Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA-Trojaner (inkl. Logs)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.09.2012, 18:02   #1
Goldmund
 
BKA-Trojaner (inkl. Logs) - Standard

BKA-Trojaner (inkl. Logs)



Hallo zusammen :-)

So, hab mich soweit an die sehr verständliche Anleitung gehalten und poste dann jetzt mal meine Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.08.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
*** :: ALEXKISTE [Administrator]

Schutz: Deaktiviert

08.09.2012 16:51:28
mbam-log-2012-09-08 (17-43-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 446417
Laufzeit: 50 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 13
HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|yobsxokeujpjvux (Trojan.Phex.THAGen9) -> Daten: C:\ProgramData\yobsxoke.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\ProgramData\yobsxoke.exe (Trojan.Phex.THAGen9) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll (PUP.Codec.PR) -> Keine Aktion durchgeführt.
C:\Users\***\0.6518191257463457.exe (Trojan.Phex.THAGen9) -> Keine Aktion durchgeführt.
C:\Users\***\Downloads\Codec-C.exe (Affiliate.Downloader) -> Keine Aktion durchgeführt.

(Ende)
         
Folgend die Log-Dateien von OTL:

Code:
ATTFilter
OTL logfile created on: 08.09.2012 17:51:58 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Alexander Baumann\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,71% Memory free
10,83 Gb Paging File | 9,67 Gb Available in Paging File | 89,27% Paging File free
Paging file location(s): c:\pagefile.sys 7000 8000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 11,71 Gb Free Space | 6,29% Space Free | Partition Type: NTFS
 
Computer Name: ALEXKISTE | User Name: Alexander Baumann | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alexander Baumann\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (appdrvrem01) -- C:\Windows\SysNative\appdrvrem01.exe (Protection Technology)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Realtek11nSU) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (pgsql-8.3) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (appdrv01) -- C:\Windows\SysNative\drivers\appdrv01.sys (Protection Technology)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WEBNTACCESS) -- C:\Windows\SysWOW64\Ntaccess.sys (Your Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 1A 81 2B 71 89 CA 01  [binary data]
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{920C7765-B952-4555-9876-6B347F1814B2}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQr290tVy&i=26
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: crossriderapp435@crossrider.com:0.83.61
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: crossriderapp435@crossrider.com:0.78.35
FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.23 08:42:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.06 16:14:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.10 19:32:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.04 17:41:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.23 08:42:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.10 19:32:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.04 17:41:16 | 000,000,000 | ---D | M]
 
[2012.08.14 21:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\Extensions
[2012.08.29 16:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\Firefox\Profiles\oahuc9ne.default\extensions
[2012.08.29 16:22:59 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\Firefox\Profiles\oahuc9ne.default\extensions\crossriderapp435@crossrider.com
[2012.03.12 04:57:22 | 000,002,203 | ---- | M] () -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\firefox\profiles\oahuc9ne.default\searchplugins\MyStart Search.xml
[2012.08.06 23:35:26 | 000,002,519 | ---- | M] () -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\firefox\profiles\oahuc9ne.default\searchplugins\Search_Results.xml
[2012.08.14 21:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.10 19:32:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.27 18:33:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012.08.15 22:05:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.15 22:05:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.15 22:05:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.15 22:05:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.06 23:35:26 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012.08.15 22:05:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.15 22:05:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Alexander Baumann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Alexander Baumann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Premiumplay Codec-C = C:\Users\Alexander Baumann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.14.36_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Alexander Baumann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Alexander Baumann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Alexander Baumann\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-856751089-421654027-1046478264-1001..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C40B2C9-A16B-423B-BAA2-53289A269613}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9FCF206-8BAC-434C-9038-972D28CF04A2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\ageofconan.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe ()
O27:64bit: - HKLM IFEO\ageofconandx10.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe ()
O27 - HKLM IFEO\ageofconan.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe ()
O27 - HKLM IFEO\ageofconandx10.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{74276017-f562-11de-9930-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74276017-f562-11de-9930-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{a3d9f9a7-30a2-11e1-9f31-20cf30a4d5f2}\Shell - "" = AutoRun
O33 - MountPoints2\{a3d9f9a7-30a2-11e1-9f31-20cf30a4d5f2}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.08 16:50:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander Baumann\AppData\Roaming\Malwarebytes
[2012.09.08 16:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.08 16:50:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.08 16:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.08 16:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.08 16:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\dbfafzykueigiqk
[2012.09.06 02:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.06 02:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.08.29 16:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.08.29 16:19:21 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.08.29 16:19:21 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.08.29 16:19:21 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.08.29 16:19:21 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.08.29 16:19:21 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.08.29 16:19:21 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.08.29 16:19:21 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.08.29 16:19:21 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.08.29 16:19:21 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.08.29 16:19:21 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.08.29 16:19:21 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.08.29 14:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012.08.29 14:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012.08.29 14:04:54 | 000,000,000 | ---D | C] -- C:\Users\Alexander Baumann\Documents\Guild Wars 2
[2012.08.15 19:36:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander Baumann\AppData\Local\Macromedia
[2012.08.15 16:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix
[2012.08.15 16:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free WMA to MP3 Converter
[2012.08.15 09:25:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 09:25:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 09:25:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 09:25:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 09:25:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 09:25:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.15 09:25:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.15 09:25:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 09:25:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.15 09:25:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.15 09:25:28 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.15 09:25:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 09:25:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 04:20:36 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 04:20:32 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 04:20:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 04:20:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 04:20:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 04:20:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 04:20:29 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 04:20:23 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.08 17:47:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.08 17:47:46 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.08 17:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.08 16:50:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.08 16:28:25 | 000,076,358 | ---- | M] () -- C:\ProgramData\itzxwkghinltzfo
[2012.09.08 14:56:21 | 000,017,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.08 14:56:21 | 000,017,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 02:38:11 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.04 17:41:16 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.08.29 14:05:30 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.08.20 00:45:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.20 00:45:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.15 16:50:01 | 000,001,073 | ---- | M] () -- C:\Users\Alexander Baumann\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2012.08.15 16:35:37 | 000,413,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 09:21:00 | 001,542,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.15 09:21:00 | 000,669,908 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.15 09:21:00 | 000,629,394 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.15 09:21:00 | 000,137,516 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.15 09:21:00 | 000,112,576 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.08 16:50:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.08 16:28:19 | 000,076,358 | ---- | C] () -- C:\ProgramData\itzxwkghinltzfo
[2012.08.29 14:05:30 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012.08.15 16:50:01 | 000,001,073 | ---- | C] () -- C:\Users\Alexander Baumann\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.02.20 22:02:40 | 000,004,997 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.02.20 20:03:27 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010.12.08 16:19:57 | 000,027,291 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.12.08 16:19:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.12.08 16:19:40 | 000,020,837 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.10.27 18:07:23 | 000,000,378 | ---- | C] () -- C:\Users\Alexander Baumann\AppData\Roaming\burnaware.ini
[2010.03.23 09:19:01 | 000,000,105 | ---- | C] () -- C:\Users\Alexander Baumann\AppData\Local\fusioncache.dat
[2010.02.09 14:18:43 | 000,004,985 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009.12.30 21:30:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2010.01.22 12:13:02 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\DC++
[2012.07.20 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\Kalypso Media
[2010.07.31 20:29:04 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\Leadertech
[2012.04.06 05:59:30 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\loadtbs
[2012.03.16 19:43:00 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\Pro Cycling Manager 2008
[2012.04.22 20:49:03 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\Pro Cycling Manager 2011
[2010.02.05 20:35:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\SeriousBit
[2012.08.30 02:35:17 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\SoftGrid Client
[2010.02.09 13:48:21 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\TeamViewer
[2011.03.21 19:56:12 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\The Creative Assembly
[2012.03.24 18:08:05 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\TP
[2012.08.26 16:41:07 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\Tropico 4
[2012.09.04 17:42:46 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\TS3Client
[2010.03.23 09:33:32 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\Turbine
[2010.06.30 20:18:01 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\WordToPDF
[2010.08.22 04:09:04 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\www.TheXSoft.com
[2012.09.08 16:44:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 08.09.2012 17:51:58 - Run 1
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Alexander Baumann\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,71% Memory free
10,83 Gb Paging File | 9,67 Gb Available in Paging File | 89,27% Paging File free
Paging file location(s): c:\pagefile.sys 7000 8000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 11,71 Gb Free Space | 6,29% Space Free | Partition Type: NTFS
 
Computer Name: ALEXKISTE | User Name: Alexander Baumann | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-856751089-421654027-1046478264-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AAA5F6-B540-4D79-A7E7-BC893B2CDC42}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0EC3F02F-B735-4788-9D10-38876DE16193}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1233028F-7A8C-4BD4-BEA2-65235A2A3544}" = rport=137 | protocol=17 | dir=out | app=system | 
"{169D6BA3-E4B4-4668-9F4F-78A4943B53AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1A09887B-ECF5-4E24-9309-44D02D025E8F}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{1C91154B-7533-4A00-878E-E8419CC1C80E}" = lport=16962 | protocol=6 | dir=in | name=bb | 
"{20835575-CA99-4822-B132-991E476D097B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{27FB88C5-9609-441A-8063-770AB2742C4C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F55C190-DDEE-433C-B5F2-AEA32B2A07CA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{419FFFA6-FB7E-4AB8-8C04-1A712B4AB03A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{450B4947-5346-4891-B267-02B42D3128B2}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{4AB69D2C-9DA3-4D8D-A522-48389C4E3F97}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{594DB749-BBFC-480C-B357-14D7AA35FA0C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{71905F95-FEDD-4D6F-88CC-A1AD2BBDDAD9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{745F4051-6FFC-48AF-AA1D-5C92A8C91899}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{79DC9F8E-6EDD-4027-A832-F8F5BD0B50A5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7FE51A5D-1CDB-46A7-9536-12C47BD57BF1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{814CE103-E967-46D7-BAF8-685A00998A82}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8619B659-C03B-4D48-A797-208601230174}" = rport=139 | protocol=6 | dir=out | app=system | 
"{968A858D-FB63-4507-A4CE-5B4F91761A16}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9D14CE01-378C-4643-A925-E1A9905A4909}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B614ED36-77A2-4FDA-A8FC-EF94331DC594}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C770ED4A-40E1-4C59-8009-41B6107558DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C8A6DCA8-FF1E-4C40-B92D-DA1FE8B09BD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9680BB9-7B3B-4532-AD99-94BB8CC76C71}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D61EE327-FC87-4C36-AE49-517C305E6717}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{F5D86C5C-0411-4F98-83F7-DF7BBBB99E2A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018E1871-E3EA-480D-9DF1-56C36A5D87AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{054ECFC7-D197-4026-B3F2-24C1F0E5D95F}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe | 
"{05B51242-13E8-45D1-A323-94CF9241CC89}" = protocol=58 | dir=in | app=system | 
"{0B531648-4305-4D82-9254-0A7CE88BB99E}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{0C07A0C2-3E23-4FE9-B5E8-615911F340C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{11E60058-1C4F-4653-9C27-974002530D9E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{1337F212-8685-4144-B441-C6EBA1084A69}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe | 
"{1519FA98-2EC4-405D-A1C1-0D1E20230F8C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"{1580C3DE-F349-4A66-9202-5A820DE3823F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{16D0B394-BFF6-4233-B451-516626166826}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{1CBDC401-9FBB-4380-9574-B8893CD917B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1D6CE814-6B51-458A-BF8E-B04D6F0AC71A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{22DDC35A-6B07-4EE6-8728-A4497E51B395}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{28609110-C06A-4AB3-B52B-62F07A800D6F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"{2BED2516-B23A-496D-8F88-5C502CE5C95A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{2C35FF16-A6DF-4F8C-80EA-6D62344C9337}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{2D623482-C84E-440D-9211-851FDE841712}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"{2DFFAA10-DC5B-47E0-962B-EF6041FA7719}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2F9914E6-1F10-45F4-9ED9-3AE2691244D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{36FAC7EC-E213-4A22-96CB-4285D31030B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{37E88C07-5D1B-4713-BC56-9B022EDA9420}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3BEF372C-4A0D-4679-A2BF-FEDC3C541984}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{3C35BFB0-2756-4991-A92A-856D4D794D36}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{4785500F-1BD5-4A92-AC3E-F7AEFC1E7220}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\pcm.exe | 
"{4D33C54B-0622-4C36-B362-9D38DEA9665D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{50F305A2-3D40-4FF0-829D-8A50ADF403F0}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe | 
"{54CD4BB7-3D64-4380-A739-424CA63EE6F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{55383147-1355-4F0A-AE2A-2B55B3292BBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{56F39AF5-B223-4B6B-B8DC-C5279FD3204D}" = protocol=6 | dir=out | app=system | 
"{5ED1DD14-56E2-4191-87E2-99067C9F9C72}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{630C9EF0-6B62-400B-9753-D1DAD971416F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{650FD0A3-EFAA-4B3C-9328-B76FB721F18C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{66ECC681-1652-4028-9F59-BD546BD82EFD}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe | 
"{677F1D67-A7A2-490A-AF8B-D19A0F2F4461}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe | 
"{6A0C0ED5-9DA0-40B1-93FC-ACA3E614E9DC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"{6D6FD17F-204E-439D-832D-4B4DEB022818}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{6EBD8A73-0572-4812-9192-862BBD16C51A}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{6F846CD9-AF2A-48BE-919A-3C37CA85445E}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\autorun\exe\autorun.exe | 
"{71683CB2-FAE1-44CC-B10F-802D0E8280B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{730D4602-6949-47F3-B1EF-1C22F8CBF49B}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\bb.exe | 
"{745EF547-0A30-40F6-8014-3F5BACB4A128}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{768BC114-C62A-4D7E-84B6-69FB97EA2212}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{795DC155-CDE1-4536-91E1-AB7E62E9FEBC}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\autorun\exe\autorun.exe | 
"{7B25FE6B-C873-4557-B806-442EAB36F99B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{871EF9A3-3479-4518-AD61-ED64BE4B7A4B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{88D1A3E4-653E-46F6-B595-DBB67817D9C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{89D5D196-30AB-43D6-97DC-6100470B8756}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{8B5586A8-C65A-454E-ADC2-EC19283433F5}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\autorun\exe\autorun.exe | 
"{90EF0363-106B-42A5-A9C5-7FEC1394F20E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{914F8EF7-763C-412C-A897-173C727BB31B}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\bb.exe | 
"{9244A2F4-9864-4ACC-994D-AB56DCDC070B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{934C35E6-D123-4AB3-B6B9-DA8BE21DCB80}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\autorun\exe\autorun.exe | 
"{98A7E8B3-2D18-496E-B392-C25386A92B87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{99711329-94F9-4ED3-BEEC-84DD5788EAEF}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe | 
"{9CC0FB12-05EF-4172-A506-2F70CB91EAC1}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\bb.exe | 
"{9CF76566-635A-4489-AA30-7E854B194BA5}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{9D75A61E-E548-4BDB-B5AC-3B06CB34F262}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{9E7BBFB7-CE58-45C7-B480-A61C70A989C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{9E8C415C-15D8-40E2-A8E1-4F3B071589D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0E4F56E-7C84-49B6-B126-BF528C011FAB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A3249332-B2D3-4560-8052-88B6E6AA577C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A32558AA-AB0D-4373-B524-68EFDB3FF822}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france - saison 2008\autorun\exe\autorun.exe | 
"{A357D9A9-D0EA-4F4B-B356-03BCA3298119}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A4193757-6536-45C0-976D-AA99E8AE3BDF}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe | 
"{A6E8C9C0-0AB6-468B-BE5A-004D649A993A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{ACF43B88-E1A4-4090-8409-067A7316C536}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france - saison 2008\pcm.exe | 
"{AEBFA30F-A1BA-43AC-BAA5-6D883E1199FB}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe | 
"{AFED5F1F-4B33-4DA4-B61E-B97ECAE4FEC6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B0973B8A-17A0-4F7D-BA40-AF6BBD24014F}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\pcm.exe | 
"{B0D5DA42-9183-43A2-AFA0-361BCAA99C41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{B1146405-F530-468C-B8D4-968FD73C34D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B658EC7D-51BD-4EA6-A6EB-6362ED6C1C4D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"{B859B4AE-EA42-4AE5-9FBC-58BFF3C2D312}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\autorun\exe\autorun.exe | 
"{B9FA55CA-8E6C-4703-BFAD-985945B26147}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe | 
"{BA013B6F-7DA1-456A-974E-5A40567808C9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{BAC04B79-2A72-4027-B1E9-FD8DC15B46F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4ADB12D-6807-4DEB-BFFE-A83A77E4309B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{C7FB1433-EB97-4CF9-BCCA-E823240D0FFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CAE2421B-E046-4A4C-AFEE-EC1EFD235928}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\bb.exe | 
"{CEB0A88A-5AB2-47B2-AD9F-6D7D0F7A23CC}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france - saison 2008\pcm.exe | 
"{D3FCDD08-0635-4D8E-B704-E1201EF94885}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"{D6322BA2-7A07-46FA-A4F4-9059C637919C}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{D65BCC42-7CC9-4B35-97FA-4A0C15359889}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{D6BA9B7E-EA27-46B8-97C1-9062CD03A477}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\turbinelauncher.exe | 
"{D819E08F-807B-4BF4-B33D-7455F7E39FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{DAF8107C-0C15-474B-88CF-3F9D228FC1BC}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe | 
"{DC369620-F894-479B-9D8C-5312A3E43708}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{E3BA1EAE-3563-483F-B01B-6871D8319F6A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{EADBE19F-2190-410A-AEEF-DAA166D90E4B}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{EC1C8233-CBF8-4B31-84C6-A962DDB747DB}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\autorun\exe\autorun.exe | 
"{ED77F3EB-55EA-45E1-8CB0-5ED4BD615527}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{EEBEFCA9-EE45-4226-B986-8A6468635C65}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{F39762C0-D426-4B2B-ADB3-269650877835}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france - saison 2008\autorun\exe\autorun.exe | 
"{FB77328D-8798-407C-811A-60812F4F7C7B}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\turbinelauncher.exe | 
"TCP Query User{100C7431-541D-425F-894E-58865773F24C}C:\users\alexander baumann\downloads\sto_demo_installer.exe" = protocol=6 | dir=in | app=c:\users\alexander baumann\downloads\sto_demo_installer.exe | 
"TCP Query User{18DABBA7-D772-4DC3-AE55-0E8805A6CC88}C:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\pcm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\pcm.exe | 
"TCP Query User{5171CAC9-D768-443F-9FC3-442DD9D0E3C2}C:\users\alexander baumann\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\alexander baumann\appdata\local\temp\gw2.exe | 
"TCP Query User{70A0EFB5-8B27-48EE-B6CF-BFC35F8A4EEC}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe | 
"TCP Query User{7355803F-A7BB-44B9-9856-62F9B782884C}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | 
"TCP Query User{876EC449-8411-4A27-8072-EA9AC4D21A32}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe | 
"TCP Query User{90C3472C-913F-46C2-9BA8-F8A96BEA0416}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | 
"TCP Query User{9FB8E69D-C6F3-482B-B141-0991C17CA34C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{A78DB199-752F-4DC1-A65E-8EFD74DE8B47}C:\program files (x86)\cyanide\tour de france - saison 2008\pcm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france - saison 2008\pcm.exe | 
"TCP Query User{B1AE07DE-EE6C-44B7-93CD-344C6E882D89}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{B56F9FD9-037C-4401-BBBF-9FDA1D89C8E0}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
"TCP Query User{B8F3E165-067F-4963-8472-B96CE66B9559}C:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 10\manager10.exe | 
"TCP Query User{C7653F86-C4A2-4C50-B83C-3D9A6A895065}C:\program files (x86)\jowood\the guild 2 - pirates of the european seas\guildii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jowood\the guild 2 - pirates of the european seas\guildii.exe | 
"TCP Query User{C8B7E658-7354-45A0-926D-C66144B83655}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{D6937141-F92F-4D82-9F6C-88D706DB15DE}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"TCP Query User{D99AC659-9EA3-4EFF-A740-945305759A82}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\betatest\retailclient\swtor.exe | 
"UDP Query User{0446F549-F9D8-4B1E-89C6-C6589102C5D3}C:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\pcm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\pcm.exe | 
"UDP Query User{1B03D152-BA2B-4122-8EBA-9215B4F3ACF6}C:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 10\manager10.exe | 
"UDP Query User{1D227637-D6EA-4B3F-89E8-82A2C5A0CB72}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{32415F18-7E4B-4E86-B16C-9F8191F37294}C:\users\alexander baumann\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\alexander baumann\appdata\local\temp\gw2.exe | 
"UDP Query User{39EA454F-0DCB-4F19-AB02-568897287FC9}C:\program files (x86)\jowood\the guild 2 - pirates of the european seas\guildii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jowood\the guild 2 - pirates of the european seas\guildii.exe | 
"UDP Query User{3EEAECBE-307F-4712-B986-A6CF6CFE8527}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{45DDEF59-6354-4C3D-9231-09B32355419C}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe | 
"UDP Query User{57E50C21-AF84-4553-BE25-3A98A191A738}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | 
"UDP Query User{5A635A50-9379-4D34-A550-4918B2B2A927}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{5B25A075-3CC8-4171-99B2-0284BFFBDFC3}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\betatest\retailclient\swtor.exe | 
"UDP Query User{6876BCE3-03A4-45D3-A831-383B4E230BFC}C:\program files (x86)\cyanide\tour de france - saison 2008\pcm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france - saison 2008\pcm.exe | 
"UDP Query User{726D0980-B979-44BE-8400-3BD021020C6C}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{C38682E3-3AD4-46BF-AFCC-ECD1B13061D2}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{D065CEEB-0FBC-4AF1-B044-DB31F266062C}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe | 
"UDP Query User{E6705D14-546B-4150-91BE-262553FE2F00}C:\users\alexander baumann\downloads\sto_demo_installer.exe" = protocol=17 | dir=in | app=c:\users\alexander baumann\downloads\sto_demo_installer.exe | 
"UDP Query User{F178C96A-5B0C-4D94-956E-2022D69A18DE}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62140B07-129A-2BD0-81D2-2A1A7408ADC8}" = ATI Catalyst Install Manager
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{33E40F53-0CA2-4F7D-8BCE-577FAFB52799}_is1" = AoC QS.NET 2.4.1.0
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87464284-11C8-4F83-88EC-E8013320B789}" = AOC UI Installer 3.1.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"avast" = avast! Free Antivirus
"BloodBowl_is1" = Blood Bowl Version 1.2.0.1
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"EA Download Manager" = EA Download Manager
"EA Installer.-1797597899" = EA Installer
"EVE" = EVE Online (remove only)
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GameCenter" = GameCenter
"Guild Wars 2" = Guild Wars 2
"MagicDisc 2.5.77" = MagicDisc 2.5.77
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PKR" = PKR
"PokerStars" = PokerStars
"Premiumplay Codec-C" = Premiumplay Codec-C
"Pro Cycling Manager 2011_is1" = Tour de France 2011 - Der offizielle Radsport-Manager Version 1
"Steam App 8930" = Sid Meier's Civilization V
"Update Engine" = Sony Ericsson Update Engine
"Veetle TV" = Veetle TV
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-856751089-421654027-1046478264-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Tropico 4" = Tropico 4 1.00
 
========== Last 20 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 22.01.2010 16:20:24 | Computer Name = ALEXKISTE | Source = avast! | ID = 33554522
Description = 
 
Error - 23.01.2010 10:55:51 | Computer Name = ALEXKISTE | Source = avast! | ID = 33554522
Description = 
 
Error - 25.01.2010 06:15:55 | Computer Name = ALEXKISTE | Source = avast! | ID = 33554522
Description = 
 
Error - 26.01.2010 16:59:31 | Computer Name = ALEXKISTE | Source = avast! | ID = 33554522
Description = 
 
Error - 27.01.2010 05:47:36 | Computer Name = ALEXKISTE | Source = avast! | ID = 33554522
Description = 
 
Error - 31.01.2010 16:59:47 | Computer Name = ALEXKISTE | Source = avast! | ID = 33554522
Description = 
 
[ Application Events ]
Error - 05.09.2012 12:42:57 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-05 16:42:57 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 06.09.2012 13:55:28 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-06 17:55:28 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 07.09.2012 12:06:59 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-07 16:06:59 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 08.09.2012 00:54:17 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-08 04:54:17 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 08.09.2012 00:58:09 | Computer Name = ALEXKISTE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PCCompanion.exe, Version: 2.0.0.0,
 Zeitstempel: 0x4ea164bd  Name des fehlerhaften Moduls: Device.dll, Version: 1.0.0.1,
 Zeitstempel: 0x4ec38ef4  Ausnahmecode: 0xc0000417  Fehleroffset: 0x00052b22  ID des fehlerhaften
 Prozesses: 0x2dc  Startzeit der fehlerhaften Anwendung: 0x01cd8d7e7605585e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC 
Companion\Device.dll  Berichtskennung: c85465eb-f971-11e1-ba3e-20cf30a4d5f2
 
Error - 08.09.2012 08:34:50 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-08 12:34:50 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 08.09.2012 08:46:09 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-08 12:46:09 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 08.09.2012 10:34:56 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-08 14:34:56 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 08.09.2012 10:44:22 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-08 14:44:22 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 08.09.2012 11:44:43 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-08 15:44:43 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
[ System Events ]
Error - 08.09.2012 11:50:02 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.09.2012 11:51:36 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.09.2012 11:51:36 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.09.2012 11:51:36 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.09.2012 11:56:36 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.09.2012 11:56:36 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.09.2012 11:56:36 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.09.2012 11:58:44 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.09.2012 11:58:44 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.09.2012 11:58:44 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
Vorab schonmal tausend Dank für Eure Hilfe. :-)

Alt 08.09.2012, 20:15   #2
t'john
/// Helfer-Team
 
BKA-Trojaner (inkl. Logs) - Standard

BKA-Trojaner (inkl. Logs)





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} 
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{920C7765-B952-4555-9876-6B347F1814B2}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de 
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} 
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQr290tVy&i=26 
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "Search Results" 
FF - prefs.js..browser.search.order.1: "Search Results" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.startup.homepage: "https://www.google.de/" 
FF - prefs.js..extensions.enabledAddons: crossriderapp435@crossrider.com:0.83.61 
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 
FF - prefs.js..extensions.enabledItems: crossriderapp435@crossrider.com:0.78.35 
FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0 
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q=" 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found 
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found 
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found 
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 
O3 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found 
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found 
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found 
O15 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites) 
O15 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..Trusted Domains: com.tw ([global.msi] http in Trusted sites) 
O15 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..Trusted Domains: com.tw ([www.msi] http in Trusted sites) 
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1) 
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O27:64bit: - HKLM IFEO\ageofconan.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe () 
O27:64bit: - HKLM IFEO\ageofconandx10.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe () 
O27 - HKLM IFEO\ageofconan.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe () 
O27 - HKLM IFEO\ageofconandx10.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe () 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{74276017-f562-11de-9930-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{74276017-f562-11de-9930-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe 
O33 - MountPoints2\{a3d9f9a7-30a2-11e1-9f31-20cf30a4d5f2}\Shell - "" = AutoRun 
O33 - MountPoints2\{a3d9f9a7-30a2-11e1-9f31-20cf30a4d5f2}\Shell\AutoRun\command - "" = G:\Startme.exe 
[2012.09.08 16:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\dbfafzykueigiqk 
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] 
[2012.09.08 16:28:25 | 000,076,358 | ---- | M] () -- C:\ProgramData\itzxwkghinltzfo 
[2012.03.12 04:57:22 | 000,002,203 | ---- | M] () -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\firefox\profiles\oahuc9ne.default\searchplugins\MyStart Search.xml 
[2012.08.06 23:35:26 | 000,002,519 | ---- | M] () -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\firefox\profiles\oahuc9ne.default\searchplugins\Search_Results.xml 

[2009.12.30 21:30:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat 
:Files

C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Alexander Baumann\AppData\Local\{*}
C:\Users\Alexander Baumann\AppData\Local\Temp\*.exe
C:\Users\Alexander Baumann\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________

__________________

Alt 27.10.2012, 05:44   #3
t'john
/// Helfer-Team
 
BKA-Trojaner (inkl. Logs) - Standard

BKA-Trojaner (inkl. Logs)



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
__________________

Antwort

Themen zu BKA-Trojaner (inkl. Logs)
adobe, affiliate.downloader, autorun, browser, firefox, flash player, helper, home, install.exe, langs, launch, logfile, mozilla, nvidia update, officejet, pirates, pup.codec.pr, pup.crossfire.gen, realtek, registry, scan, security, svchost.exe, teamspeak, trojan.phex.thagen, trojan.phex.thagen9, usb, wma



Ähnliche Themen: BKA-Trojaner (inkl. Logs)


  1. Bestätigter Virus - Analyse/Säuberung des Trojaner/Keylogger inkl. Ursprungsdatei
    Plagegeister aller Art und deren Bekämpfung - 15.08.2015 (8)
  2. Win7-32bit: (GVU?) Trojaner inkl. Foto via WebCam
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (7)
  3. Win7 mit Trojaner inkl. Webcam, kein abgesicherter Modus möglich
    Log-Analyse und Auswertung - 16.09.2013 (3)
  4. Polizei-Trojaner Hilfe (auch im Abgesicherten Modus) inkl. bereits ausgelesenem Logfile
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (4)
  5. GVU Trojaner inkl. Webcam
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (8)
  6. Polizei Trojaner inkl. Webcam, Abgesicherter Modus funktioniet nicht!
    Log-Analyse und Auswertung - 03.11.2012 (11)
  7. GVU-/BSI-Trojaner eingefangen inkl. Webcambild
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (13)
  8. Virenbefall: Exploits und "Java-Virus" inkl Logs
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (4)
  9. GVU Trojaner, Prüfung MBR (inkl. Log-Files)
    Log-Analyse und Auswertung - 21.08.2012 (2)
  10. Bundestrojaner nach Systemwiderherstellung inkl. Logs
    Log-Analyse und Auswertung - 30.07.2012 (17)
  11. Entfernen von Live Security Platinum erfolgreich? (inkl. Logs)
    Log-Analyse und Auswertung - 22.07.2012 (4)
  12. GVU Trojaner inkl. rundll-Probleme beim Systemstart
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (12)
  13. Trojaner, Schwarzer Bildschirm inkl. Deutschlandflagge, 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (23)
  14. BKA Trojaner inkl. Logfile
    Log-Analyse und Auswertung - 30.12.2011 (4)
  15. Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen (trojan)" - Was nun? (inkl. Hjackthis-File)
    Plagegeister aller Art und deren Bekämpfung - 17.06.2010 (1)
  16. Diverse Trojaner (inkl.AntiVir Bericht)!
    Plagegeister aller Art und deren Bekämpfung - 05.08.2008 (6)
  17. Hilfe, Trojaner! Logfile inkl!
    Log-Analyse und Auswertung - 04.02.2007 (30)

Zum Thema BKA-Trojaner (inkl. Logs) - Hallo zusammen :-) So, hab mich soweit an die sehr verständliche Anleitung gehalten und poste dann jetzt mal meine Logs: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org - BKA-Trojaner (inkl. Logs)...
Archiv
Du betrachtest: BKA-Trojaner (inkl. Logs) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.