| |
| |||||||
Log-Analyse und Auswertung: BKA-Trojaner (inkl. Logs)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
08.09.2012, 17:02
| #1 |
| |  BKA-Trojaner (inkl. Logs) Hallo zusammen :-) So, hab mich soweit an die sehr verständliche Anleitung gehalten und poste dann jetzt mal meine Logs: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.08.04 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 *** :: ALEXKISTE [Administrator] Schutz: Deaktiviert 08.09.2012 16:51:28 mbam-log-2012-09-08 (17-43-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 446417 Laufzeit: 50 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 13 HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt. HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> Keine Aktion durchgeführt. HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|yobsxokeujpjvux (Trojan.Phex.THAGen9) -> Daten: C:\ProgramData\yobsxoke.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\ProgramData\yobsxoke.exe (Trojan.Phex.THAGen9) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll (PUP.Codec.PR) -> Keine Aktion durchgeführt. C:\Users\***\0.6518191257463457.exe (Trojan.Phex.THAGen9) -> Keine Aktion durchgeführt. C:\Users\***\Downloads\Codec-C.exe (Affiliate.Downloader) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 08.09.2012 17:51:58 - Run 1 OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\Alexander Baumann\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,71% Memory free 10,83 Gb Paging File | 9,67 Gb Available in Paging File | 89,27% Paging File free Paging file location(s): c:\pagefile.sys 7000 8000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,31 Gb Total Space | 11,71 Gb Free Space | 6,29% Space Free | Partition Type: NTFS Computer Name: ALEXKISTE | User Name: Alexander Baumann | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Alexander Baumann\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () ========== Services (SafeList) ========== SRV:64bit: - (appdrvrem01) -- C:\Windows\SysNative\appdrvrem01.exe (Protection Technology) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Realtek11nSU) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (pgsql-8.3) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (appdrv01) -- C:\Windows\SysNative\drivers\appdrv01.sys (Protection Technology) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.) DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WEBNTACCESS) -- C:\Windows\SysWOW64\Ntaccess.sys (Your Corporation) DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406 IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 1A 81 2B 71 89 CA 01 [binary data] IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{920C7765-B952-4555-9876-6B347F1814B2}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQr290tVy&i=26 IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: crossriderapp435@crossrider.com:0.83.61 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 FF - prefs.js..extensions.enabledItems: crossriderapp435@crossrider.com:0.78.35 FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.23 08:42:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.06 16:14:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.10 19:32:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.04 17:41:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.23 08:42:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.10 19:32:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.04 17:41:16 | 000,000,000 | ---D | M] [2012.08.14 21:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\Extensions [2012.08.29 16:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\Firefox\Profiles\oahuc9ne.default\extensions [2012.08.29 16:22:59 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\Firefox\Profiles\oahuc9ne.default\extensions\crossriderapp435@crossrider.com [2012.03.12 04:57:22 | 000,002,203 | ---- | M] () -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\firefox\profiles\oahuc9ne.default\searchplugins\MyStart Search.xml [2012.08.06 23:35:26 | 000,002,519 | ---- | M] () -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\firefox\profiles\oahuc9ne.default\searchplugins\Search_Results.xml [2012.08.14 21:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.10 19:32:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.27 18:33:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.08.15 22:05:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.15 22:05:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.15 22:05:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.15 22:05:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.06 23:35:26 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012.08.15 22:05:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.15 22:05:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: LoadTubes Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Alexander Baumann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Alexander Baumann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Premiumplay Codec-C = C:\Users\Alexander Baumann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.14.36_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Alexander Baumann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Alexander Baumann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Alexander Baumann\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-856751089-421654027-1046478264-1001..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites) O15 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..Trusted Domains: com.tw ([global.msi] http in Trusted sites) O15 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..Trusted Domains: com.tw ([www.msi] http in Trusted sites) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C40B2C9-A16B-423B-BAA2-53289A269613}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9FCF206-8BAC-434C-9038-972D28CF04A2}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\ageofconan.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe () O27:64bit: - HKLM IFEO\ageofconandx10.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe () O27 - HKLM IFEO\ageofconan.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe () O27 - HKLM IFEO\ageofconandx10.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe () O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{74276017-f562-11de-9930-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{74276017-f562-11de-9930-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe O33 - MountPoints2\{a3d9f9a7-30a2-11e1-9f31-20cf30a4d5f2}\Shell - "" = AutoRun O33 - MountPoints2\{a3d9f9a7-30a2-11e1-9f31-20cf30a4d5f2}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.08 16:50:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander Baumann\AppData\Roaming\Malwarebytes [2012.09.08 16:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.08 16:50:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.08 16:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.08 16:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.08 16:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\dbfafzykueigiqk [2012.09.06 02:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.06 02:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.08.29 16:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.08.29 16:19:21 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.08.29 16:19:21 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.08.29 16:19:21 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.08.29 16:19:21 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.08.29 16:19:21 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.08.29 16:19:21 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.08.29 16:19:21 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.08.29 16:19:21 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.08.29 16:19:21 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.08.29 16:19:21 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.08.29 16:19:21 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.08.29 14:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2012.08.29 14:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2012.08.29 14:04:54 | 000,000,000 | ---D | C] -- C:\Users\Alexander Baumann\Documents\Guild Wars 2 [2012.08.15 19:36:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander Baumann\AppData\Local\Macromedia [2012.08.15 16:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix [2012.08.15 16:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free WMA to MP3 Converter [2012.08.15 09:25:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.15 09:25:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.15 09:25:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.15 09:25:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.15 09:25:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.15 09:25:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.15 09:25:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.15 09:25:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.15 09:25:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.15 09:25:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.15 09:25:28 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.15 09:25:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 09:25:27 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 04:20:36 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 04:20:32 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 04:20:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 04:20:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 04:20:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 04:20:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 04:20:29 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 04:20:23 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.08 17:47:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.08 17:47:46 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys [2012.09.08 17:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.08 16:50:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.08 16:28:25 | 000,076,358 | ---- | M] () -- C:\ProgramData\itzxwkghinltzfo [2012.09.08 14:56:21 | 000,017,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.08 14:56:21 | 000,017,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.06 02:38:11 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.04 17:41:16 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.08.29 14:05:30 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.08.20 00:45:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.20 00:45:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.15 16:50:01 | 000,001,073 | ---- | M] () -- C:\Users\Alexander Baumann\Desktop\Jodix Free WMA to MP3 Converter.lnk [2012.08.15 16:35:37 | 000,413,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.15 09:21:00 | 001,542,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.15 09:21:00 | 000,669,908 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.15 09:21:00 | 000,629,394 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.15 09:21:00 | 000,137,516 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.15 09:21:00 | 000,112,576 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.08 16:50:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.08 16:28:19 | 000,076,358 | ---- | C] () -- C:\ProgramData\itzxwkghinltzfo [2012.08.29 14:05:30 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.08.15 16:50:01 | 000,001,073 | ---- | C] () -- C:\Users\Alexander Baumann\Desktop\Jodix Free WMA to MP3 Converter.lnk [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.02.20 22:02:40 | 000,004,997 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2011.02.20 20:03:27 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2010.12.08 16:19:57 | 000,027,291 | ---- | C] () -- C:\Windows\Ascd_log.ini [2010.12.08 16:19:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.12.08 16:19:40 | 000,020,837 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.10.27 18:07:23 | 000,000,378 | ---- | C] () -- C:\Users\Alexander Baumann\AppData\Roaming\burnaware.ini [2010.03.23 09:19:01 | 000,000,105 | ---- | C] () -- C:\Users\Alexander Baumann\AppData\Local\fusioncache.dat [2010.02.09 14:18:43 | 000,004,985 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda [2009.12.30 21:30:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2010.01.22 12:13:02 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\DC++ [2012.07.20 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\Kalypso Media [2010.07.31 20:29:04 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\Leadertech [2012.04.06 05:59:30 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\loadtbs [2012.03.16 19:43:00 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\Pro Cycling Manager 2008 [2012.04.22 20:49:03 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\Pro Cycling Manager 2011 [2010.02.05 20:35:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\SeriousBit [2012.08.30 02:35:17 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\SoftGrid Client [2010.02.09 13:48:21 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\TeamViewer [2011.03.21 19:56:12 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\The Creative Assembly [2012.03.24 18:08:05 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\TP [2012.08.26 16:41:07 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\Tropico 4 [2012.09.04 17:42:46 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\TS3Client [2010.03.23 09:33:32 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\Turbine [2010.06.30 20:18:01 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\WordToPDF [2010.08.22 04:09:04 | 000,000,000 | ---D | M] -- C:\Users\Alexander Baumann\AppData\Roaming\www.TheXSoft.com [2012.09.08 16:44:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.09.2012 17:51:58 - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\Alexander Baumann\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,71% Memory free
10,83 Gb Paging File | 9,67 Gb Available in Paging File | 89,27% Paging File free
Paging file location(s): c:\pagefile.sys 7000 8000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 11,71 Gb Free Space | 6,29% Space Free | Partition Type: NTFS
Computer Name: ALEXKISTE | User Name: Alexander Baumann | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-856751089-421654027-1046478264-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AAA5F6-B540-4D79-A7E7-BC893B2CDC42}" = rport=445 | protocol=6 | dir=out | app=system |
"{0EC3F02F-B735-4788-9D10-38876DE16193}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1233028F-7A8C-4BD4-BEA2-65235A2A3544}" = rport=137 | protocol=17 | dir=out | app=system |
"{169D6BA3-E4B4-4668-9F4F-78A4943B53AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A09887B-ECF5-4E24-9309-44D02D025E8F}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{1C91154B-7533-4A00-878E-E8419CC1C80E}" = lport=16962 | protocol=6 | dir=in | name=bb |
"{20835575-CA99-4822-B132-991E476D097B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{27FB88C5-9609-441A-8063-770AB2742C4C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F55C190-DDEE-433C-B5F2-AEA32B2A07CA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{419FFFA6-FB7E-4AB8-8C04-1A712B4AB03A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{450B4947-5346-4891-B267-02B42D3128B2}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{4AB69D2C-9DA3-4D8D-A522-48389C4E3F97}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{594DB749-BBFC-480C-B357-14D7AA35FA0C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{71905F95-FEDD-4D6F-88CC-A1AD2BBDDAD9}" = lport=445 | protocol=6 | dir=in | app=system |
"{745F4051-6FFC-48AF-AA1D-5C92A8C91899}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{79DC9F8E-6EDD-4027-A832-F8F5BD0B50A5}" = rport=138 | protocol=17 | dir=out | app=system |
"{7FE51A5D-1CDB-46A7-9536-12C47BD57BF1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{814CE103-E967-46D7-BAF8-685A00998A82}" = lport=139 | protocol=6 | dir=in | app=system |
"{8619B659-C03B-4D48-A797-208601230174}" = rport=139 | protocol=6 | dir=out | app=system |
"{968A858D-FB63-4507-A4CE-5B4F91761A16}" = lport=137 | protocol=17 | dir=in | app=system |
"{9D14CE01-378C-4643-A925-E1A9905A4909}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B614ED36-77A2-4FDA-A8FC-EF94331DC594}" = lport=138 | protocol=17 | dir=in | app=system |
"{C770ED4A-40E1-4C59-8009-41B6107558DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8A6DCA8-FF1E-4C40-B92D-DA1FE8B09BD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C9680BB9-7B3B-4532-AD99-94BB8CC76C71}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D61EE327-FC87-4C36-AE49-517C305E6717}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{F5D86C5C-0411-4F98-83F7-DF7BBBB99E2A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018E1871-E3EA-480D-9DF1-56C36A5D87AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{054ECFC7-D197-4026-B3F2-24C1F0E5D95F}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{05B51242-13E8-45D1-A323-94CF9241CC89}" = protocol=58 | dir=in | app=system |
"{0B531648-4305-4D82-9254-0A7CE88BB99E}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{0C07A0C2-3E23-4FE9-B5E8-615911F340C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{11E60058-1C4F-4653-9C27-974002530D9E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1337F212-8685-4144-B441-C6EBA1084A69}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{1519FA98-2EC4-405D-A1C1-0D1E20230F8C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{1580C3DE-F349-4A66-9202-5A820DE3823F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{16D0B394-BFF6-4233-B451-516626166826}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{1CBDC401-9FBB-4380-9574-B8893CD917B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D6CE814-6B51-458A-BF8E-B04D6F0AC71A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{22DDC35A-6B07-4EE6-8728-A4497E51B395}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{28609110-C06A-4AB3-B52B-62F07A800D6F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{2BED2516-B23A-496D-8F88-5C502CE5C95A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{2C35FF16-A6DF-4F8C-80EA-6D62344C9337}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{2D623482-C84E-440D-9211-851FDE841712}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{2DFFAA10-DC5B-47E0-962B-EF6041FA7719}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2F9914E6-1F10-45F4-9ED9-3AE2691244D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{36FAC7EC-E213-4A22-96CB-4285D31030B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{37E88C07-5D1B-4713-BC56-9B022EDA9420}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3BEF372C-4A0D-4679-A2BF-FEDC3C541984}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{3C35BFB0-2756-4991-A92A-856D4D794D36}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{4785500F-1BD5-4A92-AC3E-F7AEFC1E7220}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\pcm.exe |
"{4D33C54B-0622-4C36-B362-9D38DEA9665D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50F305A2-3D40-4FF0-829D-8A50ADF403F0}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{54CD4BB7-3D64-4380-A739-424CA63EE6F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{55383147-1355-4F0A-AE2A-2B55B3292BBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{56F39AF5-B223-4B6B-B8DC-C5279FD3204D}" = protocol=6 | dir=out | app=system |
"{5ED1DD14-56E2-4191-87E2-99067C9F9C72}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{630C9EF0-6B62-400B-9753-D1DAD971416F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{650FD0A3-EFAA-4B3C-9328-B76FB721F18C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{66ECC681-1652-4028-9F59-BD546BD82EFD}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{677F1D67-A7A2-490A-AF8B-D19A0F2F4461}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{6A0C0ED5-9DA0-40B1-93FC-ACA3E614E9DC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{6D6FD17F-204E-439D-832D-4B4DEB022818}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{6EBD8A73-0572-4812-9192-862BBD16C51A}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{6F846CD9-AF2A-48BE-919A-3C37CA85445E}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\autorun\exe\autorun.exe |
"{71683CB2-FAE1-44CC-B10F-802D0E8280B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{730D4602-6949-47F3-B1EF-1C22F8CBF49B}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\bb.exe |
"{745EF547-0A30-40F6-8014-3F5BACB4A128}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{768BC114-C62A-4D7E-84B6-69FB97EA2212}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{795DC155-CDE1-4536-91E1-AB7E62E9FEBC}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\autorun\exe\autorun.exe |
"{7B25FE6B-C873-4557-B806-442EAB36F99B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{871EF9A3-3479-4518-AD61-ED64BE4B7A4B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{88D1A3E4-653E-46F6-B595-DBB67817D9C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{89D5D196-30AB-43D6-97DC-6100470B8756}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{8B5586A8-C65A-454E-ADC2-EC19283433F5}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\autorun\exe\autorun.exe |
"{90EF0363-106B-42A5-A9C5-7FEC1394F20E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{914F8EF7-763C-412C-A897-173C727BB31B}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\bb.exe |
"{9244A2F4-9864-4ACC-994D-AB56DCDC070B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{934C35E6-D123-4AB3-B6B9-DA8BE21DCB80}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\autorun\exe\autorun.exe |
"{98A7E8B3-2D18-496E-B392-C25386A92B87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{99711329-94F9-4ED3-BEEC-84DD5788EAEF}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{9CC0FB12-05EF-4172-A506-2F70CB91EAC1}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\bb.exe |
"{9CF76566-635A-4489-AA30-7E854B194BA5}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{9D75A61E-E548-4BDB-B5AC-3B06CB34F262}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{9E7BBFB7-CE58-45C7-B480-A61C70A989C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{9E8C415C-15D8-40E2-A8E1-4F3B071589D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0E4F56E-7C84-49B6-B126-BF528C011FAB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A3249332-B2D3-4560-8052-88B6E6AA577C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A32558AA-AB0D-4373-B524-68EFDB3FF822}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france - saison 2008\autorun\exe\autorun.exe |
"{A357D9A9-D0EA-4F4B-B356-03BCA3298119}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A4193757-6536-45C0-976D-AA99E8AE3BDF}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{A6E8C9C0-0AB6-468B-BE5A-004D649A993A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACF43B88-E1A4-4090-8409-067A7316C536}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france - saison 2008\pcm.exe |
"{AEBFA30F-A1BA-43AC-BAA5-6D883E1199FB}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{AFED5F1F-4B33-4DA4-B61E-B97ECAE4FEC6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B0973B8A-17A0-4F7D-BA40-AF6BBD24014F}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\pcm.exe |
"{B0D5DA42-9183-43A2-AFA0-361BCAA99C41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{B1146405-F530-468C-B8D4-968FD73C34D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B658EC7D-51BD-4EA6-A6EB-6362ED6C1C4D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{B859B4AE-EA42-4AE5-9FBC-58BFF3C2D312}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\autorun\exe\autorun.exe |
"{B9FA55CA-8E6C-4703-BFAD-985945B26147}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{BA013B6F-7DA1-456A-974E-5A40567808C9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{BAC04B79-2A72-4027-B1E9-FD8DC15B46F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4ADB12D-6807-4DEB-BFFE-A83A77E4309B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{C7FB1433-EB97-4CF9-BCCA-E823240D0FFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAE2421B-E046-4A4C-AFEE-EC1EFD235928}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\bb.exe |
"{CEB0A88A-5AB2-47B2-AD9F-6D7D0F7A23CC}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france - saison 2008\pcm.exe |
"{D3FCDD08-0635-4D8E-B704-E1201EF94885}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"{D6322BA2-7A07-46FA-A4F4-9059C637919C}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{D65BCC42-7CC9-4B35-97FA-4A0C15359889}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{D6BA9B7E-EA27-46B8-97C1-9062CD03A477}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\turbinelauncher.exe |
"{D819E08F-807B-4BF4-B33D-7455F7E39FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{DAF8107C-0C15-474B-88CF-3F9D228FC1BC}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{DC369620-F894-479B-9D8C-5312A3E43708}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{E3BA1EAE-3563-483F-B01B-6871D8319F6A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{EADBE19F-2190-410A-AEEF-DAA166D90E4B}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{EC1C8233-CBF8-4B31-84C6-A962DDB747DB}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\blood bowl\autorun\exe\autorun.exe |
"{ED77F3EB-55EA-45E1-8CB0-5ED4BD615527}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{EEBEFCA9-EE45-4226-B986-8A6468635C65}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{F39762C0-D426-4B2B-ADB3-269650877835}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france - saison 2008\autorun\exe\autorun.exe |
"{FB77328D-8798-407C-811A-60812F4F7C7B}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\turbinelauncher.exe |
"TCP Query User{100C7431-541D-425F-894E-58865773F24C}C:\users\alexander baumann\downloads\sto_demo_installer.exe" = protocol=6 | dir=in | app=c:\users\alexander baumann\downloads\sto_demo_installer.exe |
"TCP Query User{18DABBA7-D772-4DC3-AE55-0E8805A6CC88}C:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\pcm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\pcm.exe |
"TCP Query User{5171CAC9-D768-443F-9FC3-442DD9D0E3C2}C:\users\alexander baumann\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\alexander baumann\appdata\local\temp\gw2.exe |
"TCP Query User{70A0EFB5-8B27-48EE-B6CF-BFC35F8A4EEC}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{7355803F-A7BB-44B9-9856-62F9B782884C}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"TCP Query User{876EC449-8411-4A27-8072-EA9AC4D21A32}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"TCP Query User{90C3472C-913F-46C2-9BA8-F8A96BEA0416}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"TCP Query User{9FB8E69D-C6F3-482B-B141-0991C17CA34C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{A78DB199-752F-4DC1-A65E-8EFD74DE8B47}C:\program files (x86)\cyanide\tour de france - saison 2008\pcm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\tour de france - saison 2008\pcm.exe |
"TCP Query User{B1AE07DE-EE6C-44B7-93CD-344C6E882D89}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{B56F9FD9-037C-4401-BBBF-9FDA1D89C8E0}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
"TCP Query User{B8F3E165-067F-4963-8472-B96CE66B9559}C:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 10\manager10.exe |
"TCP Query User{C7653F86-C4A2-4C50-B83C-3D9A6A895065}C:\program files (x86)\jowood\the guild 2 - pirates of the european seas\guildii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jowood\the guild 2 - pirates of the european seas\guildii.exe |
"TCP Query User{C8B7E658-7354-45A0-926D-C66144B83655}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{D6937141-F92F-4D82-9F6C-88D706DB15DE}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{D99AC659-9EA3-4EFF-A740-945305759A82}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\betatest\retailclient\swtor.exe |
"UDP Query User{0446F549-F9D8-4B1E-89C6-C6589102C5D3}C:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\pcm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france 2011 - der offizielle radsport-manager\pcm.exe |
"UDP Query User{1B03D152-BA2B-4122-8EBA-9215B4F3ACF6}C:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 10\manager10.exe |
"UDP Query User{1D227637-D6EA-4B3F-89E8-82A2C5A0CB72}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{32415F18-7E4B-4E86-B16C-9F8191F37294}C:\users\alexander baumann\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\alexander baumann\appdata\local\temp\gw2.exe |
"UDP Query User{39EA454F-0DCB-4F19-AB02-568897287FC9}C:\program files (x86)\jowood\the guild 2 - pirates of the european seas\guildii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jowood\the guild 2 - pirates of the european seas\guildii.exe |
"UDP Query User{3EEAECBE-307F-4712-B986-A6CF6CFE8527}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{45DDEF59-6354-4C3D-9231-09B32355419C}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\conanpatcher.exe |
"UDP Query User{57E50C21-AF84-4553-BE25-3A98A191A738}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"UDP Query User{5A635A50-9379-4D34-A550-4918B2B2A927}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{5B25A075-3CC8-4171-99B2-0284BFFBDFC3}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\betatest\retailclient\swtor.exe |
"UDP Query User{6876BCE3-03A4-45D3-A831-383B4E230BFC}C:\program files (x86)\cyanide\tour de france - saison 2008\pcm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\tour de france - saison 2008\pcm.exe |
"UDP Query User{726D0980-B979-44BE-8400-3BD021020C6C}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{C38682E3-3AD4-46BF-AFCC-ECD1B13061D2}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{D065CEEB-0FBC-4AF1-B044-DB31F266062C}C:\program files (x86)\funcom\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\age of conan\ageofconan.exe |
"UDP Query User{E6705D14-546B-4150-91BE-262553FE2F00}C:\users\alexander baumann\downloads\sto_demo_installer.exe" = protocol=17 | dir=in | app=c:\users\alexander baumann\downloads\sto_demo_installer.exe |
"UDP Query User{F178C96A-5B0C-4D94-956E-2022D69A18DE}C:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars-the old republic\launcher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62140B07-129A-2BD0-81D2-2A1A7408ADC8}" = ATI Catalyst Install Manager
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{33E40F53-0CA2-4F7D-8BCE-577FAFB52799}_is1" = AoC QS.NET 2.4.1.0
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87464284-11C8-4F83-88EC-E8013320B789}" = AOC UI Installer 3.1.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"avast" = avast! Free Antivirus
"BloodBowl_is1" = Blood Bowl Version 1.2.0.1
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"EA Download Manager" = EA Download Manager
"EA Installer.-1797597899" = EA Installer
"EVE" = EVE Online (remove only)
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GameCenter" = GameCenter
"Guild Wars 2" = Guild Wars 2
"MagicDisc 2.5.77" = MagicDisc 2.5.77
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PKR" = PKR
"PokerStars" = PokerStars
"Premiumplay Codec-C" = Premiumplay Codec-C
"Pro Cycling Manager 2011_is1" = Tour de France 2011 - Der offizielle Radsport-Manager Version 1
"Steam App 8930" = Sid Meier's Civilization V
"Update Engine" = Sony Ericsson Update Engine
"Veetle TV" = Veetle TV
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-856751089-421654027-1046478264-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Tropico 4" = Tropico 4 1.00
========== Last 20 Event Log Errors ==========
[ Antivirus Events ]
Error - 22.01.2010 16:20:24 | Computer Name = ALEXKISTE | Source = avast! | ID = 33554522
Description =
Error - 23.01.2010 10:55:51 | Computer Name = ALEXKISTE | Source = avast! | ID = 33554522
Description =
Error - 25.01.2010 06:15:55 | Computer Name = ALEXKISTE | Source = avast! | ID = 33554522
Description =
Error - 26.01.2010 16:59:31 | Computer Name = ALEXKISTE | Source = avast! | ID = 33554522
Description =
Error - 27.01.2010 05:47:36 | Computer Name = ALEXKISTE | Source = avast! | ID = 33554522
Description =
Error - 31.01.2010 16:59:47 | Computer Name = ALEXKISTE | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 05.09.2012 12:42:57 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-05 16:42:57 GMT FATAL: bogus data in lock file "postmaster.pid":
""
Error - 06.09.2012 13:55:28 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-06 17:55:28 GMT FATAL: bogus data in lock file "postmaster.pid":
""
Error - 07.09.2012 12:06:59 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-07 16:06:59 GMT FATAL: bogus data in lock file "postmaster.pid":
""
Error - 08.09.2012 00:54:17 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-08 04:54:17 GMT FATAL: bogus data in lock file "postmaster.pid":
""
Error - 08.09.2012 00:58:09 | Computer Name = ALEXKISTE | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PCCompanion.exe, Version: 2.0.0.0,
Zeitstempel: 0x4ea164bd Name des fehlerhaften Moduls: Device.dll, Version: 1.0.0.1,
Zeitstempel: 0x4ec38ef4 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00052b22 ID des fehlerhaften
Prozesses: 0x2dc Startzeit der fehlerhaften Anwendung: 0x01cd8d7e7605585e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC
Companion\Device.dll Berichtskennung: c85465eb-f971-11e1-ba3e-20cf30a4d5f2
Error - 08.09.2012 08:34:50 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-08 12:34:50 GMT FATAL: bogus data in lock file "postmaster.pid":
""
Error - 08.09.2012 08:46:09 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-08 12:46:09 GMT FATAL: bogus data in lock file "postmaster.pid":
""
Error - 08.09.2012 10:34:56 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-08 14:34:56 GMT FATAL: bogus data in lock file "postmaster.pid":
""
Error - 08.09.2012 10:44:22 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-08 14:44:22 GMT FATAL: bogus data in lock file "postmaster.pid":
""
Error - 08.09.2012 11:44:43 | Computer Name = ALEXKISTE | Source = PostgreSQL | ID = 0
Description = 2012-09-08 15:44:43 GMT FATAL: bogus data in lock file "postmaster.pid":
""
[ System Events ]
Error - 08.09.2012 11:50:02 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.09.2012 11:51:36 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.09.2012 11:51:36 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.09.2012 11:51:36 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.09.2012 11:56:36 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.09.2012 11:56:36 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.09.2012 11:56:36 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.09.2012 11:58:44 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.09.2012 11:58:44 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.09.2012 11:58:44 | Computer Name = ALEXKISTE | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
|
|
08.09.2012, 19:15
| #2 |
| /// Helfer-Team  | BKA-Trojaner (inkl. Logs) Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{920C7765-B952-4555-9876-6B347F1814B2}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQr290tVy&i=26
IE - HKU\S-1-5-21-856751089-421654027-1046478264-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: crossriderapp435@crossrider.com:0.83.61
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: crossriderapp435@crossrider.com:0.78.35
FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O15 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-856751089-421654027-1046478264-1001\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\ageofconan.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe ()
O27:64bit: - HKLM IFEO\ageofconandx10.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe ()
O27 - HKLM IFEO\ageofconan.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe ()
O27 - HKLM IFEO\ageofconandx10.exe: Debugger - C:\Program Files (x86)\AoCQS\AoCQS.Launch.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{74276017-f562-11de-9930-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74276017-f562-11de-9930-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{a3d9f9a7-30a2-11e1-9f31-20cf30a4d5f2}\Shell - "" = AutoRun
O33 - MountPoints2\{a3d9f9a7-30a2-11e1-9f31-20cf30a4d5f2}\Shell\AutoRun\command - "" = G:\Startme.exe
[2012.09.08 16:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\dbfafzykueigiqk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2012.09.08 16:28:25 | 000,076,358 | ---- | M] () -- C:\ProgramData\itzxwkghinltzfo
[2012.03.12 04:57:22 | 000,002,203 | ---- | M] () -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\firefox\profiles\oahuc9ne.default\searchplugins\MyStart Search.xml
[2012.08.06 23:35:26 | 000,002,519 | ---- | M] () -- C:\Users\Alexander Baumann\AppData\Roaming\mozilla\firefox\profiles\oahuc9ne.default\searchplugins\Search_Results.xml
[2009.12.30 21:30:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Alexander Baumann\AppData\Local\{*}
C:\Users\Alexander Baumann\AppData\Local\Temp\*.exe
C:\Users\Alexander Baumann\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
|
27.10.2012, 04:44
| #3 |
| /// Helfer-Team | BKA-Trojaner (inkl. Logs) Fehlende Rückmeldung
__________________Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ |
|
| Themen zu BKA-Trojaner (inkl. Logs) |
| adobe, affiliate.downloader, autorun, browser, firefox, flash player, helper, home, install.exe, langs, launch, logfile, mozilla, nvidia update, officejet, pirates, plug-in, pup.codec.pr, pup.crossfire.gen, realtek, registry, scan, security, svchost.exe, teamspeak, trojan.phex.thagen, trojan.phex.thagen9, usb, wma |
Linear-Darstellung
