56chs.dll
< End of report >

Alt 02.02.2010, 20:20   #8
spiezzer
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



Und hier die Extras.Txt

Zitat:
OTL Extras logfile created on: 02.02.2010 19:34:52 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Heiner\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): c:\pagefile.sys 6139 6139 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 21,89 Gb Free Space | 8,96% Space Free | Partition Type: NTFS
Drive D: | 221,61 Gb Total Space | 51,19 Gb Free Space | 23,10% Space Free | Partition Type: NTFS
Drive E: | 7,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WOHNI
Current User Name: Heiner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, XnView Software - Free graphic and photo viewer, converter, organizer)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, XnView Software - Free graphic and photo viewer, converter, organizer)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = BE CE 10 E7 3F 7B CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-200940536-1035410928-3789114660-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB090F8-EF50-46B4-8333-AE68F95E48B3}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{17FB0BE6-2692-4CB0-A0ED-57577E248F22}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C3589F4-6A5F-4303-B61F-133B51A55874}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E5C4373-2374-4F30-8B7C-A193DDAC1629}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22DBCC80-BA71-41A3-BF01-FB15F1853F75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{28F4DFDF-353B-47C0-8B28-33B89C1040B0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2F4897A1-25CB-4E22-85D8-260C631BB5F4}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{34C7B646-9FDF-4550-AFFA-C4EB4837B2A7}" = rport=445 | protocol=6 | dir=out | app=system |
"{39C24B4E-45DA-492B-81A6-F8F1C04F1B70}" = lport=138 | protocol=17 | dir=in | app=system |
"{3A14D995-F31B-4F49-93F3-D55B0A06F178}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AD10F47-3758-4E4E-9773-B41C6C070532}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{412781CA-9753-4B1E-886A-F93CA642F3CD}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{4383CD67-50E6-4D6F-9F23-BE19F43F3782}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{441F59BB-5D64-4DB0-BC4C-F182435B33F9}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{463421CE-79DF-4AE2-82BB-70062A5359B9}" = rport=139 | protocol=6 | dir=out | app=system |
"{4F0E3426-4A85-455D-AA2F-78ABE057C912}" = lport=2869 | protocol=6 | dir=in | app=system |
"{530A0072-F915-487B-8EE9-6A402DDA9398}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5CA3E56B-B27C-4813-9B17-E5FCB6984607}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6F31C8C2-89BA-4ADA-956D-ABB6C7204822}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{7CA4C07E-9A9B-4681-935F-DE23BBE22F15}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{9D137B6B-5FC5-4B88-BD3D-1D3C61CE073A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A31E1A25-889D-4CC3-8F2C-8D47AC409733}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A6C15597-D803-4428-8619-567D244884E5}" = rport=137 | protocol=17 | dir=out | app=system |
"{A6E4D3E0-3B97-4E0E-909A-C68A85D3097E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC5714D0-B693-4B01-A034-CFAE91FCF687}" = lport=137 | protocol=17 | dir=in | app=system |
"{B2113606-7498-4C9F-BD81-9DEBC15BD85F}" = lport=445 | protocol=6 | dir=in | app=system |
"{B4386C9A-C252-4393-8554-A5558C777E4F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C89C9EC5-97D0-4A23-8F66-690E0C426A69}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E39AE534-2D0C-4309-A496-3FE7F9B52252}" = rport=138 | protocol=17 | dir=out | app=system |
"{EBBAAFDE-F79C-46BB-9624-18D98A78CF5A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F719331E-D054-4BF3-8178-7A59B0C2E67D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F71D326A-1188-449C-A8C2-4BC7528466EE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FB6E55A8-BDC0-400C-B8CB-9A8B989DC87C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00507F51-F983-44D1-BEF1-3EEFE6667A0F}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{00B662CC-FB8F-4F2F-BD87-0E8E1CFB7981}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{035BD105-5E31-43D4-86F8-3792632B9C62}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0516CFEC-8512-4303-B815-D007077A53F2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{05EBD28A-E7A0-4A5B-8B32-D91B0965C505}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0C0E8CDE-E684-4266-B68D-98AC355E08B4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{0D8AEDFB-F8E5-4AEC-B8BF-4E7C3BE4D3BD}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{11E41F44-5AA7-4F91-A703-640D1C929C13}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{145AF2E8-79D1-498D-AFD6-A407F5841977}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{16B61B3E-B519-4CE8-8200-4881A25C06A2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{181FF17E-AA2C-49AE-AAD4-70B9F6B7D424}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{1CA1F425-0384-4ACF-A062-3A2C6184BEDF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1D0228C8-ECBF-4F77-B001-DE0FBEE2F427}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"{2304FF36-1C55-4E7E-8754-8F9DFF6D6E09}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{25DEB860-1AA5-49FB-BD23-342E026A394B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{29B2FD19-5797-477F-A021-5050C10F7367}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2A90A66E-8554-47A3-A241-A216422CBC27}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{2E72B76E-1877-4F92-9312-FCECF4A34007}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{339EA4C5-022B-4EF6-9304-2861F8D98031}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{3754C910-8254-4EA5-AD7F-1BBE7D3CFD1F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{399A47F5-F7CB-4F29-BCA7-97479D058332}" = protocol=6 | dir=in | app=d:\pes 2010\pes2010.exe |
"{3C801A15-C7FB-4CFE-835B-055CB1CA0B4B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3CA28CA8-F5F2-4F17-AD8E-302354971036}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3DCD1218-1500-46F0-A587-6D77DAE255AC}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{40C61BDF-FB7E-429B-85C2-F3CE2443CBAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{41260E85-3B8A-46FB-BD23-A0BD51A10D7E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{44942166-C098-4536-A3B1-0525790CB0F6}" = protocol=17 | dir=in | app=c:\users\heiner\appdata\local\temp\{7d71925d-3d8f-4463-814a-8b260f794879}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{4731C5F6-9ADD-4DD2-B478-ECDA57B2285B}" = protocol=17 | dir=in | app=d:\pes 2010\pes2010.exe |
"{4C50E2EA-350E-4D81-88C8-361DF93B9CBE}" = protocol=6 | dir=in | app=c:\users\heiner\appdata\local\temp\{7d71925d-3d8f-4463-814a-8b260f794879}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{4EB19483-4B48-4450-97C9-799FC2CEBF30}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{50F426E0-0540-49D8-920F-052738E35664}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55E172C6-690F-4FED-AC3F-73ED56720043}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{57F90C0E-05F1-43CC-81C4-E485DE783BEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59A6DE4A-4D3E-443B-B787-890E9FA811BA}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5B83C3EB-CDB4-4BFE-82A2-751A1BEB06EF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6123B0AE-020B-461F-9980-F32FC83536D9}" = protocol=17 | dir=in | app=d:\pes 2010\pes2010.exe |
"{61694D0F-29CC-4BED-9B24-C71DC130A6EE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{64D9F302-7CBB-4AD1-9352-A2BDF2776972}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{66238B87-B5CC-44B9-9DE6-11212A8AA1E4}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{66B385E1-40A9-4E96-AA82-C69775A5F086}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7CF402B7-0CC3-454D-816F-E4533220D89F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{834DCF47-883F-4A64-ACE0-AF87B7BB8231}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{8D8C927A-7391-4C2F-80E1-82F8F364EA73}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe |
"{8DD31696-8ED8-4B07-8712-1C0849A84E8B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{90469B4A-26A1-476A-834D-D4A8CC7DA77B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94829483-0917-4BAC-87ED-396801FFABB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94D4929E-50F8-4970-BC6C-F546D3191A5F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{97C6FA19-A75D-47C5-9B39-1B7FA914A7D8}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{97E43C6B-7316-4F1D-A372-9D090536E950}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9AAC4BC4-00C2-42A2-BFFF-A1BF99949C23}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C1C85F8-EEFE-4626-8DD2-DD6746AB9F6A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9D4EFB2E-227A-4E6C-9FC7-BD5F167CF41C}" = protocol=6 | dir=in | app=d:\programme\pes2010.exe |
"{9FB69690-94DA-49E9-8BFC-E5F9C29BA7F6}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"{A236B140-9772-43FC-A1FD-200EFCF42DF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A32B9E61-648F-437E-9801-C01798E90296}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A4DD0ED3-D364-4CBB-80E4-661C3BA54189}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A85F904D-5E88-43C5-9C22-4E18EDCA1648}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{AE04A280-FA6E-45FD-A585-93EEBDBC205E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AFEA2BAF-A974-43A4-8E0C-9CADCC8CB52D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{B2A1A726-E909-40EB-A43A-28D966AA8BB7}" = protocol=6 | dir=out | app=system |
"{B4880560-3261-409B-A468-376E957C4328}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B97B3414-D994-4473-90F8-C097C44A9B0E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{BCED9877-5CED-4C0D-B68E-78D32209B42F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{C1FC3899-A59C-40F4-B244-6D391CA95940}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{C60DEA9B-F3EF-4980-A404-FADC8EB0D1D8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C6B5AD3F-C4C8-4572-AF8C-BC90B204437A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{C939922F-4B03-4929-BC4F-91716F9BC4D4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CA8DFC65-6604-4D74-9255-1EAB17EA5582}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CB7FAFC1-C4C0-451A-9933-218326EB3842}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe |
"{CD880311-CD2D-4CA4-9060-79A39461B6AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1C7EEDB-716B-4078-B43A-B97958CE32BE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D1D7B21E-4C47-4F55-89A4-0D8D1A7B4391}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{D8B3FF40-9D2D-4E16-9CC0-A0D64E14673F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{DCA27A6B-AE90-4822-A52E-B1E55BF98EBE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DDB7AFCA-A9A6-43F7-8DCE-7B8D56EE14B9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{E4177CDA-FDAF-45E1-B7C3-5B68F78EA68F}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{E52C4975-4F66-417E-9ED8-983A0A01CE21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E599F855-8844-46AA-925A-A6454D60C8B0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{EA91D4BE-B440-4846-BB38-F6443DDA9D4B}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe |
"{EAE4C3E5-7EC3-4ADE-9D54-0D2532244A8A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{EB04F6F5-3F9D-4E03-838C-0E470B7E323B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{ED4C2DC9-7F55-445C-A93D-2F49C0EA826C}" = protocol=17 | dir=in | app=d:\programme\pes2010.exe |
"{EF7EE7FE-930D-4F3D-9857-FF04EEFF52F4}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe |
"{FF4A8D93-DBE8-450E-8A80-57A52050DC33}" = protocol=6 | dir=in | app=d:\pes 2010\pes2010.exe |
"TCP Query User{0282B9A2-2DCC-4959-BCE8-72762D0CE3DD}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{0B3F9173-77CD-4C76-A0AE-92653AF6AB5F}C:\program files (x86)\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe |
"TCP Query User{0C62A3CA-4778-4A02-97D1-D84EC9BE812D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{0EB665B2-88CC-4A95-8709-BCB8FEE10473}C:\program files (x86)\emule0.49b\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule0.49b\emule.exe |
"TCP Query User{22C18995-8377-489E-974F-A07A78D09A16}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"TCP Query User{307EE301-023E-4873-A09F-E431C8E8E503}D:\backup\neu\charon\charon.exe" = protocol=6 | dir=in | app=d:\backup\neu\charon\charon.exe |
"TCP Query User{37A157F4-CE02-4352-84BE-B265B4022390}C:\program files (x86)\java\jre1.6.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\java.exe |
"TCP Query User{4314B5BF-CA0B-4C74-949D-9718C9A3FCA7}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"TCP Query User{49DD5781-0D28-4CC1-BE80-2E17A334DBD3}C:\program files (x86)\flashget network\flashget universal\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget universal\flashget.exe |
"TCP Query User{4C4DE198-2CEC-4271-BB2E-CA2A76C4EAE7}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{5322C24B-E9B2-4D89-8EC3-F3C5D36AF8E5}C:\program files (x86)\emule0.49b\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule0.49b\emule.exe |
"TCP Query User{54DCAB59-996A-4B95-BE54-FE910E7ED6AE}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe |
"TCP Query User{5FA644DE-9E9C-40D4-A911-92FD762FAEB1}C:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"TCP Query User{7A517E4C-F33F-4082-826E-AF3887C27B08}D:\wikipedia-dvd 2007-2008\zenoreader.exe" = protocol=6 | dir=in | app=d:\wikipedia-dvd 2007-2008\zenoreader.exe |
"TCP Query User{81D542E6-EF33-46BD-A7B5-D987D67E537E}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{8B789252-BF39-4996-BB96-D063EA1EFF2D}C:\program files (x86)\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe |
"TCP Query User{8D35BF3C-B831-4DB6-9679-7EE3E0813D42}C:\program files (x86)\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe |
"TCP Query User{9266582C-C063-47B5-9946-187890BFDCCB}C:\users\heiner\appdata\local\temp\rar$ex18.549\blobby-server.exe" = protocol=6 | dir=in | app=c:\users\heiner\appdata\local\temp\rar$ex18.549\blobby-server.exe |
"TCP Query User{A511868A-46CF-47E0-8C02-69A39086CD5E}C:\users\heiner\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\heiner\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"TCP Query User{A73CC260-E8B3-42B9-A6ED-BB01317564BA}D:\wikipedia-dvd 2007-2008\zenoreader.exe" = protocol=6 | dir=in | app=d:\wikipedia-dvd 2007-2008\zenoreader.exe |
"TCP Query User{A8E49EEE-75A8-4C1F-AA78-5339C71B7F45}C:\program files (x86)\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zattoo\zattoo.exe |
"TCP Query User{AB72F41B-8B30-4126-BC1A-4D52BB66C6B6}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe |
"TCP Query User{B261188E-1E3C-4C44-9BE1-9B331EA51F46}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{B30BD908-7407-4262-9D43-C2F28D284B23}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"TCP Query User{B33C9592-B545-4823-9AB9-B1BE374DF646}C:\program files (x86)\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe |
"TCP Query User{C55C96F3-FCB9-4066-8B1E-B9E389224248}C:\program files (x86)\oxylbox\apache2\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oxylbox\apache2\bin\apache.exe |
"TCP Query User{D3518258-A1C6-4212-91DE-30A7CF93AF38}C:\program files (x86)\aspyr\guitar hero iii\gh3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aspyr\guitar hero iii\gh3.exe |
"TCP Query User{D688E518-6361-4D30-B514-244309376325}C:\program files (x86)\oxylbox\apache2\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oxylbox\apache2\bin\apache.exe |
"TCP Query User{E2043AEA-2508-4190-85AE-BB729ED26B28}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{E9474DF6-CCAE-4E58-8241-6989E4C126BB}C:\program files (x86)\concept design\onlinetv 4\onlinetv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\concept design\onlinetv 4\onlinetv.exe |
"TCP Query User{F1646C86-ED0A-4358-9429-24F56B356E4B}C:\program files (x86)\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe |
"TCP Query User{F8D339FA-9D39-416D-B4BE-09239405AC49}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{0D4B444A-1565-4B07-9F21-785BF0DE3DF6}D:\wikipedia-dvd 2007-2008\zenoreader.exe" = protocol=17 | dir=in | app=d:\wikipedia-dvd 2007-2008\zenoreader.exe |
"UDP Query User{0F15EA89-6EE9-4C04-8786-19D71DF450D7}C:\program files (x86)\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe |
"UDP Query User{0F3BD528-013A-456A-A15F-EED0498995ED}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{0FC14EBA-7CC9-4B46-9D71-AEC4F082758F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{1C06C975-ECCF-4BCE-9D05-F93B1FF913BC}C:\program files (x86)\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe |
"UDP Query User{1D52FEC6-004A-46B0-B1AF-C2CCB09E1F38}C:\program files (x86)\oxylbox\apache2\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oxylbox\apache2\bin\apache.exe |
"UDP Query User{23E1C60C-AC83-494A-AD90-2A98D961D461}C:\program files (x86)\emule0.49b\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule0.49b\emule.exe |
"UDP Query User{2B6BCCE1-1B6E-427E-B861-38994223E893}C:\program files (x86)\concept design\onlinetv 4\onlinetv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\concept design\onlinetv 4\onlinetv.exe |
"UDP Query User{2DFC9819-144A-4986-9EA3-4B6A32D0B0C5}C:\users\heiner\appdata\local\temp\rar$ex18.549\blobby-server.exe" = protocol=17 | dir=in | app=c:\users\heiner\appdata\local\temp\rar$ex18.549\blobby-server.exe |
"UDP Query User{2E7F90F0-AB5D-4851-8F0E-959FEE1A190E}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{3EC722B7-BB6A-4187-82F5-EB46F21AA51D}C:\program files (x86)\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe |
"UDP Query User{47DFDF8D-9EEA-44A6-84CA-5F83D00A09FB}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{48435645-A8DE-4BD8-9157-EC392774F39C}C:\program files (x86)\aspyr\guitar hero iii\gh3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aspyr\guitar hero iii\gh3.exe |
"UDP Query User{4D1B5CDE-A595-435F-9980-FA5453D01895}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"UDP Query User{5136EC8A-43EA-4A93-BB00-0021574106F4}C:\program files (x86)\java\jre1.6.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\java.exe |
"UDP Query User{590884D4-F728-4AA0-AB94-8C6BA15A64C8}C:\program files (x86)\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe |
"UDP Query User{59FB2021-74DB-4912-B031-210562DAE745}C:\program files (x86)\flashget network\flashget universal\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget universal\flashget.exe |
"UDP Query User{5A445CCC-CAA2-4DB6-8074-FB91DBBDFB68}C:\program files (x86)\emule0.49b\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule0.49b\emule.exe |
"UDP Query User{6B1A86B1-AD2D-4505-8104-A1DE0854B0EA}C:\users\heiner\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\heiner\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"UDP Query User{7291ADD6-461B-421E-89A1-5B8B8879D828}C:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"UDP Query User{7329F225-E1B6-4B2C-955B-97306A13FD18}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{7408C903-54C7-4F1B-A8CE-66521EEFCA54}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
"UDP Query User{7F0AB3BD-1490-46A6-B9FF-38621A71AB7A}D:\backup\neu\charon\charon.exe" = protocol=17 | dir=in | app=d:\backup\neu\charon\charon.exe |
"UDP Query User{8EA5DBFA-B7AA-4564-B1E1-E0F9FB6EECDF}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe |
"UDP Query User{93180809-9369-403C-9913-1DD02E57416C}C:\program files (x86)\oxylbox\apache2\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oxylbox\apache2\bin\apache.exe |
"UDP Query User{AFBEDDBD-D091-4A5B-BD9B-EB2CA4540070}C:\program files (x86)\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe |
"UDP Query User{B88B635B-0F08-403D-A579-B370E1C6A8A3}D:\wikipedia-dvd 2007-2008\zenoreader.exe" = protocol=17 | dir=in | app=d:\wikipedia-dvd 2007-2008\zenoreader.exe |
"UDP Query User{C0ACAC58-669A-4ECB-A93A-2379284425E8}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{C567DC5B-AEC2-4C2C-8885-7AB3BBCAE106}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{CBBEEC41-7939-465A-B851-7A5BC5960392}C:\program files (x86)\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zattoo\zattoo.exe |
"UDP Query User{D2D7A124-62F0-41D4-A15A-599104A2EE96}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe |
"UDP Query User{EB8ABB34-ABCC-4814-96C6-C22A7E69715D}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07104040-959A-4B0D-8825-2C533F0DDB19}" = Encarta Suchleiste (64-bits)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08104040-959A-4B0D-8825-2C533F0DDB19}" = Encarta Suchleiste (64-bits)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{38FA7C5F-914D-4725-ACF2-2FD940AD0BF9}" = Adobe Photoshop Lightroom 2.1 64-bit
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7F6C6990-E99A-4835-8861-BA0E319EA074}" = iTunes
"{8164DB37-0ED4-4DDA-9644-E0B7A42205CB}" = Motorola Driver Installation 3.4.0
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DE4ACC36-9BF6-4466-B3C7-2EE1615EBC68}" = Apple Mobile Device Support
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"2ADF4484850200A062B66ED19240994480D85943" = Windows-Treiberpaket - ITE Tech.Inc. (itecir) HIDClass (01/05/2007 5.0.0003.2)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"ReadyDriver Plus_is1" = ReadyDriver Plus 1.1
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
"{01DBF423-E27B-45DA-B7F3-F9D4DB39B1C9}" = DRIV3R
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{090A0EB4-FC4E-4D24-0001-04C3FA6538B1}" = MyTube BigPack Internet Recorder 3 Free
"{09100081-2C94-4A67-8E55-8483C019C7D2}" = Microsoft Encarta 2009 - Enzyklopädie
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{23773C74-EBEE-41FB-86ED-58B599A2B586}" = PTLens
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A1D26C2-DC3A-4207-82B3-2983693869D1}" = Großer ADAC ReisePlaner 2008/2009
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A1A2ACDC-0C22-4EB1-B958-1898A93DAF28}" = TV Movie ClickFinder
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6C2D216-9DAE-43F9-8EFF-F0445E973F52}_is1" = GW-Value
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AF10D7E4-D29A-45DA-8050-B116097B69B5}" = Safari
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B388231D-672A-4169-A3DF-BD80266252AB}" = StarMoney
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BBCAA1F8-DBC5-46A4-B734-21D446E75FD2}" = Motorola Phone Tools
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7848A64-C3F3-45AA-A1E0-C0EF9E67F9BA}" = Paragon Festplattenmanager 7.5
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DA1876DD-323E-4D78-8F9F-8F4FDE25C010}" = ID_DCRaw Image Decoder Plug-In
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{f0d3ccbc-ddb8-43a1-a351-d6bfcc44830f}" = Nero 9
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA596738-085B-4E75-8246-631DB602AF0A}" = @promt Expert 8 German Giant
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.0
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.5 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe AIR" = Adobe AIR
"Adobe Audition 2.0" = Adobe Audition 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AnyDVD" = AnyDVD
"AsfTools 3.1" = AsfTools 3.1 (remove only)
"Ask Toolbar_is1" = Ask Toolbar
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Babylon" = Babylon
"BSPlayerp" = BS.Player PRO
"CCleaner" = CCleaner (remove only)
"CDXA Image Reader Filter (SVCD/XCD)" = CDXA Image Reader Filter (SVCD/XCD) (remove only)
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dfine 2.0" = Dfine 2.0
"Driver Genius Professional Edition 2007_is1" = Driver Genius Professional Edition 2007
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FlashGet" = FlashGet 1.9.6.1073
"foobar2000" = foobar2000 v0.9.6.7
"Free Video Converter_is1" = Free Video Converter V 2.3
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Updater" = Google Updater
"Guild Wars" = GUILD WARS
"GuildWars Visions_is1" = GuildWars Visions v1.08
"GW Teddy" = GW Teddy 0.2.4
"HaaliMkx" = Haali Media Splitter
"Hollywood FX 5" = Pinnacle Hollywood FX 5
"ICQToolbar" = ICQ Toolbar
"Inkscape" = Inkscape 0.46
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"IsoBuster_is1" = IsoBuster 1.5
"Jalbum_0" = Jalbum 8.0
"KeePass Password Safe_is1" = KeePass Password Safe 1.13
"LHTTSFRF" = L&H TTS3000 Français
"LHTTSGED" = L&H TTS3000 Deutsch
"LHTTSRUR" = L&H TTS3000 Russian
"LHTTSSPE" = L&H TTS3000 Español
"MAGIX Fotos auf CD & DVD 7 deluxe D" = MAGIX Fotos auf CD & DVD 7 deluxe 7.0.0.19 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McLoad Preinstaller" = McLoad Preinstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Miranda IM" = Miranda IM 0.7.14
"MKVtoolnix" = MKVtoolnix 2.2.0
"Monkey's Audio_is1" = Monkey's Audio
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Firefox (3.6b5)" = Mozilla Firefox (3.6b5)
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.063
"Mp3tag" = Mp3tag v2.41
"mpeg-vcr" = mpeg-vcr 3.14.4.2 (03/2008)
"paw·ned²" = paw·ned² v1.2
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"Product_Name" = Mess With Those Peds
"PunkBusterSvc" = PunkBuster Services
"qsdfiz" = Favorit
"QuickPar" = QuickPar 0.9
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 6.0" = RealPlayer
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"The Lost Watch 3D Screensaver_is1" = The Lost Watch 3D Screensaver 1.0
"Totalcmd" = Total Commander (Remove or Repair)
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualDub Filter Pack_is1" = VirtualDub Filter Pack 1.1
"VLC media player" = VLC media player 0.9.8a
"Willing Webcam Lite" = Willing Webcam Lite
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.7
"winpwn-2.5" = winpwn-2.5 2.5.0.2
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.9
"XnView_is1" = XnView 1.93.6
"Xvid_is1" = Xvid 1.1.2 final uninstall
"Zattoo" = Zattoo 3.3.4 Beta

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Alt 02.02.2010, 20:21   #9
spiezzer
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



Ich sollte vlt. noch erwähnen das sich Windows Defender bisher noch nicht wieder gemeldet hat.
Aber sicher ist sicher und wie gesagt funktioniert AntiVir nicht mehr, was damit zusammenhängen könnte.

Alt 03.02.2010, 16:18   #10
spiezzer
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



PUSH

Ich habe immenroch Angst davor das er seine Spielchen macht und ich es nicht merke.

Alt 03.02.2010, 23:18   #11
spiezzer
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



Hallo,
du bist ja eigentlich hier der Experte aber ich geb auch mal meinen Senf dazu.

Auszug aus der OTL. Txt

Zitat:
========== Files/Folders - Created Within 30 Days ==========

[2010.02.02 19:34:00 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Heiner\Desktop\OTL.exe
[2010.02.02 19:19:03 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2010.02.02 12:53:27 | 000,000,000 | ---D | C] -- C:\Users\Heiner\AppData\Roaming\Malwarebytes
[2010.02.02 12:53:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.02.02 12:53:20 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.02.02 12:53:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.02.02 12:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.02.02 12:52:57 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Heiner\Desktop\mbam-setup.exe
[2010.02.01 23:14:33 | 061,379,912 | ---- | C] (Avira GmbH) -- C:\Users\Heiner\Desktop\rescue_system-common-en.exe
[2010.01.29 22:12:00 | 000,000,000 | ---D | C] -- C:\Users\Heiner\Desktop\Selig - Und endlich Unendlich
[2010.01.29 14:59:41 | 000,000,000 | ---D | C] -- C:\Users\Heiner\AppData\Roaming\InstallShield
Es fehlt eine Datei Erstellung am 30.01, an dem Tag fing ich mir den Virus ein und setzte mein System auf den 29.01 zurück.

Dafür gibt es 2 Möglichkeiten:
1. Die Datei wurde durch die systemwiederherstellung entfernt.
Oder 2. OTL findet nichts, vlt. wird es irritiert.

Ich hoffe das hilft.

Alt 04.02.2010, 12:22   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



C:\Windows\GVTDrv64.sys

Nur die fiel mir auf, bitte mal bei Virustotal.com auswerten und Ergebnislink posten.
Verhält sich der Rechner eigentlich wieder komplett normal?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.02.2010, 12:28   #13
spiezzer
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



Wird gemacht.
Ja er verhielt sich normal, nur AntiVir ging nicht mehr. Das habe ich deinstalliert und Avast aufgespielt, es folgten keine Probleme mehr.
Mit freundlichen Grüßen

Alt 04.02.2010, 12:41   #14
spiezzer
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



Die Datei wurde bereits analysiert:MD5: 8126331fbd4ed29eb3b356f9c905064d
First received: 2009.06.13 07:40:43 UTC
Datum 2010.01.14 15:17:06 UTC [>20D]
Ergebnisse 0/41
Permalink: analisis/a58bce904591dd762410e99960fd956fb579c2ce78fa7bf1406075d29537ef82-1263482226

Zitat:
weitere Informationen (aus Permalink
File size: 30528 bytes
MD5 : 8126331fbd4ed29eb3b356f9c905064d
SHA1 : a7558e7e35e95ed1ca645a52cbbf656711f00ad5
SHA256: a58bce904591dd762410e99960fd956fb579c2ce78fa7bf1406075d29537ef82
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5460
timedatestamp.....: 0x44FD22CA (Tue Sep 5 09:10:02 2006)
machinetype.......: 0x8664 ()

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4554 0x4600 6.33 e0fd87d7ffb84ae0580a2ac7725658eb
.rdata 0x6000 0x598 0x600 4.44 97a7d559217692352bfea60b228e6b4f
.data 0x7000 0x148 0x200 0.02 9475a59226943a3ad422e18169989f66
.pdata 0x8000 0x450 0x600 3.26 24288fe49ab91aebc6675396e35701bd
INIT 0x9000 0x2B6 0x400 3.46 a2f58b9cadfa1adb10c7e5af299a6f90

( 1 imports )

> ntoskrnl.exe: IoDeleteDevice, IoCreateSymbolicLink, RtlZeroMemory, IoCreateDevice, RtlInitUnicodeString, IoDeleteSymbolicLink, MmMapIoSpace, strncmp, KeInitializeDpc, KeInitializeTimer, KeCancelTimer, KeSetTimer, MmAllocateNonCachedMemory, DbgPrint, ExReleaseFastMutex, ExAcquireFastMutex, MmUnmapIoSpace, MmFreeNonCachedMemory, KfRaiseIrql, KeGetCurrentIrql, IofCompleteRequest, KeInitializeEvent, MmLockPagableDataSection

( 0 exports )
TrID : File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ssdeep: -
PEiD : -
RDS : NSRL Reference Data Set
-
Oh mein Gott. Das geht wohl bei denen nicht einfacher ?

Geändert von spiezzer (04.02.2010 um 12:43 Uhr) Grund: weitere Informationen hinzugefügt

Alt 04.02.2010, 13:00   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TrojanDownloader: Win32/Renos.JM - Standard

TrojanDownloader: Win32/Renos.JM



Die Datei ist ok. Wenn keine Probleme mehr da sind, bist Du vorerst entlassen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TrojanDownloader: Win32/Renos.JM
antivir, avira, avira antivir, ccleaner, datei, defender, downloader, gestern, guard, kurze, laufen, löscht, neu, nicht mehr, problem, renos.jm, starte, startet, startet nicht, systemüberprüfung, trojandownloader, vista, win, windows vista, ältere



Ähnliche Themen: TrojanDownloader: Win32/Renos.JM


  1. TrojanDownloader:Win32/Renos.lx
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (3)
  2. TrojanDownloader:win32/Renos.MG wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 18.08.2010 (39)
  3. TrojanDownloader:Win32/Renos.lx
    Plagegeister aller Art und deren Bekämpfung - 17.08.2010 (3)
  4. Trojandownloader:Win32/Renos.MQ
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (18)
  5. TrojanDownloader:Win32/Renos.MQ
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (3)
  6. TrojanDownloader:Win32/Renos.JW unlöschbar?
    Plagegeister aller Art und deren Bekämpfung - 22.07.2010 (1)
  7. TrojanDownloader:Win32/Renos.JM
    Plagegeister aller Art und deren Bekämpfung - 04.02.2010 (2)
  8. TrojanDownloader: Win32/Renos.JM
    Log-Analyse und Auswertung - 01.02.2010 (3)
  9. TrojanDownloader:Win32/Renos.JM
    Plagegeister aller Art und deren Bekämpfung - 26.01.2010 (1)
  10. TrojanDownloader:Win32/Renos.JM
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (4)
  11. TrojanDownloader:Win32/Renos.JM
    Plagegeister aller Art und deren Bekämpfung - 26.12.2009 (2)
  12. TrojanDownloader:Win32/Renos.JM
    Plagegeister aller Art und deren Bekämpfung - 23.11.2009 (4)
  13. Habe Problem mit Trojandownloader win32 renos.jm
    Plagegeister aller Art und deren Bekämpfung - 23.11.2009 (3)
  14. Trojandownloader: Win32/renos.jm
    Plagegeister aller Art und deren Bekämpfung - 22.11.2009 (1)
  15. TrojanDownloader:Win32/Renos.JS (36 Infizierte Dateien gefunden)
    Log-Analyse und Auswertung - 21.10.2009 (1)
  16. trojandownloader:win32/renos.gen!af
    Plagegeister aller Art und deren Bekämpfung - 19.10.2008 (10)
  17. trojandownloader:win32/renos.gen!af
    Mülltonne - 19.10.2008 (0)

Zum Thema TrojanDownloader: Win32/Renos.JM - Hallo, ich habe seit gestern ein Problem mit dem TrojanDownloader: Win32/renos.jm . Windows Defender zeigt ihn und wenn man ihn löscht erscheint er kurze Zeit wieder im Defender. Ich habe - TrojanDownloader: Win32/Renos.JM...
Archiv
Du betrachtest: TrojanDownloader: Win32/Renos.JM auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.