Trojaner-Board - Bundespolizei Virus

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 20.10.2012 19:09:35 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\admin\Desktop

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 

2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,74% Memory free

4,00 Gb Paging File | 3,07 Gb Available in Paging File | 76,87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195,21 Gb Total Space | 38,32 Gb Free Space | 19,63% Space Free | Partition Type: NTFS

Drive D: | 270,45 Gb Total Space | 0,01 Gb Free Space | 0,00% Space Free | Partition Type: NTFS

Drive E: | 2,06 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive F: | 7,45 Gb Total Space | 7,02 Gb Free Space | 94,13% Space Free | Partition Type: FAT32

 

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2956749748-3150706099-3700960955-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0A15F183-5E39-4244-8029-F1F6DA6AACF9}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{0B7B7796-CB3B-4E89-A613-6B1B555CB314}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{0F05EAB2-E085-453D-A699-0A68B49038DE}" = rport=138 | protocol=17 | dir=out | app=system | 

"{1332FB4E-77B0-4E41-BAD8-D6BF42752B1C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{134549CD-52FD-4424-91CC-9103D4E1FCAD}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | 

"{14E47FCF-722D-4FA0-92C5-6E1600EAE4EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{1CEFED6B-425F-4DB6-84AF-59DA041822A5}" = lport=18142 | protocol=6 | dir=in | name=tcp 18142 | 

"{22577AC4-CA32-4A8C-950A-71F4A167CC02}" = lport=20987 | protocol=17 | dir=in | name=udp 20987 | 

"{23772826-591F-4F2D-947C-567DB554E716}" = rport=137 | protocol=17 | dir=out | app=system | 

"{28A01232-648F-4D8D-A601-DC714E8531A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{33A26DC7-4507-46B5-A9EE-D5097381E89D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{37587207-6D2B-4D0E-8399-2299732A3CE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3A975CF9-595B-4B7F-B17F-DA505A02697B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{3E297235-E3BA-4F2B-AB06-C16D9FFB4505}" = lport=22461 | protocol=6 | dir=in | name=tcp 22461 | 

"{4302DD30-A1BE-40D0-8F47-CB5D271933A5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{4BF64DB1-4FBF-4700-A9B5-BADF7EF6A77E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{50B01CC0-BA41-40F6-8476-87F42334D740}" = lport=445 | protocol=6 | dir=in | app=system | 

"{6B197470-AD6A-4FF8-A941-A6770DBE20C6}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{76B7A482-65D7-468D-B45A-D9EE70239D53}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | 

"{7AB86F7F-D654-4F4F-84D6-F13A7B8BBB5C}" = rport=445 | protocol=6 | dir=out | app=system | 

"{7CE33EE1-75D1-48DE-A924-B6D40D826E59}" = lport=22358 | protocol=17 | dir=in | name=udp 22358 | 

"{7D1F6E5F-1D4A-4A76-8595-909F47773A5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{88396120-1C2D-4964-8F1F-C1E0336BF1D8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{8F17CBBF-B168-45EE-A42B-99CD60CD352D}" = lport=138 | protocol=17 | dir=in | app=system | 

"{926F82E4-AB90-4E43-9784-F54467055B36}" = lport=18142 | protocol=6 | dir=in | name=tcp 18142 | 

"{95FFAB13-E7AA-4930-A9F8-71F44D817164}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{960067C8-E2D0-49ED-AC30-B41BCC2CEAD7}" = lport=22461 | protocol=6 | dir=in | name=tcp 22461 | 

"{9A98B612-6FB5-4607-95E7-89924B9DF7FB}" = lport=20987 | protocol=17 | dir=in | name=udp 20987 | 

"{B5DF061B-5A71-43EC-8579-2BEEBDDC7105}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{BCC607D1-C113-4C96-83B0-C73EC18C3C62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{C070FA5D-168F-4EA1-A2E9-04E30B684CF3}" = lport=22358 | protocol=17 | dir=in | name=udp 22358 | 

"{C90E0DB5-5A9D-423E-AEF5-77FB6F6DA358}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{CB61B1B6-BEB9-4822-B8E4-FD4C4599C5DE}" = lport=137 | protocol=17 | dir=in | app=system | 

"{CECFA4DD-1F50-41D8-B570-1A5AA2098127}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D8102EF9-B77A-4021-81C7-48A048CEDADE}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{E5B1298A-466F-4313-AFAF-BD8BB1625CFF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E72C96B6-04AF-44A3-AA0C-21DFA0AE59DD}" = rport=139 | protocol=6 | dir=out | app=system | 

"{F5AD2821-6EC2-4EAB-A157-E8F04B45641A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{F681F6AD-C5D3-40A6-80FF-200E9106B673}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{F77C552A-C00F-4128-9D0E-B524104142B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F795DD9A-E2BA-4224-9DEF-04565FADB3F7}" = lport=139 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01550F12-049B-44AB-90AD-251DFBFD1377}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{07F4CDA2-8241-4703-828F-D209DFCED08B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{0B1B367E-979E-458F-9D6A-10F7FF7E851E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 

"{1015CA1E-5187-44DE-BDC4-5B57D9F9FC1F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 

"{131B28BA-E8A3-481E-BFDE-CDBEAC5A36B3}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit clipinc\server\clipinc-server.exe | 

"{16B51465-257A-4DC6-AC0C-E9EE06EDA22C}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 

"{210BA6B2-E7CC-48FB-86AB-5C123C84ABBD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{2C20AD76-BBF6-47D6-A430-BC9D24AD4AE8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 

"{2C8A1EDF-5AEC-4346-8FC9-29727985EE44}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat | 

"{30AB8B1B-B21A-4677-8C6B-46970E0C2A1A}" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | 

"{32C33A61-03A3-4735-8597-28BB97D715B0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{3530DFA2-0AAC-4E84-B707-0C2540021E64}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{380AB806-2ABF-4C3E-AB72-F34CAE50BB46}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\die schlacht um mittelerde(tm)\game.dat | 

"{38A00968-5D83-4957-8FD5-A056779F9D3F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 

"{38F62C98-F0F4-45C1-BA85-E0BA75D21581}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit clipinc\server\clipinc-server.exe | 

"{3C21F161-E7D9-4D70-B368-B9FE7DE026EF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{43D52CC3-862A-42D3-A1E0-B6D9188D9ACB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 

"{475CB1D0-16C6-41E6-BC13-7FB57974824D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 

"{47B29A4C-CD51-486B-B208-20FBCC4C9255}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{4FB17C25-78C2-47D9-8D18-99A8E8E1A1A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{50D885AB-DB32-46F0-84C0-360E4EDF24E2}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 

"{5584CC3C-FC79-4042-80CF-5A9F64A2615F}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 

"{5E1838C2-42A2-4BB0-A3AA-DA47CBED2F21}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 

"{5EDE9843-BAE3-4866-91CD-A17814406A71}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 

"{62BC4CA4-6A5E-4A76-867F-8FABA79B33D4}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit clipinc\player\clipinc-player.exe | 

"{649DBD2B-45C2-402D-92D4-847E63E321E0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{68E85E02-0B8D-43F7-868C-19AA8A131BDB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 

"{6B2EBBA1-2A51-4450-9368-409AAEF44EC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 

"{6DCF70D5-0DF0-4ECB-8B04-783FC6C32DA8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{6E14441A-A1CE-4B99-A4BF-7BF074B87C10}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 

"{6F64AA4F-1ED9-4A97-84C0-FDC4A5C0C37B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{763DB054-9986-44D5-861D-5EF5336C33D3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 

"{77316A35-0B17-42E5-9158-C45FB658C652}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 

"{7BC00BA2-2B09-41ED-9221-40580B20A1F5}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 

"{7BD851F9-AA55-4507-824A-9712AB03108A}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 

"{7DE50DFF-C2ED-41E5-8335-0CA0DAF5EA0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{80D308B2-D3D7-48D2-8EAD-808204103AAF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{8402FAD1-262C-425E-9098-D736D9E5ECA3}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 

"{87B41495-3B7A-42ED-86A7-16C1F69EB3E1}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 

"{88DF5575-8DEA-401F-8F41-85DEDAA12223}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{895EA68F-E311-415B-A6EC-FBD20795A400}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{8A2650C3-0F02-4FDB-B520-F93ADB8A6791}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 

"{8B63869E-3E5F-4B79-AECA-C445B7FA7909}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 

"{8C35C89C-0EA0-413E-A38C-290A5F083E31}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 

"{8DF10EA6-C29C-4F0E-8AD2-BC10F4A7B946}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{8FC961EC-E290-494A-BDA8-C2A4AD9AAFD5}" = protocol=17 | dir=in | app=c:\program files (x86)\real warfare 1242\engine.exe | 

"{9748CF4B-533B-4C1A-AD51-8BAC3CB9F3F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{97CC7F52-FF02-44F8-8F0E-0E89B14E6D22}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 

"{99F10C00-21B2-42BE-829E-F426221558CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 

"{9E36F75F-0F5E-4601-BCAE-CF338FA96D3E}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 

"{9F1F0E4C-161D-43D3-8917-D14E00F98144}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{A0EF733D-B313-47CB-82D9-F0F723279211}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 

"{A7635211-EC4B-4F66-B4B6-F910D5FD4FB8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 

"{A773DC7F-D159-4A4B-984F-4B3EAAF8D991}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe | 

"{AB62A2FB-05DB-4B64-BC45-09B512778DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\real warfare 1242\engine.exe | 

"{B8F0B9EA-A318-47A1-AB26-02918660787F}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 

"{B962D68A-0BB2-4364-9658-BD30EA455A02}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{BB4A869F-EE57-428D-9602-2183CBF206E8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 

"{C01202B7-F77A-42D5-BB07-AE9ABF06FD71}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{C2DB29EC-EE6E-4577-9505-FEB4361DDA3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{C3C14905-4AED-486C-9794-5FD394492536}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{C4148C09-02F5-4910-927B-496E336C8ABD}" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | 

"{C95D8107-1418-4146-8EE9-4D1433DD55A8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 

"{CA2EEF88-DDEF-4B97-9B7B-149314B288C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D038143A-BD54-4E43-9771-8180D1756A78}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 

"{D3778ABC-0FFE-47FE-940A-29D595FED044}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{D446FD8A-7E03-4854-899B-B2F4E4E2DABD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 

"{D5D5D0F7-E0E1-4C40-AC59-1B22D96DA990}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 

"{D6E80FB5-AAED-40FE-AC19-79AD81FF5026}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{DB31BC33-DE65-41F7-B662-A74A1E5EDDDF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{DE83B220-D73F-4AF0-9C35-FDF7D887B569}" = protocol=6 | dir=out | app=system | 

"{DF51343C-BD8F-4C68-B972-BD94F63324B2}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit clipinc\player\clipinc-player.exe | 

"{E290A42B-FBA8-4FBA-93AB-A3D269191DEF}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 

"{EE7AC682-AB71-43F9-8648-13D2B4F6A101}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 

"{F4DE7B78-2A49-4C57-AB9E-771D400E7E71}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 

"{F90EA8F6-03CB-493D-95CD-1CE2FBEACC90}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 

"{F9E86089-C3E8-4C69-80DE-C619CCB347B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 

"TCP Query User{02B1C0C4-35CF-44E0-9070-2502E3C12ABD}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe | 

"TCP Query User{05D25DBB-7831-4EFA-A88B-48A72CF6F44E}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 

"TCP Query User{0746A021-67A1-4FF5-876B-AF39B2034ADB}C:\users\admin\appdata\local\temp\8495a4fd506549609ce2c12b13b5e6c1\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\8495a4fd506549609ce2c12b13b5e6c1\relicdownloader.exe | 

"TCP Query User{194E2295-D8FD-4EA0-8A0C-0E64E5D0AD36}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 

"TCP Query User{1CDBF59E-5ECD-4661-BF5C-96D0562EC6F6}C:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 

"TCP Query User{20CC97B6-783E-46C1-8CBE-FFF988C129E3}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 

"TCP Query User{3B36A54B-C2A1-4AF8-9E9B-856E65C668C8}C:\program files (x86)\1c company\13th century - death or glory\engine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\engine.exe | 

"TCP Query User{4EE3F7C5-8238-4B57-AA33-2E2C83C90B8A}C:\users\admin\desktop\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\far cry 2\bin\farcry2.exe | 

"TCP Query User{55CACDD9-27BD-408D-9902-D83BF41A112B}C:\program files (x86)\atari\crashday\crashday.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atari\crashday\crashday.exe | 

"TCP Query User{72FD8873-7A12-4E0C-B4F8-F36E8DBB61F6}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 

"TCP Query User{88972C79-3062-42BE-A8F8-202DCB79476C}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe | 

"TCP Query User{937A72AF-6BDF-4F7D-A89B-84DF0A2996AF}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 

"TCP Query User{95C621DA-26DD-4534-9175-38B6F9469B1A}C:\program files (x86)\mount&blade warband\mb_warband.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mount&blade warband\mb_warband.exe | 

"TCP Query User{9E8937FD-AFDC-4A65-8672-9A5DEEEAF835}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | 

"TCP Query User{A690A1A6-7303-4F36-B62D-51FFE4F43228}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe | 

"TCP Query User{A6E886C7-1ADD-4BB1-8A54-44F412392363}C:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 

"TCP Query User{A76476BA-BC90-4FAB-903E-B069AD80F44F}C:\program files (x86)\hercules\hercules optical glass\xtrctrlex.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hercules\hercules optical glass\xtrctrlex.exe | 

"TCP Query User{AADE54D1-F5F9-46DD-9E52-F8ECBD461D23}C:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe | 

"TCP Query User{B11057AD-F111-4C66-9C19-A2EF0B433273}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 

"TCP Query User{B251BB5E-6B98-47B7-8F68-11C6E2A22F29}C:\program files (x86)\sierra\empire earth ii\ee2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\empire earth ii\ee2.exe | 

"TCP Query User{B6089E08-EDDB-47D7-B13A-FA562CAEC2E9}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe | 

"TCP Query User{B84BD810-2E3D-43CA-BF6D-116D06CF05D1}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe | 

"TCP Query User{C25284A2-2DAB-4419-8A98-B188D006DD58}C:\program files (x86)\real warfare 1242\engine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real warfare 1242\engine.exe | 

"TCP Query User{D3145C89-FED3-48A6-B7D7-850E72867920}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 

"TCP Query User{D78F8333-1C9B-41D2-9930-18F3B0734A11}C:\program files (x86)\pyro studios\imperial glory\imperialglory.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pyro studios\imperial glory\imperialglory.exe | 

"TCP Query User{DC5143BA-C14A-4117-8DCA-D3D9EC27C3F9}C:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe | 

"TCP Query User{EA0225E9-48FF-440F-90E7-BE0C77F5CBEC}C:\program files (x86)\city interactive\armies of exigo\exigo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\city interactive\armies of exigo\exigo.exe | 

"TCP Query User{ED9BD235-0EC3-4139-9444-BB68C6275ADF}C:\program files (x86)\1c company\13th century - death or glory\engine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\engine.exe | 

"TCP Query User{F8219740-319C-4B84-AD8A-C36B63BC3AB4}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe | 

"UDP Query User{04E4E553-ACE5-46AF-A3C1-70B96AD929D0}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 

"UDP Query User{062422CD-D2F8-4AE8-8A10-F70A9C2C89B1}C:\program files (x86)\sierra\empire earth ii\ee2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\empire earth ii\ee2.exe | 

"UDP Query User{0E67FEA8-D154-48EB-AEAE-8F048FDE7E13}C:\program files (x86)\pyro studios\imperial glory\imperialglory.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pyro studios\imperial glory\imperialglory.exe | 

"UDP Query User{2AF136D4-ECC8-4DFF-848A-5E08103A7C1B}C:\program files (x86)\mount&blade warband\mb_warband.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mount&blade warband\mb_warband.exe | 

"UDP Query User{333667CF-065F-426A-BA65-CB882BC9C8E2}C:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 

"UDP Query User{422A94DD-1257-4901-B918-89CD138C34B5}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 

"UDP Query User{44BA1F5A-0D19-4FC0-B331-E13A6A5D259F}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 

"UDP Query User{4AB9B7EC-592A-4172-81DB-649211EB9983}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe | 

"UDP Query User{539A8E59-12FA-465F-B812-E3693556A384}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 

"UDP Query User{631B1249-0934-4427-B4BB-52B410E4A2E0}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | 

"UDP Query User{6A91B2EF-DC34-40BB-A30C-6B321EE5DB7D}C:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 

"UDP Query User{79236DB4-81D5-4899-A5D2-844DE0DBA89A}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 

"UDP Query User{80EF676B-DA6D-4F5C-A751-EC40C24A77C7}C:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe | 

"UDP Query User{83B21A1C-F0D7-4A7F-B548-8BB39DB40698}C:\program files (x86)\1c company\13th century - death or glory\engine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\engine.exe | 

"UDP Query User{87754115-9AA7-4269-8496-459E2EAF3632}C:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 

"UDP Query User{A11336AA-332A-4F48-9D2B-D64AD94BF706}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe | 

"UDP Query User{A33FC64E-8A0A-47F5-882A-28B1DB9D8FA1}C:\program files (x86)\atari\crashday\crashday.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atari\crashday\crashday.exe | 

"UDP Query User{AA1ACF95-4ACA-4B3B-B86B-7685F22CE269}C:\program files (x86)\hercules\hercules optical glass\xtrctrlex.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hercules\hercules optical glass\xtrctrlex.exe | 

"UDP Query User{AA50A34F-914F-4C58-9485-2BF499EC04D8}C:\program files (x86)\1c company\13th century - death or glory\engine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1c company\13th century - death or glory\engine.exe | 

"UDP Query User{AEAB3A1A-3834-4E9A-9A20-36D8B94A3F22}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe | 

"UDP Query User{B4E1935A-0B12-4E58-BA66-702263DCE004}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i\empire earth.exe | 

"UDP Query User{B78DD12A-15E9-4A8A-9BCF-1F86413DE26D}C:\program files (x86)\city interactive\armies of exigo\exigo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\city interactive\armies of exigo\exigo.exe | 

"UDP Query User{C7CA38E4-4104-42FC-8B0D-5BFDEEDC590F}C:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\tom clancy's rainbow six vegas 2\binaries\rainbowsixvegas2_sads.exe | 

"UDP Query User{C9C9C4D1-1718-40F8-8512-9EADC5624862}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 

"UDP Query User{D1931556-F046-41C7-9A97-2F68E8752125}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe | 

"UDP Query User{D3178D77-F434-40BD-80EC-C1C95CCB21E6}C:\users\admin\desktop\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\far cry 2\bin\farcry2.exe | 

"UDP Query User{DDFA2FF1-2AA6-416F-809C-4BAD484829A2}C:\users\admin\appdata\local\temp\8495a4fd506549609ce2c12b13b5e6c1\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\8495a4fd506549609ce2c12b13b5e6c1\relicdownloader.exe | 

"UDP Query User{EF93E038-32DB-4ED7-8A64-B50BFB3520D2}C:\program files (x86)\real warfare 1242\engine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real warfare 1242\engine.exe | 

"UDP Query User{FC5CAB66-F69A-40FB-A951-CD93925F8E4D}C:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for AMD64 and Intel EM64T

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"F4B837225347AABC4F4DB6067C4D5642AF04B34C" = Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (07/07/2011 15.32.4.883)

"Focusrite USB 2.0 Audio Driver_is1" = Focusrite USB 2.0 Audio Driver 2.1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0FDB2D25-D880-4E10-868F-8C64EFE155F1}" = G Data AntiVirus

"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI

"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI

"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar

"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities

"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth

"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II

"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI

"{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}" = Firebird SQL Server - MAGIX Edition

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI

"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI

"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends

"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online

"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI

"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD

"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI

"{819B324F-62E8-4CBF-9E41-52CE31BF1F2C}" = MAGIX Speed burnR (MSI)

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{912CE296-3D73-4A9D-B3FB-70A5CF7A8568}" = Empire Earth Ultimate Edition

"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI

"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CE80D58-2E74-4FF4-A2D2-5E714E470F36}" = ASUS nVidia Driver

"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch

"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™

"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI

"{BF8C4BA4-758D-44FF-A526-334620166B45}" = MP3 deluxe MX Update

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{CF7D3040-7427-4E54-BC1F-D92E5D599D72}" = MAGIX Screenshare

"{CFC811BB-5AC4-4F00-A88B-6DED596C2B36}" = MAGIX MP3 deluxe MX Download-Version

"{D1E30DE3-25B6-4E9C-940E-3FCA48ECB96B}" = ASUS Smart Doctor

"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI

"{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1" = Focusrite Scarlett Plug-in Suite 1.1

"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II

"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T

"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Optical Glass

"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Age of Empires 2.0" = Microsoft Age of Empires II

"ASIO4ALL" = ASIO4ALL

"Blitzkrieg" = Blitzkrieg Mod

"Company of Heroes" = Company of Heroes

"Desura" = Desura

"Diablo III" = Diablo III

"dlanconf" = devolo dLAN-Konfigurationsassistent

"dslmon" = devolo Informer

"FL Studio 10" = FL Studio 10

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online

"InstallShield_{D1E30DE3-25B6-4E9C-940E-3FCA48ECB96B}" = ASUS Smart Doctor

"Live 8.2.4" = Live 8.2.4

"MAGIX_MSI_mp3_deluxe_mx" = MAGIX MP3 deluxe MX Download-Version

"MAGIX_MSI_PCVisit" = MAGIX Screenshare

"MAGIX_MSI_Speed3_burnR_mxcdr_MSI" = MAGIX Speed burnR (MSI)

"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11

"PunkBusterSvc" = PunkBuster Services

"Robin Hood - Die Legende von Sherwood" = Robin Hood - Die Legende von Sherwood

"Steam App 24960" = Battlefield: Bad Company 2

"Steam App 48700" = Mount & Blade: Warband

"Warcraft III" = Warcraft III

"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

"xvid" = XviD MPEG-4 Video Codec

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 31.05.2012 13:36:10 | Computer Name = admin-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: ATKFUSService.exe, Version: 7.14.10.303,

 Zeitstempel: 0x46e903da  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,

 Zeitstempel: 0x4ec4b137  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c6ae2

ID

 des fehlerhaften Prozesses: 0x2d8  Startzeit der fehlerhaften Anwendung: 0x01cd3f53da4b3f15

Pfad

 der fehlerhaften Anwendung: C:\Windows\system32\ATKFUSService.exe  Pfad des fehlerhaften

 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 1bcb2a60-ab47-11e1-af93-90e6ba0da213

 

Error - 31.05.2012 13:39:09 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 31.05.2012 14:14:51 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 31.05.2012 15:05:11 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 31.05.2012 16:14:20 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 31.05.2012 17:05:04 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 01.06.2012 09:36:01 | Computer Name = admin-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: ATKFUSService.exe, Version: 7.14.10.303,

 Zeitstempel: 0x46e903da  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,

 Zeitstempel: 0x4ec4b137  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c6ae2

ID

 des fehlerhaften Prozesses: 0x2e0  Startzeit der fehlerhaften Anwendung: 0x01cd3ffb7917cc1c

Pfad

 der fehlerhaften Anwendung: C:\Windows\system32\ATKFUSService.exe  Pfad des fehlerhaften

 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: b9c794d5-abee-11e1-8d3d-90e6ba0da213

 

Error - 01.06.2012 09:39:02 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 01.06.2012 10:11:19 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 01.06.2012 11:01:11 | Computer Name = admin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

[ System Events ]

Error - 20.10.2012 05:50:20 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   EIO_XP

 

Error - 20.10.2012 05:50:22 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7034

Description = Dienst "ATK Fast User Switch Service" wurde unerwartet beendet. Dies

 ist bereits 1 Mal passiert.

 

Error - 20.10.2012 05:52:16 | Computer Name = admin-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 20.10.2012 06:07:31 | Computer Name = admin-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 20.10.2012 06:27:24 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7043

Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements

 nicht richtig heruntergefahren werden.

 

Error - 20.10.2012 13:01:39 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%577

 

Error - 20.10.2012 13:01:40 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%577

 

Error - 20.10.2012 13:01:41 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   EIO_XP

 

Error - 20.10.2012 13:01:45 | Computer Name = admin-PC | Source = Service Control Manager | ID = 7034

Description = Dienst "ATK Fast User Switch Service" wurde unerwartet beendet. Dies

 ist bereits 1 Mal passiert.

 

Error - 20.10.2012 13:03:39 | Computer Name = admin-PC | Source = DCOM | ID = 10010

Description = 

 

 

< End of report >
--- --- ---