Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme

Antiviren-, Firewall- und andere Schutzprogramme: Löschen oder nicht löschen, das ist hier die Frage

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 13.05.2010, 10:14   #1
Jogi
 
Löschen oder nicht löschen, das ist hier die Frage - Icon17

Löschen oder nicht löschen, das ist hier die Frage



Hallöchen,

mein Kaspersky hat heute bei der Installation von Google Earth einen Trojan.Generic gemeldet, welchen ich dann gleich in die Quarantäne verschoben habe. Meine Frage ist jetzt: Soll ich den eher in der Quarantäne drin lassen oder über Kaspersky löschen?


Danke & Gruß,

Jogi

Alt 14.05.2010, 10:50   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Löschen oder nicht löschen, das ist hier die Frage - Standard

Löschen oder nicht löschen, das ist hier die Frage



Hallo und

Kann man so nicht sagen, poste bitte die vollständige Kaspersky Meldung bzw. das Logfile.
__________________

__________________

Alt 14.05.2010, 19:59   #3
Jogi
 
Löschen oder nicht löschen, das ist hier die Frage - Standard

Löschen oder nicht löschen, das ist hier die Frage



Nen Logfile find ich nicht^^ Ich hab halt mal rauskopiert was da angezeigt wurde:

gefunden: potentiell gefährliche Software Trojan.generic Prozess: C:\USERS\HOME\APPDATA\LOCAL\TEMP\GUM8A0A.TMP\GOOGLEUPDATE.EXE

Verdächtig: potentiell gefährliche Software Trojan.generic C:\USERS\HOME\APPDATA\LOCAL\TEMP\GUM8A0A.TMP\GOOGLEUPDATE.EXE 133,0 KB 13.05.2010 10:57:46
__________________

Alt 14.05.2010, 20:05   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Löschen oder nicht löschen, das ist hier die Frage - Standard

Löschen oder nicht löschen, das ist hier die Frage



Bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.05.2010, 07:03   #5
Jogi
 
Löschen oder nicht löschen, das ist hier die Frage - Standard

Löschen oder nicht löschen, das ist hier die Frage



Was er hier findet, ist nicht das was Kaspersky in die Quarantäne verschoben hat. Zumal die im Log genannte Datei (Unwise.exe - packer.morphine) noch nie Probleme gemacht hat obwohl ich sie seit Jahren auf dem Rechner hab.

hier mal der Logfile von Malwarebytes:

Laufzeit: 1 Stunde(n), 10 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
K:\Steinberg\VSTPlugins\Jump EQ\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.



Habe die Datei auf Virustotal auch nochmal checken lassen sicherheitshalber:

Datei UNWISE.EXE empfangen 2010.05.15 05:48:49 (UTC)
Status: Beendet
Ergebnis: 4/41 (9.76%)




Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.15.00 2010.05.14 -
AntiVir 8.2.1.242 2010.05.14 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.14 -
Avast 4.8.1351.0 2010.05.14 -
Avast5 5.0.332.0 2010.05.14 -
AVG 9.0.0.787 2010.05.14 -
BitDefender 7.2 2010.05.15 -
CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.15 -
Comodo 4844 2010.05.15 -
DrWeb 5.0.2.03300 2010.05.15 -
eSafe 7.0.17.0 2010.05.13 Win32.PCKDumped
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.14 -
F-Secure 9.0.15370.0 2010.05.14 -
Fortinet 4.1.133.0 2010.05.14 -
GData 21 2010.05.15 -
Ikarus T3.1.1.84.0 2010.05.14 -
Jiangmin 13.0.900 2010.05.14 -
Kaspersky 7.0.0.125 2010.05.15 -
McAfee 5.400.0.1158 2010.05.15 -
McAfee-GW-Edition 2010.1 2010.05.15 Artemis!F586833209D1
Microsoft 1.5703 2010.05.14 -
NOD32 5115 2010.05.14 -
Norman 6.04.12 2010.05.14 W32/Smalltroj.WSXQ
nProtect 2010-05-14.01 2010.05.14 -
Panda 10.0.2.7 2010.05.14 -
PCTools 7.0.3.5 2010.05.15 -
Prevx 3.0 2010.05.15 -
Rising 22.47.04.03 2010.05.14 -
Sophos 4.53.0 2010.05.15 -
Sunbelt 6304 2010.05.15 -
Symantec 20101.1.0.89 2010.05.15 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.15 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2317 2010.05.15 -
VirusBuster 5.0.27.0 2010.05.14 -
weitere Informationen
File size: 339944 bytes
MD5...: f586833209d129d8ae62bd1fe63588c3
SHA1..: 4ad406d60308265065b317477a8d362d9d1c0407
SHA256: aff1df4e3e3004885a9c7beff4a8c4c0b527c895e186ea61f93fcc5c9c5593e2
ssdeep: 3072:nOqIJ3IVdYUiA7+Yo9gWuhQl87dQM+SyaCkNPPmhmNKyWZQMAoQBHAU6B6:
nnIhIXd+aWkQ+7dNtCMWnyY5QKJ6
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xd841
timedatestamp.....: 0x3d2314d6 (Wed Jul 03 15:14:30 2002)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x11000 0x103b5 6.38 36f0db5917a0babf8ba5ddc1382ae729
.rdata 0x12000 0x2000 0x1f15 5.72 7850c438632985cfd2c33593e4d27ba6
.data 0x14000 0x5000 0x35f8 2.57 061eb982f6d4e5bae500c9c4374c68e2
.rsrc 0x19000 0x3cbd0 0x3cc00 6.46 9106930bb11e10bea374a4ccff04ea01
code1.bi 0x56000 0x1000 0x3e8 4.75 f7eb56708e22f6b63dc4eb96947ca152

( 7 imports )
> KERNEL32.dll: SetFileAttributesA, FindFirstFileA, FindNextFileA, FindClose, WaitForSingleObject, MoveFileExA, GetVersionExA, CreateDirectoryA, LocalFree, FormatMessageA, GetLastError, SizeofResource, CreateProcessA, RemoveDirectoryA, GetFileAttributesA, GetPrivateProfileIntA, SetErrorMode, GlobalAlloc, GlobalLock, DeleteFileA, FreeResource, WinExec, lstrcatA, LoadLibraryA, GetProcAddress, FreeLibrary, GetWindowsDirectoryA, GlobalUnlock, GlobalFree, OpenFile, lstrcpynA, WritePrivateProfileStringA, MultiByteToWideChar, _lcreat, _lwrite, FileTimeToDosDateTime, GetFileTime, FileTimeToLocalFileTime, GetSystemDirectoryA, _lread, GetDriveTypeA, lstrcmpA, _lopen, _llseek, MulDiv, lstrcmpiA, _lclose, lstrcpyA, GetModuleFileNameA, lstrlenA, CopyFileA, GetTempPathA, GetTempFileNameA, LoadResource, FindResourceA, LockResource, GetPrivateProfileStringA, GetLocalTime, FreeEnvironmentStringsA, HeapReAlloc, UnhandledExceptionFilter, FreeEnvironmentStringsW, VirtualFree, ExitProcess, HeapCreate, HeapDestroy, GetEnvironmentVariableA, ReadFile, SetFilePointer, WriteFile, GetStdHandle, SetHandleCount, SetStdHandle, LCMapStringW, LCMapStringA, WideCharToMultiByte, GetStringTypeW, GetStringTypeA, GetCurrentProcess, TerminateProcess, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, HeapFree, HeapAlloc, MoveFileA, CreateFileA, GetFileType, SetEndOfFile, CloseHandle, GetFullPathNameA, SetCurrentDirectoryA, GetCurrentDirectoryA, SetEnvironmentVariableA, GetEnvironmentStrings, GetEnvironmentStringsW, RtlUnwind, GetCPInfo, VirtualAlloc, GetACP, GetOEMCP
> USER32.dll: LoadBitmapA, UpdateWindow, RegisterClassA, SetWindowTextA, wsprintfA, MessageBoxA, GetSysColor, CreateWindowExA, DispatchMessageA, ShowWindow, LoadIconA, KillTimer, DestroyWindow, GetMessageA, ExitWindowsEx, LoadCursorA, SetCursor, EnableWindow, IsWindowVisible, CreateDialogParamA, IsDialogMessageA, PostMessageA, EndPaint, PostQuitMessage, GetClientRect, BeginPaint, ReleaseDC, InvalidateRect, GetDC, DefWindowProcA, MoveWindow, GetWindowRect, SetDlgItemTextA, EndDialog, GetDlgItemTextA, SetRect, ScreenToClient, GetWindowTextA, SendMessageA, SendDlgItemMessageA, GetDlgItem, SetFocus, OemToCharA, DialogBoxParamA, DrawEdge, CharNextA, GetDialogBaseUnits, FillRect, DrawIcon, LoadStringA, GetParent, EnumChildWindows, FindWindowA, DdeCreateDataHandle, DdeInitializeA, DdeCreateStringHandleA, DdeClientTransaction, DdeGetData, TranslateMessage, SetTimer, DdeUninitialize, PeekMessageA, DdeDisconnect, DdeFreeDataHandle, DdeConnect
> GDI32.dll: CreateBrushIndirect, TextOutA, SetTextColor, GetTextExtentPointA, CreateFontA, GetDeviceCaps, SetBkMode, BitBlt, GetObjectA, DeleteDC, PatBlt, CreateSolidBrush, CreateCompatibleDC, RealizePalette, SelectPalette, SelectObject, MoveToEx, CreatePen, LineTo, SetBkColor, StretchBlt, ExtTextOutA, CreateCompatibleBitmap, CreateFontIndirectA, GetStockObject, DeleteObject
> comdlg32.dll: GetOpenFileNameA
> ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegDeleteValueA, RegQueryValueExA, RegEnumValueA, RegOpenKeyExA, CloseServiceHandle, OpenSCManagerA, RegSetValueA, RegCreateKeyExA, RegDeleteKeyA, RegEnumKeyExA, RegEnumKeyA, RegOpenKeyA, DeleteService, ControlService, OpenServiceA
> SHELL32.dll: ShellExecuteA
> ole32.dll: CoUninitialize, CoCreateInstance, CoInitialize

( 5 exports )
_ItemDlg@16, _MainWndProc@16, _ProgressDlg@16, _PromptDlg@16, _SharedDlg@16
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


Ich werde nun noch den OTL-Scan durchführen und anschließend posten. Aber wie gesagt, bei der Datei die hier gefunden wurde von Malwarebytes handelt es sich eigentlich nicht um die Datei wofür ich den Thread eigentlich erstellt habe^^ Was sollte ich mit dieser Datei vom Log jetzt machen, wo wir grad dabei sind?^^ Falls ich jetzt "entferne Auswahle" anklicke; ist die Datei dann kaputt oder weg oder nur der Trojaner? Oder kann ich den Fund komplett ignorieren?


Geändert von Jogi (15.05.2010 um 07:31 Uhr)

Alt 15.05.2010, 13:20   #6
Jogi
 
Löschen oder nicht löschen, das ist hier die Frage - Standard

Löschen oder nicht löschen, das ist hier die Frage



hier noch der OTL-File:

Code:
ATTFilter
OTL logfile created on: 15.05.2010 13:24:30 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 44,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 30,93 Gb Free Space | 31,67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 195,31 Gb Total Space | 102,97 Gb Free Space | 52,72% Space Free | Partition Type: NTFS
Drive J: | 172,79 Gb Total Space | 109,68 Gb Free Space | 63,48% Space Free | Partition Type: NTFS
Drive K: | 232,88 Gb Total Space | 102,40 Gb Free Space | 43,97% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC
Current User Name: Home
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - I:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\ieconfig_1und1_svc.exe ()
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Windows\SysWOW64\DeltaIITray.exe ()
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab)
PRC - C:\Program Files (x86)\1&1\StCenter.EXE (AVM Berlin)
PRC - C:\Program Files (x86)\1&1\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Program Files (x86)\1&1\FwebProt.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Razer Diamondback\razerhid.exe ()
PRC - C:\Programme\Razer Diamondback\razertra.exe ()
PRC - C:\Programme\Razer Diamondback\razerofa.exe (Razer Inc.)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\scrchpg.dll (Kaspersky Lab)
MOD - C:\PROGRA~2\KASPER~1\KASPER~1\r3hook.dll (Kaspersky Lab)
MOD - C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll (Kaspersky Lab)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (serviceIEConfig) -- C:\Windows\SysWOW64\ieconfig_1und1_svc.exe ()
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab)
SRV - (IGDCTRL) -- C:\Program Files (x86)\1&1\IGDCTRL.EXE (AVM Berlin)
SRV - (TryAndDecideService) -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\DRIVERS\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\DRIVERS\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys (MCCI Corporation)
DRV:64bit: - (hypaudio) -- C:\Windows\SysNative\DRIVERS\hypaudio64.sys (Universal Audio, Inc.)
DRV:64bit: - (hypkern) -- C:\Windows\SysNative\drivers\hypkern64.sys ()
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab)
DRV:64bit: - (DELTAII) Service for M-Audio Delta Driver (WDM) -- C:\Windows\SysNative\DRIVERS\deltaII.sys (Avid Technology, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (timounter) -- C:\Windows\SysNative\DRIVERS\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\DRIVERS\snapman.sys (Acronis)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\DRIVERS\tdrpman.sys (Acronis)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab)
DRV:64bit: - (SynUSB64) -- C:\Windows\SysNative\DRIVERS\SynUSB64.sys (SIA Syncrosoft)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.connect.de/connect-Forum/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.teamquitter.com/phpBB2/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.co2air.de/wbb2/index.php?sid=f33f3891c9bcacdfc88dbeedac12b151"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.1
FF - prefs.js..extensions.enabledItems: {c666c018-6409-4479-afa3-68e4129e7eff}:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.06 07:37:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.04 15:42:31 | 000,000,000 | ---D | M]
 
[2010.03.12 10:19:20 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Extensions
[2010.05.14 16:58:20 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\b92n8mu2.default\extensions
[2010.04.27 22:40:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\b92n8mu2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.04 15:43:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\b92n8mu2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.04.21 14:27:55 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\b92n8mu2.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010.04.25 09:56:59 | 000,000,000 | ---D | M] (Leo Search) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\b92n8mu2.default\extensions\{c666c018-6409-4479-afa3-68e4129e7eff}
[2010.04.14 07:24:09 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\b92n8mu2.default\extensions\personas@christopher.beard
[2010.05.12 11:26:10 | 000,000,807 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Mozilla\FireFox\Profiles\b92n8mu2.default\searchplugins\co2airde.xml
[2010.05.09 17:26:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.04 15:42:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWOW64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [DeltaIITaskbarApp] C:\Windows\SysWOW64\DeltaIITray.exe ()
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\DeltaIITray.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Diamondback] C:\Programme\Razer Diamondback\razerhid.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] I:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL Protect.lnk = C:\Program Files (x86)\1&1\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = C:\Users\Home\AppData\Local\Temp\is-9OJPF.tmp\ATR1.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\x64\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\1&1\\sarah.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\1&1\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\1&1\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: guildwars.com ([wiki] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: schlecker.com ([www1] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: wirmobil.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: xfire.com ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\adialhk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\adialhk.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\r3hook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\r3hook.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\r3hook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\r3hook.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{26edb420-057a-11dd-b36b-001d7dd10729}\Shell - "" = AutoRun
O33 - MountPoints2\{26edb420-057a-11dd-b36b-001d7dd10729}\Shell\AutoRun\command - "" = K:\pushinst.exe -- File not found
O33 - MountPoints2\{f337fd31-a68d-11dd-8a56-001d7dd10729}\Shell - "" = AutoRun
O33 - MountPoints2\{f337fd31-a68d-11dd-8a56-001d7dd10729}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.14 22:41:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2010.05.14 22:41:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.05.14 22:41:48 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.14 22:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.14 22:35:49 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010.05.13 10:57:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Google
[2010.05.09 17:35:13 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\OpenOffice.org
[2010.05.09 17:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010.05.09 17:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010.05.09 17:26:25 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.05.09 17:26:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.05.09 17:26:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.05.06 13:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010.05.06 12:54:34 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\EasyInfo
[2010.05.04 15:42:31 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.05.01 22:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.05.01 22:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010.05.01 22:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2010.05.01 20:15:10 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\SecurDisc Key Data
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.15 13:26:37 | 940,412,988 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat
[2010.05.15 13:25:04 | 003,670,016 | -HS- | M] () -- C:\Users\Home\ntuser.dat
[2010.05.15 11:43:32 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.15 11:43:32 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.15 08:50:11 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.05.15 08:50:11 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.05.14 22:41:52 | 000,000,610 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.14 22:35:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2010.05.14 21:55:17 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EA41D24E-6A00-4B7B-9D5D-2F9623E8719F}.job
[2010.05.14 17:51:19 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.05.14 07:43:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.14 07:43:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.13 23:10:32 | 016,762,556 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx
[2010.05.13 23:10:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.13 23:10:04 | 000,524,288 | -HS- | M] () -- C:\Users\Home\ntuser.dat{5260d809-5554-11df-9b99-001d7dd10729}.TMContainer00000000000000000001.regtrans-ms
[2010.05.13 23:10:04 | 000,065,536 | -HS- | M] () -- C:\Users\Home\ntuser.dat{5260d809-5554-11df-9b99-001d7dd10729}.TM.blf
[2010.05.13 23:09:57 | 005,328,572 | -H-- | M] () -- C:\Users\Home\AppData\Local\IconCache.db
[2010.05.13 07:03:50 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.13 07:03:50 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.13 07:03:50 | 000,586,802 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.13 07:03:50 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.13 07:03:50 | 000,100,874 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.11 17:51:09 | 618,237,396 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.05.09 20:55:27 | 000,107,304 | ---- | M] () -- C:\Users\Home\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.09 20:53:33 | 000,407,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.09 17:46:45 | 000,001,061 | ---- | M] () -- C:\Users\Home\Desktop\OpenOffice.org Writer.lnk
[2010.05.09 17:46:35 | 000,000,961 | ---- | M] () -- C:\Users\Home\Desktop\OpenOffice.org Math.lnk
[2010.05.09 17:46:27 | 000,001,067 | ---- | M] () -- C:\Users\Home\Desktop\OpenOffice.org Impress.lnk
[2010.05.09 17:46:14 | 000,001,023 | ---- | M] () -- C:\Users\Home\Desktop\OpenOffice.org Draw.lnk
[2010.05.09 17:46:07 | 000,001,025 | ---- | M] () -- C:\Users\Home\Desktop\OpenOffice.org Calc.lnk
[2010.05.09 17:45:53 | 000,000,987 | ---- | M] () -- C:\Users\Home\Desktop\OpenOffice.org Base.lnk
[2010.05.06 13:23:30 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.05.06 12:59:14 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2 Special Forces.lnk
[2010.05.05 09:56:18 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.05.05 09:56:18 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.05.01 22:06:55 | 000,002,603 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2010.05.01 22:06:55 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\Nero Online-Upgrade.lnk
[2010.05.01 21:47:18 | 000,524,288 | -HS- | M] () -- C:\Users\Home\ntuser.dat{5260d809-5554-11df-9b99-001d7dd10729}.TMContainer00000000000000000002.regtrans-ms
[2010.05.01 21:15:15 | 000,524,288 | -HS- | M] () -- C:\Users\Home\ntuser.dat{ab5a5d1a-222e-11dd-b013-001d7dd10729}.TMContainer00000000000000000001.regtrans-ms
[2010.05.01 21:15:15 | 000,065,536 | -HS- | M] () -- C:\Users\Home\ntuser.dat{ab5a5d1a-222e-11dd-b013-001d7dd10729}.TM.blf
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.16 22:26:30 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.04.16 22:26:30 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
 
========== Files Created - No Company Name ==========
 
[2010.05.14 22:41:52 | 000,000,610 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.11 17:51:09 | 618,237,396 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.05.09 17:46:45 | 000,001,061 | ---- | C] () -- C:\Users\Home\Desktop\OpenOffice.org Writer.lnk
[2010.05.09 17:46:35 | 000,000,961 | ---- | C] () -- C:\Users\Home\Desktop\OpenOffice.org Math.lnk
[2010.05.09 17:46:27 | 000,001,067 | ---- | C] () -- C:\Users\Home\Desktop\OpenOffice.org Impress.lnk
[2010.05.09 17:46:14 | 000,001,023 | ---- | C] () -- C:\Users\Home\Desktop\OpenOffice.org Draw.lnk
[2010.05.09 17:46:07 | 000,001,025 | ---- | C] () -- C:\Users\Home\Desktop\OpenOffice.org Calc.lnk
[2010.05.09 17:45:53 | 000,000,987 | ---- | C] () -- C:\Users\Home\Desktop\OpenOffice.org Base.lnk
[2010.05.09 17:26:52 | 000,427,554 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistMSI6972.txt
[2010.05.09 17:26:46 | 000,011,366 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistUI6972.txt
[2010.05.06 13:23:30 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.05.06 12:59:14 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2 Special Forces.lnk
[2010.05.01 22:06:55 | 000,002,603 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2010.05.01 22:06:55 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\Nero Online-Upgrade.lnk
[2010.05.01 21:20:10 | 000,524,288 | -HS- | C] () -- C:\Users\Home\ntuser.dat{5260d809-5554-11df-9b99-001d7dd10729}.TMContainer00000000000000000002.regtrans-ms
[2010.05.01 21:20:10 | 000,524,288 | -HS- | C] () -- C:\Users\Home\ntuser.dat{5260d809-5554-11df-9b99-001d7dd10729}.TMContainer00000000000000000001.regtrans-ms
[2010.05.01 21:20:10 | 000,065,536 | -HS- | C] () -- C:\Users\Home\ntuser.dat{5260d809-5554-11df-9b99-001d7dd10729}.TM.blf
[2010.04.16 22:26:30 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.04.16 22:26:30 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2009.08.23 08:43:50 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.07.17 08:10:09 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.17 08:09:16 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008.09.16 02:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008.09.16 02:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008.05.04 20:32:33 | 000,000,258 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2008.04.07 11:50:02 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
< End of report >
         

Alt 15.05.2010, 13:24   #7
Jogi
 
Löschen oder nicht löschen, das ist hier die Frage - Standard

Löschen oder nicht löschen, das ist hier die Frage



hier die OTL-"Extras":

Code:
ATTFilter
OTL Extras logfile created on: 15.05.2010 13:24:30 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\Home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 44,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 30,93 Gb Free Space | 31,67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 195,31 Gb Total Space | 102,97 Gb Free Space | 52,72% Space Free | Partition Type: NTFS
Drive J: | 172,79 Gb Total Space | 109,68 Gb Free Space | 63,48% Space Free | Partition Type: NTFS
Drive K: | 232,88 Gb Total Space | 102,40 Gb Free Space | 43,97% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC
Current User Name: Home
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = DE 56 D9 67 AA 06 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B3588E-340F-4469-BCB3-8B93207E48F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0806C82A-D4B9-4E48-BE95-F1B0A931DF58}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{08AC1DD6-D3A7-46D3-8924-1282EFF86248}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0FF9FB8B-1C24-449F-8D65-0AD2E11B4405}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2764E27B-C759-48A7-B69D-24F16EF3EC12}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2A0C46BE-BB5B-4837-951D-7938FDA786E6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{407D38A5-C115-47F3-BA9B-DB781874597B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{41028A36-95B7-4F26-B7A3-447EAB820792}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4B0C4134-2D56-44E7-990D-FA60777E6C4D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4E3D64B1-90F5-447A-AB6D-EA53BC580332}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4E61AFC1-CBEB-4B27-8A2C-736897B9C6D2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4FDE4FA1-081C-4BC1-985B-A7CB9006264A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{57D18CBF-1EB0-4D09-95EB-636252759FE3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88C5BA6D-7142-4743-AECF-EDE095F2EF9C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8C04EA1B-5A65-4AD4-94AB-2D497E5D9233}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8F3F8DCF-C382-453A-9412-1DD6D23FCDA5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A48648E3-472E-4B63-8C3A-57B1C12C8FAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A4B0349F-6ED6-4C4E-BFF2-5DB68B02A0C6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C0F717DB-E156-45BB-B7DD-CDC633C7B231}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CAB7592D-C0D2-4E39-A1DD-278CFF3396BE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D55AE464-F864-41FF-ACF8-DE0E49DD3966}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D8CFD0E7-261B-4DA7-BD0C-07812C6C86DC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E8D2D3D0-B633-472A-94F6-180A7B44CF4E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EABAACF3-2FAE-4E0A-8E8F-1781918C6CFE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EBAB2FE5-B333-4DDE-BF7A-D006AF2CC7F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EFF4979E-D937-48F7-A378-CF0B401AE211}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F040700D-644E-49DC-8CA9-E822DE0BB8FF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F217562C-9E32-40BD-A8E6-3578714963DB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FC937D6E-C481-4E7B-B79E-566C21C78788}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FDB10B9C-D9A6-4CAF-A877-EC4DC9ED04C0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EF869A-8AB4-4F6E-92AF-7014BC4A437E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0AA363D0-1814-4ABC-A30A-87567C629A7F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{0B001C89-DA3E-4200-8879-0993D70ED1EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B707E09-511F-4A1E-BDE0-48F9612A7920}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0DD2FC91-FAA9-488D-966D-9C40BCE5ED2B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0E43DDC5-EAC3-41CA-BAA7-094CA1303E6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{15353E6A-3FCC-4BC6-B4F5-2EB542CE7AFF}" = protocol=17 | dir=in | app=i:\games\avatar\bin\avatardemo.exe | 
"{1BCDD61D-CA58-4BBE-9364-148612BA4D8F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1BEE8337-E7E8-4A1E-8281-B10C0770A7D1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{1E1DD505-D716-4EF6-8A98-C23CD153C313}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1F55FF6D-2F57-4423-8FD1-1CAEF5C35E15}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2C34A0EF-52CB-4227-B66B-5B7A0ADE513E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{31BC78D1-67AD-4051-9723-D4B15EFC20DF}" = protocol=6 | dir=in | app=i:\programme\ventrilo\ventrilo.exe | 
"{3213C264-9A47-4D86-AA24-51EC8DF83D80}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{339B8A8A-93CB-4064-AAFC-74916364D7ED}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{35C853B8-471A-4B09-9F7B-BF2BBEB659A3}" = protocol=17 | dir=in | app=i:\programme\ventrilo\ventrilo.exe | 
"{36387850-2850-4680-BD2D-55DB1BD43230}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{3ECFC352-0D52-4416-8B08-2A5D03A8D1FB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{431AEE70-52F3-48BA-BFD9-8D2AEF74C3D7}" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\igdctrl.exe | 
"{435BE2A1-9ACA-4EF0-BBC2-F6DBB35A2CB9}" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\webwaigd.exe | 
"{4884E15D-4D72-434A-AEDD-351AA2074009}" = protocol=6 | dir=in | app=i:\games\battlefield 2\bf2.exe | 
"{4A749EC9-FD97-4CA2-A448-109C5FB3D7A5}" = protocol=17 | dir=in | app=i:\games\battlefield 2\bf2.exe | 
"{57B590E7-C71A-4D08-B0F6-C40134EDD66A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5A75033E-D029-426E-84F3-E0966D6F6BB8}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{5E6B104A-E539-4A01-8B5F-08525BC45BC9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6B51ECA9-A9AB-4D7C-8E08-0CC20DDD7813}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | 
"{6DF6715B-C7EF-4665-A501-0CD21556A263}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\igd_finder.exe | 
"{7277B165-8C89-46D1-BDAC-FA398B412B4D}" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\igdctrl.exe | 
"{73449233-0018-428D-9CE2-CDC9734672F7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{745E4314-1A88-4289-83E6-F1AC2FCE03B6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{76A188FC-B9C5-4A3D-943C-DA654D14F018}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{823E3077-7DD0-48FF-B0EB-DC9483CE2920}" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\webwaigd.exe | 
"{85A4DBB7-17E6-4BB9-AF8B-9D24208E6F1B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8CA7A660-CDBE-4F3B-8AF2-6DE6B18DD507}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8E09D3F9-85CD-4764-A976-3D4C86C12574}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{8E8B3FF3-F9B6-4AB8-B56E-332C96458B7D}" = protocol=6 | dir=out | app=system | 
"{90924F87-7944-4BF5-ACDE-45F1A7A56DFF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{90FDBDDF-44F6-438A-A399-13F5ED4C4297}" = protocol=6 | dir=in | app=c:\program files (x86)\1&1\fboxupd.exe | 
"{94B3CD01-7C86-4F32-AEC5-8A27C8988BA3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{98977B07-B596-407F-8B17-6DD4D88231D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{99A84687-09F2-4D37-8AE2-A2A2C2C49F6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A196B9F8-76A9-4E18-A4FD-A7DBA21AAB18}" = protocol=6 | dir=in | app=i:\games\avatar\bin\avatardemo.exe | 
"{A2926A33-E0EE-40AA-9F23-0C58AD4FDF07}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A427D5F8-F0A9-44A4-B8B7-CCFE0A57D091}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A4F8D2ED-EDDF-46FA-B150-A7E30A64CA48}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A8D8F84A-F2ED-4E43-8531-1123B8F979F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B15FEA30-E3CA-4FC2-9CAB-86E023FC75CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C8C60CA4-3B74-4BB3-9603-9DBAD245930F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C9AAFC9F-6385-4C8B-8959-8EF1C4264CC4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{CDF60AE2-5277-4372-A858-BF5D7CA1F1F2}" = protocol=17 | dir=in | app=c:\program files (x86)\1&1\fboxupd.exe | 
"{D1C6F22C-E257-4C14-8DB9-5A648FE8F31D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DC4D3842-F707-4865-982A-A86E32460403}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DD576A09-1C9E-45D3-9207-E813ACEFB370}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E35A4824-9E20-4E31-B9B3-B4D50B36161E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E565E109-289C-48DF-9D17-77DAFC4201D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E9D70615-2471-4B14-92B6-A0ADEA9A0C2E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{EA610BCB-C447-4A2E-B39C-DA19BA91CBA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB8FD1E8-7417-48C5-A9D9-7D2FBE307BBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F892800E-BA95-4568-89D3-330692834B49}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{0A74DD8C-1B32-48B8-B3A8-C8EF32E044C1}C:\users\home\appdata\local\temp\_istmp3.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp3.dir\_istmp0.dir\igd_finder.exe | 
"TCP Query User{0ADF1526-A0D8-4C8F-A703-A454740E199D}I:\games\quake4.exe" = protocol=6 | dir=in | app=i:\games\quake4.exe | 
"TCP Query User{0CAD2C43-0324-4CCA-ABDE-363D24FDFE5F}I:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe" = protocol=6 | dir=in | app=i:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe | 
"TCP Query User{0F783241-1F15-4064-96BB-2EEA21159199}K:\steinberg\cubase 5\cubase5.exe" = protocol=6 | dir=in | app=k:\steinberg\cubase 5\cubase5.exe | 
"TCP Query User{12B6B954-F0BE-491B-AEED-EC718E0E560D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{1F8A86B2-0FB2-4F37-A492-0FEAE6A8A28D}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"TCP Query User{2923D5B5-D947-4303-BDB7-8F159F508D3F}C:\users\home\appdata\local\temp\_istmp5.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp5.dir\_istmp0.dir\igd_finder.exe | 
"TCP Query User{2A8294BF-406A-4297-99DD-91FC4AD98410}C:\users\home\appdata\local\temp\_istmp4.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp4.dir\_ins5576._mp | 
"TCP Query User{2ACFA2B4-EA35-4563-9DB5-EADA21A4001D}I:\programme\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=i:\programme\ws_ftp\ws_ftp95.exe | 
"TCP Query User{2F8E43AD-FC7F-44DC-A754-8BFBAF4DC86C}C:\users\home\appdata\local\temp\_istmp6.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp6.dir\_istmp0.dir\igd_finder.exe | 
"TCP Query User{34ACBFE7-664D-4D26-9C34-9E3779E06D04}I:\programme\icq6.5\icq.exe" = protocol=6 | dir=in | app=i:\programme\icq6.5\icq.exe | 
"TCP Query User{35105FB0-C28B-4614-B201-58E8750EBFF2}C:\users\home\appdata\local\temp\_istmp3.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp3.dir\_ins5576._mp | 
"TCP Query User{469E6AE9-3F27-4D68-ACBA-97918174B9AE}I:\programme\icq6\icq.exe" = protocol=6 | dir=in | app=i:\programme\icq6\icq.exe | 
"TCP Query User{4B46C1F6-7B51-496C-A99E-35B3A8B2F171}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"TCP Query User{570B4541-FD19-4AB1-84FB-D207BBD4AF9A}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"TCP Query User{5806DCC2-7013-40E2-AD8B-565D58C818A4}I:\games\steam\steamapps\warpath_psy\half-life\hl.exe" = protocol=6 | dir=in | app=i:\games\steam\steamapps\warpath_psy\half-life\hl.exe | 
"TCP Query User{59255B83-2D38-431F-A5B5-149F604DE838}I:\games\steam\steamapps\warpath_psy\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=i:\games\steam\steamapps\warpath_psy\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{681509FD-5521-4257-B911-36DFB4DDD6A7}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{6988FC1C-4803-4009-9C1B-8269D16C1CC6}C:\users\home\appdata\local\temp\_istmp2.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp2.dir\_istmp0.dir\igd_finder.exe | 
"TCP Query User{727D3BC9-6F05-4A9A-A9DD-966C5B1F09F3}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"TCP Query User{77845C5A-4BBB-423F-806E-4AB3459A195B}C:\program files (x86)\fritz!\friver32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\friver32.exe | 
"TCP Query User{7A01C26E-42A2-4B9E-853C-15D4C85CB411}I:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe" = protocol=6 | dir=in | app=i:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe | 
"TCP Query User{825527DF-C4BF-41FE-8E73-508BE5B63E5C}C:\users\home\appdata\local\temp\_istmp7.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp7.dir\_istmp0.dir\igd_finder.exe | 
"TCP Query User{8611C926-9677-4393-AA20-3F8F7EF5A4CB}I:\games\xfire\xfire.exe" = protocol=6 | dir=in | app=i:\games\xfire\xfire.exe | 
"TCP Query User{8B4BDCE1-E3B5-447F-B948-A1012298FF32}I:\games\diablo ii\game.exe" = protocol=6 | dir=in | app=i:\games\diablo ii\game.exe | 
"TCP Query User{8CB1C122-1974-4E33-91E2-7152D87C2CA6}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | 
"TCP Query User{8D2AA6DB-67F3-4334-B720-E2ACDAC78705}C:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"TCP Query User{8DEAE751-934C-4EA1-9653-A0D5C6EE8840}C:\users\home\appdata\local\temp\_istmp4.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp4.dir\_istmp0.dir\igd_finder.exe | 
"TCP Query User{B06C44F5-8253-4F33-915F-A6CB3A964E03}K:\steinberg\cubase 5\components\vstbridgeapp.exe" = protocol=6 | dir=in | app=k:\steinberg\cubase 5\components\vstbridgeapp.exe | 
"TCP Query User{BD76F527-4B9C-43E5-8545-B0E44BCE1D23}C:\program files (x86)\gmx\gmx multimessenger\messengr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gmx\gmx multimessenger\messengr.exe | 
"TCP Query User{C29F268A-5FC9-4FDD-A1A0-85E1944CA8DA}C:\users\home\appdata\local\temp\_istmp2.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp2.dir\_ins5576._mp | 
"TCP Query User{D0E3633E-A742-4FF6-8077-D9EAC051AFDA}C:\users\home\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
"TCP Query User{DA4529C0-EF60-4EFC-81C9-33FC5E3A9442}I:\games\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=6 | dir=in | app=i:\games\downloader_diablo2_lord_of_destruction_dede.exe | 
"TCP Query User{DEF6F943-BFFF-4722-AB78-2C4666C52EC8}I:\games\diablo ii\game.exe" = protocol=6 | dir=in | app=i:\games\diablo ii\game.exe | 
"TCP Query User{EE09515F-28F2-4EA3-8995-7B8937AF341A}C:\users\home\appdata\local\temp\_istmp7.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp7.dir\_ins5576._mp | 
"TCP Query User{F082B608-F4A7-4A30-A413-1A7BAAEB100D}C:\users\home\appdata\local\temp\_istmp5.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp5.dir\_ins5576._mp | 
"TCP Query User{F42EBE31-53C2-433D-B2FD-13B1DD81AD42}I:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=i:\games\warcraft iii\war3.exe | 
"TCP Query User{F894A2ED-56B3-4357-8C61-8AF2C79405CD}I:\games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=i:\games\battlefield 2\bf2.exe | 
"TCP Query User{F8CA00CD-7DFD-4A5D-B07E-EAA31A1F1B9F}C:\users\home\appdata\local\temp\_istmp6.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\_istmp6.dir\_ins5576._mp | 
"TCP Query User{FAECF3E2-4DAF-40AC-B71C-3E998B410FFD}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{FBD57605-EF8B-4B0A-8A96-27BC15110815}I:\games\xfire\xfire.exe" = protocol=6 | dir=in | app=i:\games\xfire\xfire.exe | 
"TCP Query User{FD26AFF3-2ADE-4F89-9630-8D85691C7CD6}I:\games\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=i:\games\heroes of newerth\hon.exe | 
"TCP Query User{FD8AA67E-B9F7-48E1-BBB6-2D4A19F89910}I:\games\steam\steamapps\warpath_psy\half-life blue shift\hl.exe" = protocol=6 | dir=in | app=i:\games\steam\steamapps\warpath_psy\half-life blue shift\hl.exe | 
"TCP Query User{FF2EA000-C0C1-461D-B93D-79BA7A63882F}I:\games\downloader_diablo2_dede.exe" = protocol=6 | dir=in | app=i:\games\downloader_diablo2_dede.exe | 
"UDP Query User{02712FDB-2BBD-49DD-AB86-5D48B3B44D61}C:\users\home\appdata\local\temp\_istmp2.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp2.dir\_istmp0.dir\igd_finder.exe | 
"UDP Query User{07CD5CB9-4DD4-4A01-B452-C5394AF5DE64}C:\users\home\appdata\local\temp\_istmp7.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp7.dir\_ins5576._mp | 
"UDP Query User{08E20376-9AA3-441B-8F15-3619E2B6022F}I:\games\steam\steamapps\warpath_psy\half-life\hl.exe" = protocol=17 | dir=in | app=i:\games\steam\steamapps\warpath_psy\half-life\hl.exe | 
"UDP Query User{145F848C-A366-466B-8D28-299C341F76AB}K:\steinberg\cubase 5\components\vstbridgeapp.exe" = protocol=17 | dir=in | app=k:\steinberg\cubase 5\components\vstbridgeapp.exe | 
"UDP Query User{19659E2D-87D6-44D4-A0E5-D2CD85AAD219}I:\games\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=i:\games\heroes of newerth\hon.exe | 
"UDP Query User{1D22F437-6A7F-458C-94A6-1A3E224E5B99}I:\games\xfire\xfire.exe" = protocol=17 | dir=in | app=i:\games\xfire\xfire.exe | 
"UDP Query User{250121E7-497D-4289-B59D-CD44AB8084D6}I:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=i:\games\warcraft iii\war3.exe | 
"UDP Query User{27849146-5B17-4A4D-BE48-3075B96DB278}I:\games\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=17 | dir=in | app=i:\games\downloader_diablo2_lord_of_destruction_dede.exe | 
"UDP Query User{2795A775-AC22-472C-A124-ECD4D4397A6A}I:\games\diablo ii\game.exe" = protocol=17 | dir=in | app=i:\games\diablo ii\game.exe | 
"UDP Query User{2A332ECF-C972-4813-A0F3-79AB92149922}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe | 
"UDP Query User{38044DC6-3C58-4E95-A7B3-3FDA556FCE92}C:\users\home\appdata\local\temp\_istmp6.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp6.dir\_ins5576._mp | 
"UDP Query User{413C0668-B796-430B-8390-9590877B23E6}I:\games\downloader_diablo2_dede.exe" = protocol=17 | dir=in | app=i:\games\downloader_diablo2_dede.exe | 
"UDP Query User{47270287-6C6F-4ACF-A0F0-B856C195C830}C:\program files (x86)\gmx\gmx multimessenger\messengr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gmx\gmx multimessenger\messengr.exe | 
"UDP Query User{4F860367-0C2A-4C8B-90E9-263204DB752C}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{61390E3F-11B2-4242-97C7-6EAFF9D4ADDA}C:\users\home\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
"UDP Query User{6259476B-E1BD-474E-91D2-183DB6F52496}C:\users\home\appdata\local\temp\_istmp5.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp5.dir\_istmp0.dir\igd_finder.exe | 
"UDP Query User{69D6768C-6382-42B9-828D-22194A4906D5}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{6BA6C5F4-FB21-40B5-8623-E84900D94F1A}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{6D4E743D-4215-4BA6-B5A5-79E35141BF7F}C:\users\home\appdata\local\temp\_istmp3.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp3.dir\_ins5576._mp | 
"UDP Query User{7CD1B51A-1580-4DB5-B261-B506E51376F6}I:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe" = protocol=17 | dir=in | app=i:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe | 
"UDP Query User{89D9B4CB-C89C-4308-93A8-E99021701E70}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"UDP Query User{8FE1A088-171A-4A3F-94E0-CFC925487BE5}I:\games\xfire\xfire.exe" = protocol=17 | dir=in | app=i:\games\xfire\xfire.exe | 
"UDP Query User{92412963-4626-4476-A6EF-C8423D945D1C}C:\program files (x86)\fritz!\friver32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\friver32.exe | 
"UDP Query User{92676ACC-B628-402F-9B96-6B822D1779F2}I:\programme\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=i:\programme\ws_ftp\ws_ftp95.exe | 
"UDP Query User{93BB0996-9081-4A14-823E-BC8D2287ADCA}I:\games\steam\steamapps\warpath_psy\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=i:\games\steam\steamapps\warpath_psy\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{A59DA99B-2EB1-474E-8ABA-572AB6FBA6A5}I:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe" = protocol=17 | dir=in | app=i:\games\steam\steamapps\warpath_psy\day of defeat\hl.exe | 
"UDP Query User{AD909339-1707-40D0-AB9E-8735EBAC8134}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{AF51FCB0-0945-4579-A5DF-07F2C5213E53}C:\users\home\appdata\local\temp\_istmp4.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp4.dir\_istmp0.dir\igd_finder.exe | 
"UDP Query User{B24F578F-D069-4504-A684-9BB8AB825482}C:\users\home\appdata\local\temp\_istmp3.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp3.dir\_istmp0.dir\igd_finder.exe | 
"UDP Query User{B42CE645-BD02-416F-8335-E6D969C82A63}C:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"UDP Query User{CD1A32C7-443D-4439-975D-2D2B3A74550E}I:\programme\icq6\icq.exe" = protocol=17 | dir=in | app=i:\programme\icq6\icq.exe | 
"UDP Query User{D54AF2B8-4F42-44C7-A9CD-F2989E1A1552}I:\games\steam\steamapps\warpath_psy\half-life blue shift\hl.exe" = protocol=17 | dir=in | app=i:\games\steam\steamapps\warpath_psy\half-life blue shift\hl.exe | 
"UDP Query User{D7ECC21F-0EDF-4532-988B-07C291E0FD75}C:\users\home\appdata\local\temp\_istmp5.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp5.dir\_ins5576._mp | 
"UDP Query User{DD8958D4-DF96-4D04-846D-8EFC1A2DE2CB}K:\steinberg\cubase 5\cubase5.exe" = protocol=17 | dir=in | app=k:\steinberg\cubase 5\cubase5.exe | 
"UDP Query User{DE0966C6-C80C-487E-89A3-A92D9F981F44}I:\games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=i:\games\battlefield 2\bf2.exe | 
"UDP Query User{DF2EE792-D1C7-453A-91E3-3C2599A79A5E}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{E6A8E70A-8D59-414C-A829-B90AFED91899}I:\games\quake4.exe" = protocol=17 | dir=in | app=i:\games\quake4.exe | 
"UDP Query User{E98A718C-7755-46DC-BCA4-2BBD386595B0}I:\programme\icq6.5\icq.exe" = protocol=17 | dir=in | app=i:\programme\icq6.5\icq.exe | 
"UDP Query User{ECB569E4-DC34-41C8-8C27-EDA934242541}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{ECCA6CC9-DB90-466C-9A01-4F4214C018B3}I:\games\diablo ii\game.exe" = protocol=17 | dir=in | app=i:\games\diablo ii\game.exe | 
"UDP Query User{F7BD6E2A-8D8E-4CBD-85F0-60E6E7A8532F}C:\users\home\appdata\local\temp\_istmp6.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp6.dir\_istmp0.dir\igd_finder.exe | 
"UDP Query User{F886EF1B-0594-4BA1-833F-416D18EF136F}C:\users\home\appdata\local\temp\_istmp7.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp7.dir\_istmp0.dir\igd_finder.exe | 
"UDP Query User{FBEA4EC8-C501-4740-849D-D20BED06DDE4}C:\users\home\appdata\local\temp\_istmp2.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp2.dir\_ins5576._mp | 
"UDP Query User{FE3330D3-0EB1-4A70-8AED-6E5BF2ACC5C7}C:\users\home\appdata\local\temp\_istmp4.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\_istmp4.dir\_ins5576._mp | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{59427B1F-852F-4AF1-8215-E5B12F966D89}" = Logitech G11 Keyboard Software 1.03
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{743C5D75-6BC8-4881-BF7D-E7DF29F155F4}" = Steinberg HALionOne 64bit
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{8A9065DA-0293-41DA-A349-16E1A2605F64}" = Steinberg Cubase 5 64bit
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1DC4E424-5D92-4C92-B1E1-4BE4318E7136}" = James Cameron's AVATAR(tm): DAS SPIEL (Demo)
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.007.00
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4346EAEC-E5B0-4102-AF7F-5D074E766D64}" = Audials TV
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5BA8FE06-A543-458B-B517-654829A3A458}" = Wayfinder MapLoader
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AEC97C4-ACCF-4759-A524-8E15C478E43B}" = Media Go
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{8046A32C-88A7-45DA-B6D7-B6191E261031}" = Nero 7 Essentials
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{ABD1DC2F-0D20-4C44-BEB9-3EEFA0EA1031}" = SecurDisc Viewer
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Security Suite CBE
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9FDACA5-CD20-4841-B034-A1F25969C75A}" = MyTeammanager with Launch Panel
"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIM_6" = AIM
"Antares Auto-Tune v4.39" = Antares Auto-Tune v4.39
"ATC for Battlefield 2 Complete_is1" = ATC for Battlefield 2 Complete
"AudioEase Altiverb VST RTAS_is1" = AudioEase Altiverb VST RTAS v6.12
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"AVMWLANCLI" = AVM FRITZ!WLAN
"CDex" = CDex extraction audio
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Diablo II" = Diablo II
"EA Download Manager" = EA Download Manager
"eBay Icon" = eBay Icon
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormatFactory" = FormatFactory 2.20
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"GMX MultiMessenger" = GMX MultiMessenger
"Guild Wars" = GUILD WARS
"GuildWars Visions_is1" = GuildWars Visions v1.08
"GW Team Builder_is1" = GW Team Builder 1.2.1
"hon" = Heroes of Newerth
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InstallWIX_{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Security Suite CBE
"Internet-Radio Player_is1" = Internet-Radio Player Version 2.01.4
"Kjaerhus Audio - Golden Audio Channel | GAC-1_is1" = Kjaerhus Audio - Golden Audio Channel | GAC-1 v1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mp3tag" = Mp3tag v2.45b
"Mumble" = Mumble and Murmur
"OpenAL" = OpenAL
"paw·ned²" = paw·ned² RC1
"PSP Audioware Nitro v1.0.2" = PSP Audioware Nitro v1.0.2
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"RollerCoaster Tycoon Setup" = Roll
"SlimBrowser" = SlimBrowser (remove only)
"Steinberg HALion Symphonic Orchestra 16-bit Edition" = Steinberg HALion Symphonic Orchestra 16-bit Edition
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"UAD Powered Plug-Ins" = UAD Powered Plug-Ins
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.06.2009 02:52:30 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.06.2009 00:10:13 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.06.2009 00:52:33 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.06.2009 00:53:43 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.06.2009 01:08:38 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2009 12:30:57 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2009 12:59:15 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.06.2009 00:46:11 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.06.2009 08:03:57 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.06.2009 01:35:24 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12.05.2010 02:05:32 | Computer Name = Home-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 12.05.2010 02:05:32 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 12.05.2010 02:05:32 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.05.2010 02:05:33 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 12.05.2010 02:05:33 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.05.2010 00:58:24 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 13.05.2010 05:00:14 | Computer Name = Home-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.05.2010 um 10:56:53 unerwartet heruntergefahren.
 
Error - 13.05.2010 05:01:45 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.05.2010 05:01:45 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 14.05.2010 01:45:09 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         

Alt 16.05.2010, 18:34   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Löschen oder nicht löschen, das ist hier die Frage - Standard

Löschen oder nicht löschen, das ist hier die Frage



Bitte poste das Logfile von Malwarebytes komplett, der Kopfbereich das Logs fehlt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.05.2010, 18:51   #9
Jogi
 
Löschen oder nicht löschen, das ist hier die Frage - Standard

Löschen oder nicht löschen, das ist hier die Frage



das hier stand noch drüber, mehr nicht:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4102

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

15.05.2010 07:53:07
mbam-log-2010-05-15 (07-53-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|J:\|K:\|)
Durchsuchte Objekte: 343930

Alt 17.05.2010, 10:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Löschen oder nicht löschen, das ist hier die Frage - Standard

Löschen oder nicht löschen, das ist hier die Frage



Die Logs sind allesamt unauffällig - ich dneke mal, dass der Kaspersky sich einen Fehlalarm in Google erlaubt hat.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Löschen oder nicht löschen, das ist hier die Frage
earth, frage, gemeldet, google, google earth, heute, installation, kaspersky, löschen, nicht löschen, quarantäne, troja, trojan.generic, verschoben



Ähnliche Themen: Löschen oder nicht löschen, das ist hier die Frage


  1. AdwCleaner hat Dateien gefunden, löschen oder nicht?
    Log-Analyse und Auswertung - 24.09.2014 (12)
  2. supercopier.exe löschen oder nicht?
    Log-Analyse und Auswertung - 11.04.2014 (1)
  3. AddOn Home Tab im IE lässt sich nicht deaktivieren oder löschen
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (10)
  4. Schattenkopien lassen sich nicht defragmentieren oder löschen
    Alles rund um Windows - 09.08.2012 (13)
  5. Trojaner oder Virus! - geht nicht zu löschen - wer weiß wie ich ihn loswerde?
    Plagegeister aller Art und deren Bekämpfung - 16.02.2011 (26)
  6. rootkit.win32.tdss.d lässt sich nicht löschen oder desinfizieren!
    Plagegeister aller Art und deren Bekämpfung - 21.08.2010 (43)
  7. BDS/Papras.HE lässt sich nicht entfernen, löschen, oder in Quarantäne verschieben.
    Log-Analyse und Auswertung - 02.08.2010 (28)
  8. MBAM Log hat einiges gefunden, löschen oder nicht?
    Log-Analyse und Auswertung - 14.07.2010 (19)
  9. Dateien löschen oder nicht?!
    Plagegeister aller Art und deren Bekämpfung - 06.05.2010 (36)
  10. Löschen oder nicht?
    Log-Analyse und Auswertung - 26.05.2009 (0)
  11. Leerer Ordner lässt sich nicht löschen oder ändern
    Alles rund um Windows - 22.03.2009 (6)
  12. Virus oder nicht,dass ist hier die Frage
    Log-Analyse und Auswertung - 17.02.2009 (3)
  13. MSXML löschen oder nicht ?
    Mülltonne - 06.01.2009 (0)
  14. Virus oder nicht Virus....das ist hier die Frage!
    Plagegeister aller Art und deren Bekämpfung - 13.11.2008 (0)
  15. Löschen oder nicht?
    Alles rund um Windows - 07.11.2006 (2)
  16. file löschen oder nicht?
    Log-Analyse und Auswertung - 26.02.2005 (1)
  17. i.O oder nicht i.O.- das ist hier die Frage
    Log-Analyse und Auswertung - 28.01.2005 (3)

Zum Thema Löschen oder nicht löschen, das ist hier die Frage - Hallöchen, mein Kaspersky hat heute bei der Installation von Google Earth einen Trojan.Generic gemeldet, welchen ich dann gleich in die Quarantäne verschoben habe. Meine Frage ist jetzt: Soll ich den - Löschen oder nicht löschen, das ist hier die Frage...
Archiv
Du betrachtest: Löschen oder nicht löschen, das ist hier die Frage auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.