Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ibvuy.exe und eweb.exe Malware?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.03.2013, 13:39   #1
g1ve
 
ibvuy.exe und eweb.exe Malware? - Standard

ibvuy.exe und eweb.exe Malware?



Seit einiger Zeit reagiert mein PC langsamer und er brauch auch länger beim Starten.
Dann hab ich in der Systemkonfiguration gesehehn das diese beiden Dateien gestartet werden.

hxxp://s7.directupload.net/file/d/3206/dddvkzse_png.htm

Ich habe Malwarebytes installiert und durchlaufen lassen. Nachdem Scan und dem Fund von 5 Dateien habe ich einen Pc-Neustart getätigt und danach startete mein Windows garnicht mehr, erst nachdem ich im abgesichterten Modus Malwarebytes deinstallierte ging es wieder.

defogger_disable:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:45 on 26/03/2013 (Andrej)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26/03/2013 13:51:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andrej\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
8,00 Gb Total Physical Memory | 6,57 Gb Available Physical Memory | 82,13% Memory free
15,99 Gb Paging File | 14,48 Gb Available in Paging File | 90,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 41,22 Gb Free Space | 13,83% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 71,50 Mb Free Space | 71,50% Space Free | Partition Type: NTFS
Drive F: | 931,41 Gb Total Space | 575,70 Gb Free Space | 61,81% Space Free | Partition Type: NTFS
 
Computer Name: ANDREJ-PC | User Name: Andrej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/26 13:51:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrej\Desktop\OTL.exe
PRC - [2013/03/06 16:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/02/22 16:16:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/02/22 16:16:12 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/02/22 16:16:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/02/15 15:08:44 | 003,818,264 | ---- | M] () -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/01/19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2010/01/06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) -- C:\Windows\SysWOW64\fsproflt.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/04/06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 20:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/13 19:52:13 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 23:09:18 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/06 16:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/02/22 16:16:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/02/22 16:16:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/15 15:08:44 | 003,818,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/01/19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/03/28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)
SRV - [2009/08/10 15:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/08/10 15:01:04 | 000,626,208 | ---- | M] () [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/02/22 16:16:41 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/02/22 16:16:41 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/02/22 16:16:40 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/02/12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/10/10 04:13:34 | 000,025,600 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
DRV:64bit: - [2012/10/10 04:13:32 | 000,023,040 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
DRV:64bit: - [2012/09/19 09:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/19 09:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/09/18 07:21:54 | 000,112,640 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/25 08:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 08:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/18 22:42:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/12 16:12:01 | 000,136,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv05.sys -- (acedrv05)
DRV:64bit: - [2010/08/12 13:10:24 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2010/08/12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/07/22 17:13:28 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2010/07/13 15:12:28 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/07/13 15:12:27 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/06/27 10:59:19 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/06/25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/03/23 15:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/21 20:50:00 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009/11/01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 08:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/08/23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/08/10 14:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB)
DRV:64bit: - [2009/07/16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 13:34:54 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029unic.sys -- (s1029unic)
DRV:64bit: - [2009/05/25 13:34:54 | 000,139,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mgmt.sys -- (s1029mgmt)
DRV:64bit: - [2009/05/25 13:34:54 | 000,135,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029obex.sys -- (s1029obex)
DRV:64bit: - [2009/05/25 13:34:52 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mdm.sys -- (s1029mdm)
DRV:64bit: - [2009/05/25 13:34:52 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029nd5.sys -- (s1029nd5)
DRV:64bit: - [2009/05/25 13:34:50 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV:64bit: - [2009/05/25 13:34:48 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1029bus.sys -- (s1029bus)
DRV:64bit: - [2006/11/09 21:46:14 | 000,007,040 | ---- | M] (SweetLow) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf)
DRV:64bit: - [2005/11/07 13:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow)
DRV - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=cd79cd0e-fb8e-47d6-9eae-0773b5f10328&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 9E 97 FA 78 05 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=cd79cd0e-fb8e-47d6-9eae-0773b5f10328&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: zigboom%40hotmail.com:2.0.8
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/12 19:53:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/12 19:53:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 23:09:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 23:09:17 | 000,000,000 | ---D | M]
 
[2010/05/27 16:39:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrej\AppData\Roaming\mozilla\Extensions
[2013/03/25 11:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\hr6ei54z.default-1364161199406\extensions
[2013/03/25 11:01:56 | 000,000,000 | ---D | M] (BlackFox V2) -- C:\Users\Andrej\AppData\Roaming\mozilla\Firefox\Profiles\hr6ei54z.default-1364161199406\extensions\zigboom@hotmail.com
[2013/03/24 22:41:16 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Andrej\AppData\Roaming\mozilla\firefox\profiles\hr6ei54z.default-1364161199406\extensions\elemhidehelper@adblockplus.org.xpi
[2013/03/24 23:01:46 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Andrej\AppData\Roaming\mozilla\firefox\profiles\hr6ei54z.default-1364161199406\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/08 23:09:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 23:09:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/01/07 00:51:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/09/06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/09/06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/09/06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/09/04 23:22:54 | 000,417,891 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14417 more lines...
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.225 83.169.184.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14B5B853-EC60-41EA-9EA2-727F82695BCA}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DF2D8DC-9B12-4FF1-9251-F57E57767C57}: DhcpNameServer = 83.169.184.225 83.169.184.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97B0C724-273D-4CC5-AF8C-15CE480C9E4E}: DhcpNameServer = 83.169.184.225 83.169.184.161
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7a3b2496-6fa4-11e2-ab3a-5404a6b492c4}\Shell - "" = AutoRun
O33 - MountPoints2\{7a3b2496-6fa4-11e2-ab3a-5404a6b492c4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{8681c649-69ab-11df-b0f7-00248cc1b80b}\Shell - "" = AutoRun
O33 - MountPoints2\{8681c649-69ab-11df-b0f7-00248cc1b80b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f1baf590-81d2-11df-a38a-00248cc1b80b}\Shell - "" = AutoRun
O33 - MountPoints2\{f1baf590-81d2-11df-a38a-00248cc1b80b}\Shell\AutoRun\command - "" = H:\hmh-nfsmw.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/26 13:51:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andrej\Desktop\OTL.exe
[2013/03/25 11:10:25 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\Malwarebytes
[2013/03/25 11:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/25 11:10:06 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Local\Programs
[2013/03/24 18:50:03 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\Wougux
[2013/03/24 18:50:03 | 000,000,000 | ---D | C] -- C:\Users\Andrej\AppData\Roaming\Avni
[2013/03/16 15:05:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/03/16 15:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/16 15:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/14 21:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2013/03/14 21:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/03/14 21:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/03/13 17:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/13 17:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 17:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/08 23:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/06 20:24:36 | 000,000,000 | ---D | C] -- C:\Users\Andrej\Desktop\Bewerbung
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/26 13:52:38 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/26 13:52:38 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/26 13:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/26 13:51:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrej\Desktop\OTL.exe
[2013/03/26 13:47:26 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/03/26 13:47:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/26 13:47:16 | 2145,951,743 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/26 13:45:56 | 000,000,020 | ---- | M] () -- C:\Users\Andrej\defogger_reenable
[2013/03/26 13:45:03 | 000,050,477 | ---- | M] () -- C:\Users\Andrej\Desktop\Defogger.exe
[2013/03/25 17:47:48 | 000,168,495 | ---- | M] () -- C:\Users\Andrej\Desktop\bookmarks.html
[2013/03/14 15:15:25 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/14 15:15:25 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/14 15:15:24 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/14 15:15:24 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/03/14 15:15:24 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/26 13:45:56 | 000,000,020 | ---- | C] () -- C:\Users\Andrej\defogger_reenable
[2013/03/26 13:45:03 | 000,050,477 | ---- | C] () -- C:\Users\Andrej\Desktop\Defogger.exe
[2013/03/25 17:47:48 | 000,168,495 | ---- | C] () -- C:\Users\Andrej\Desktop\bookmarks.html
[2012/11/08 21:31:55 | 000,003,987 | ---- | C] () -- C:\Users\Andrej\AppData\Local\recently-used.xbel
[2012/08/13 22:22:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012/06/24 14:55:41 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/06 12:57:14 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2012/05/03 03:55:52 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/03/09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/06 20:46:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/01/06 20:46:01 | 000,042,494 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/11/27 16:05:55 | 000,043,196 | ---- | C] () -- C:\Users\Andrej\Yu-Gi-Oh! - Worldwide Edition.sgm
[2011/11/27 14:22:33 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/12 19:07:58 | 000,252,680 | ---- | C] () -- C:\Windows\UTP.exe
[2010/12/01 20:41:34 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/18 12:44:19 | 000,000,000 | ---- | C] () -- C:\Users\Andrej\AppData\Roaming\chrtmp
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/02/18 17:16:08 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\aicon
[2010/07/18 11:23:31 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Atari
[2011/02/13 21:55:23 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Audacity
[2013/03/25 11:00:28 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Avni
[2010/06/27 11:04:01 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\DAEMON Tools Lite
[2012/09/22 17:12:06 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\DVDVideoSoft
[2011/07/17 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/01/10 16:30:18 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Foxit Software
[2010/08/24 11:51:54 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\GHISLER
[2013/02/10 18:43:49 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\HLSW
[2012/07/15 21:58:15 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\HTC
[2012/07/15 22:12:00 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/08/16 21:45:33 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\HWM BlackBox
[2012/08/16 21:41:30 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\ICQ
[2012/02/26 00:25:01 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Ilohot
[2010/06/14 18:31:48 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\ImgBurn
[2012/02/21 20:02:50 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Leadertech
[2010/12/12 19:53:23 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Local
[2011/12/18 22:37:41 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Octoshape
[2012/05/29 18:45:38 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\OpenCandy
[2010/06/08 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\OpenOffice.org
[2012/02/19 13:04:09 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Piumle
[2010/10/26 18:59:06 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Razer
[2011/05/12 19:38:21 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Stardock
[2011/05/13 14:59:56 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Stealth Software
[2012/01/27 14:41:20 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\TeamViewer
[2012/05/06 12:57:58 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Tobit
[2013/03/24 15:08:10 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\TS3Client
[2010/11/15 16:35:27 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Win32
[2013/03/24 18:50:03 | 000,000,000 | ---D | M] -- C:\Users\Andrej\AppData\Roaming\Wougux
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


ExtrasOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26/03/2013 13:51:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andrej\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
8,00 Gb Total Physical Memory | 6,57 Gb Available Physical Memory | 82,13% Memory free
15,99 Gb Paging File | 14,48 Gb Available in Paging File | 90,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 41,22 Gb Free Space | 13,83% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 71,50 Mb Free Space | 71,50% Space Free | Partition Type: NTFS
Drive F: | 931,41 Gb Total Space | 575,70 Gb Free Space | 61,81% Space Free | Partition Type: NTFS
 
Computer Name: ANDREJ-PC | User Name: Andrej | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0146AA3B-4851-4EB6-B545-DFD273108095}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{089040FD-BA2B-4290-9140-3B838562FE7D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1700D58A-FEB2-465E-9FF4-CF4C3CAA54A2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{208B09EB-24F0-4B65-8F31-7BCDBCC910A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{24771750-E250-4F01-A39F-8A95C96FF5BE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2FDF0D92-F304-47F2-8EDA-99B3B85779A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{31A294C3-C868-4599-8768-667152DBC8BC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3B380710-683C-42B5-98CE-691C82DF112D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3EE749DC-E196-4CCA-AAC1-A768CE77E8E3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{475CC909-411C-495F-B19D-76AF5069C0F8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4BFC6D6B-3A10-4BE7-97CA-0A85F6A8354E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4DBF3182-B424-4681-B57A-A4483B0DBE8F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4DCDD14C-26DB-480D-86C1-A7AEE24A648D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5DF258F7-2122-4292-949F-C5E393BF5A54}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6AC7641D-20FE-46D1-BDDB-E966EC02FC26}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{77F7B876-A239-42D8-BE7B-E8B7A8757FAE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{83EAD9C1-3992-4A55-9726-0094C9576CED}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9B38A85C-A918-40A8-BE5F-47F3CC06535F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B1009525-1C5B-4B6C-9B8B-6E1F6DBEAD00}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BD538488-3DFC-4D49-90B4-A5A243C911ED}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C1D02D2B-1D36-4CE9-A6C8-A0B5B6F26BB4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C484147E-4065-4B33-A23E-EC57C712A41C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C4EE987C-2A8E-4123-983B-E86BDEF6F75E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D3F18D53-3296-4E48-A546-100DD3230F8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D7A75608-3E58-4498-BCC3-587E2126DAC6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E121F759-1BA4-4EB0-8A00-7D6FFAD44794}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E243EBB4-E378-4B1B-967D-579467098A09}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E8B44B36-CF0F-4169-9095-F0B802B77179}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ED5F6D90-D54F-468D-BA1B-24289B7E6C81}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EEBC304C-C515-4F7E-9DF0-F3414A96CEEA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EEF6014F-3C49-48B7-A13F-84E2E6A5BF75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F389156F-D806-43C8-914B-8F1CCD2C646E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F68D0637-ABBD-45D3-B95F-2E246310B081}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005F4348-12E9-495E-B6BD-8D47D4314EFF}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{03A1A6E2-D2E9-4D84-80F7-6E97E22E095C}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\condition zero\hl.exe | 
"{070D73AD-5478-4B36-A3AE-FBB915F244E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0EA75D09-4B47-47EF-A921-0AC17B418A38}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"{10B0C5AB-5F6E-46F1-B01A-5639CE7F8F4A}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{111D0D3D-D273-4328-B7A4-9B6633A38EFD}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"{121B45F9-4CA1-492E-AAE4-8616C232D1C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{12962FE0-B04C-48E2-9B8C-E638BC938B4E}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike\hl.exe | 
"{13D6FF26-E9A7-4C0F-B8DB-CF47434C64C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{13F75D61-BD4D-4E3B-BBDC-339E133023AC}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe | 
"{16FCF791-C3A8-4CD3-A76F-0AAD834DB711}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\source sdk base 2007\hl2.exe | 
"{1C5B01A3-88F9-4C64-8B5A-DDC209E06250}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{1C6CD356-7BBF-4B36-A583-A5A708A34AFF}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\half-life\hl.exe | 
"{1DC3C972-CF92-4D7B-9BC2-3EBC1D87B258}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{21133D76-B4F5-423D-AD57-1D3935F7EEB8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{246A065D-6307-4E72-897D-63C20B2AC907}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{2526D6F6-3110-44EA-86D4-122587166DCE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{255E3D61-C577-405A-9143-65D55D55A13E}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike\hl.exe | 
"{2BB958C7-6C5F-4904-99D8-C8DC56667555}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{30A881DF-467E-44C8-A5EA-06D874E6DF48}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike source\hl2.exe | 
"{34FC279A-9FAB-4A39-A3FF-37340F9CAA47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{38728CB5-FF99-4212-9514-B18E9B8A119A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{394B62F7-046C-4A97-8E79-88CCA17D3A96}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\source sdk base 2007\hl2.exe | 
"{3BFE33AC-B837-467D-9713-E6AB9C17C30E}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{3E8A75A9-A4A6-4DC2-ACF0-A4B3CD30291B}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe | 
"{3FE68242-DCD9-4993-8DE4-36152D0EF812}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40EDC956-2569-4266-B579-7F7825E22E0C}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike source\hl2.exe | 
"{434AD24F-1EFA-401B-91A2-DE44E1559734}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4681C7BD-573B-4779-9DDA-85D8F1757913}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\medal of honor beta\mohmpgame.exe | 
"{480FB7FF-84EE-4386-ABD2-13004D18D595}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{486AAE20-D36C-4863-82DE-F5E6C1BFB1BD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{49D48860-826A-4079-AF7F-D024749BF00E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{4D046F82-76E5-46B4-B26A-7C96F6F55AD9}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\condition zero\hl.exe | 
"{4D548E84-D97F-407F-9940-43B1F6C0DDD7}" = protocol=17 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe | 
"{50799525-4E08-40D6-BAF1-ACE9466C22CA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{53C871DD-B900-4254-9B89-E46D27CFBF71}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{54E6A3D3-7A38-4457-9068-7318483FF900}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{55803014-18DF-4F61-8E3E-B79CA2FC61C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{579CFFF9-CF5E-4BD3-83E0-D5A505127CE3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{58E39BA5-4A05-4543-B42D-438F89D58909}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{5CBC8DF7-66FC-4FB4-944A-7DB78D97EEC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5E36D6D4-F1CE-4ECE-9D9B-5CD967FB1290}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6236E00A-3154-4AC4-A5CB-1921A1CC0407}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\condition zero\hl.exe | 
"{647BE906-0AD6-4AB9-A896-4A0EC6EFE7C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{656D500B-8797-43FB-8AB5-C43FEB34367E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{66263884-18FA-4AC3-85EB-33F2775BE4EB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{67706A32-62FD-4F19-B09B-C6197F5CA824}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{6C16D304-B4BB-4703-A55D-2B43A41B5D18}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6C7DB246-5AE4-4F20-98A6-3920B8768465}" = protocol=1 | dir=in | name=hlsw icmp | 
"{6CFC16B0-7149-46E8-B3A5-E064BF675FF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{71127F82-E90C-4A1D-96C0-C7CC3AA674A2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{715A2D24-D9F7-4515-A21E-847E699D7113}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72201D0A-9F9B-49EF-80E0-A81B77036672}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{725615DB-E253-4017-9EA8-5F41AE94F31F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{72601D2F-6BA5-4C03-9AC8-53D31579A56B}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"{76E7DCF5-906A-4F2F-BABA-8BBD06E42545}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{77C5EEAD-00D6-43F8-BFD5-D80C1CD6072F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{79BE81E5-5BA3-4FA4-94B9-D09CCCC22723}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\medal of honor beta\mohmpgame.exe | 
"{7B13F615-D41A-4B60-958A-48D35EE749AE}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{7DF380B3-D969-4B87-B611-7CBBEA3C18FA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{809C5965-7A84-4FBD-A090-0156C68B2882}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{81D3D7B8-67BC-4485-9CC3-A6D2575C993A}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\half-life\hl.exe | 
"{835178FD-8AB2-4431-AFB0-4DF2E5C4D9AC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{854F2533-B95A-4ACE-B501-B026B5C1874C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe | 
"{860071F2-1BA0-4831-ABBB-8FC189995D9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{86025FBD-5641-424A-8B38-886A7EEFA13B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{869204D2-6994-4633-97F8-04375DF6A1B7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{88071445-ADFD-4808-86B6-DA5F815992EA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8A858C15-D6AE-4189-933E-E2A3772C41DF}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{8C1F838C-9C6E-49E6-B994-025A6229DC34}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{8E482589-D6F9-474B-B6B8-024ABE128C34}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike\hl.exe | 
"{96C42CB9-3149-4899-84B1-38E76E22421C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9AAE819F-BF83-468D-BEF6-6346CCE69AD8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{9B457217-16EA-49DA-A66E-2F22E8C4D8FB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{9D8ADE70-8157-4273-BB66-CE5B476A8CF3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A1E56241-0317-4C23-BE62-BBC254D42208}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe | 
"{A2F4B9A1-9D6D-45D2-9026-7DDF6AB3990F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{A3050FE8-7FF5-4930-84C9-DAD2BA921C22}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{ABF45638-F61C-446D-98D3-8AFFED1D62CD}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike\hl.exe | 
"{AC30B197-6DD1-4594-A7F9-877C4E4638ED}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ADA43E1C-C34C-4ACE-BF65-27E9DDF90509}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\medal of honor beta\support\ea help\electronic_arts_technical_support.htm | 
"{B5CE7F8B-A91F-426E-8BE5-D06BF3F49AD7}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{B717AE30-3EC7-47D6-B948-74D376819CF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BF71DF4A-E676-4564-9099-074B7F99A730}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{C19EBEA3-122F-4A4E-97B3-C65599AA8096}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike source\hl2.exe | 
"{C4F38411-B9A1-4557-81D0-37BCB210CB9D}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"{CC642A53-13F1-4319-82BA-BE5ACD302D22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe | 
"{CD687EA2-EB6C-4947-88F1-8F59643A385A}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\medal of honor beta\support\ea help\electronic_arts_technical_support.htm | 
"{CEE0DBAA-C0E5-4A88-AF2E-3B69155B2435}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D52B62A6-2870-4327-8AA7-814CD803C5B7}" = protocol=6 | dir=out | app=system | 
"{D6DCBB25-02B8-49F3-BE37-027E3F1E0E59}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{DA641CA2-A0E6-4C6D-B7D7-298184587F5F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DB645E56-D333-43CB-85E9-B21FD22D1C9A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DBE177A7-0E29-49CB-84D9-634814A1C262}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DDC5BE4A-56C6-4F22-8C6A-3C7FFA964186}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E1718C76-028F-4CE2-B75B-5E10A4281217}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\condition zero\hl.exe | 
"{E2789AF5-A79E-472D-9749-3D1CD821C87B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E284B53E-85C2-4B99-95E9-AC7D29EE3247}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E533375A-88E5-4406-8BC6-A748318695A5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E8A81073-A4DB-4FA4-BB43-16D45F6DBA43}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\thesuhlerking\counter-strike source\hl2.exe | 
"{E91D5E3A-9D1A-4415-89D0-B628D4B0D14E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F0AF31D1-7700-47C3-A533-A8D001818BDC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{F48DDDD7-11DD-4763-A11C-11986309FA44}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"{F6261194-1499-4355-9CA4-B44E5A989049}" = protocol=6 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe | 
"{F671DEE4-A170-429D-BCF9-FD1D72D9F61D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F7F8D929-0408-4129-B92F-7610681B147A}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{FA780519-8BB4-448F-9BD1-732B1B2DF72B}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe | 
"{FB4FD126-9F58-4264-8CE4-E76A8B220CA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe | 
"TCP Query User{42E7B0EF-FC21-42F6-A48B-8D8C3E5DA601}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{4C4F4472-FD27-43FD-8A28-66BED1820D96}F:\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=f:\dishonored\binaries\win32\dishonored.exe | 
"TCP Query User{54F29303-4280-4E57-972B-E943694F92B2}F:\need for speed most wanted\nfs13.exe" = protocol=6 | dir=in | app=f:\need for speed most wanted\nfs13.exe | 
"TCP Query User{5AE45675-9964-4D71-98BD-B961C0F2F844}C:\program files (x86)\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
"TCP Query User{60808808-A747-45FE-B839-CA1BE43757B1}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"TCP Query User{610E21FF-E784-4872-9FA2-F403C15EC252}C:\users\andrej\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\andrej\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{6D5FF3D3-9108-4664-A1C2-F10721C7909E}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{6D8CD361-F685-4B0C-B937-427DD593680D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{72D7CF61-139E-46FB-A754-6822D1965EC6}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | 
"TCP Query User{7B173009-F956-47BC-AA69-BFC9563D8607}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{8B67A1A3-7AA0-4F11-8F8B-63596D0A654E}C:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe | 
"TCP Query User{BC498C4E-865D-4D52-B662-8226101AA9AE}C:\users\andrej\appdata\roaming\exka\ibvuy.exe" = protocol=6 | dir=in | app=c:\users\andrej\appdata\roaming\exka\ibvuy.exe | 
"TCP Query User{CCDA4921-649E-4E4C-8AE2-F6B205779D6A}C:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe | 
"TCP Query User{CF84C10A-AF82-4C4E-9792-D70916882265}C:\program files (x86)\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2.bin | 
"TCP Query User{D130BFB0-4BB7-400C-B2A7-88C321941E95}C:\users\andrej\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\andrej\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{DD7E8AE6-A885-4019-B460-A74A0627BC3F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{E368B8F3-39B3-4475-9709-DE0B075029B4}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{EE6F9846-BB6F-4942-A89A-8B6D7208A594}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{F02D396F-5CF5-4F44-8B1F-B71B5B6540A2}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{1F58D303-6C5E-4131-9E57-ED4C975C784B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{29139236-53EE-40C8-991A-83ABB1AD75F5}C:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe | 
"UDP Query User{2CD4AAF1-3D21-45B3-B831-FB2E5D9D4E25}F:\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=f:\dishonored\binaries\win32\dishonored.exe | 
"UDP Query User{2DCBA9DE-4592-4B25-9466-3CB2F2935048}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | 
"UDP Query User{528065DB-7B6D-45DC-A850-72AFE1B67D20}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"UDP Query User{52F0FA4C-EBC1-4261-B37D-265199E942A6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{56087845-8CC4-4514-A62C-55FF85CAEE1C}C:\program files (x86)\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2.bin | 
"UDP Query User{619E3064-0BB0-4301-987F-E70A5935F4F7}C:\users\andrej\appdata\roaming\exka\ibvuy.exe" = protocol=17 | dir=in | app=c:\users\andrej\appdata\roaming\exka\ibvuy.exe | 
"UDP Query User{61EC3480-6AF1-4CA6-9A64-C326859898A1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{77246D0C-3E19-4B1E-B8AD-2EEC5AAE8244}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{7A7B80B3-6BBE-4D00-A876-6E5739AB1A30}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{8723E879-8EE1-46FF-9AA7-294C5958F193}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | 
"UDP Query User{9A571029-C236-493B-BCA3-1E142AAD053F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{E56E4853-6B06-45F7-9D8D-B6023B366851}C:\users\andrej\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\andrej\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{E64C0F07-38A9-4C93-8CE8-4030F8330457}C:\users\andrej\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\andrej\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{EE6AC2C0-7874-4CF1-9A9F-BEEFCB3931EF}C:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe | 
"UDP Query User{F8FE8046-F076-4B28-877D-80B591BF8ADF}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{FBAACC04-8C98-4BBB-805D-F0060BFA57D9}F:\need for speed most wanted\nfs13.exe" = protocol=17 | dir=in | app=f:\need for speed most wanted\nfs13.exe | 
"UDP Query User{FC4671C8-8A80-4DB9-8E28-CF93170F1897}C:\program files (x86)\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In 
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"My Lockbox_is1" = My Lockbox 2.9.7
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta_is1" = Audacity 1.3.12
"Avira AntiVir Desktop" = Avira Free Antivirus
"conduitEngine" = Conduit Engine 
"Dishonored_is1" = Dishonored
"DivX Setup.divx.com" = DivX-Setup
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"HLSW_is1" = HLSW v1.4.0.2
"ImgBurn" = ImgBurn
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.0 (Basic)
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 10" = Counter-Strike
"Steam App 80" = Counter-Strike: Condition Zero
"TeamViewer 7" = TeamViewer 7
"TeamViewer 8" = TeamViewer 8
"Theme Manager (Free)" = Theme Manager (Free)
"Tobit Radio.fx Server" = Radio.fx
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24/03/2013 17:16:06 | Computer Name = Andrej-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d14    Startzeit: 
01ce28d4a962d192    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 0717e80d-94c8-11e2-8ce5-5404a6b492c4  
 
Error - 24/03/2013 17:39:09 | Computer Name = Andrej-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 52c    Startzeit: 
01ce28d7ea25512d    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 406623a2-94cb-11e2-8ce5-5404a6b492c4  
 
Error - 24/03/2013 17:55:14 | Computer Name = Andrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x75c  Startzeit der fehlerhaften Anwendung: 0x01ce28ced0579f75
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 812ded31-94cd-11e2-8ce5-5404a6b492c4
 
Error - 24/03/2013 18:24:08 | Computer Name = Andrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x754  Startzeit der fehlerhaften Anwendung: 0x01ce28da7444479d
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 8aad77e4-94d1-11e2-a7d2-5404a6b492c4
 
Error - 25/03/2013 06:35:15 | Computer Name = Andrej-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25/03/2013 08:24:48 | Computer Name = Andrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x754  Startzeit der fehlerhaften Anwendung: 0x01ce293d5bb1e68e
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 fb3f7089-9546-11e2-9896-5404a6b492c4
 
Error - 25/03/2013 12:45:46 | Computer Name = Andrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814,
 Zeitstempel: 0x5138a1d3  Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814,
 Zeitstempel: 0x5138a0ed  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00172818  ID des fehlerhaften
 Prozesses: 0x1228  Startzeit der fehlerhaften Anwendung: 0x01ce2977c5b45648  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 70404638-956b-11e2-9c51-5404a6b492c4
 
Error - 25/03/2013 14:24:06 | Computer Name = Andrej-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 25/03/2013 16:05:45 | Computer Name = Andrej-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4f7e4d8c  Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
 Zeitstempel: 0x4f55e10b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000033c1
ID
 des fehlerhaften Prozesses: 0x714  Startzeit der fehlerhaften Anwendung: 0x01ce297767419582
Pfad
 der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
Berichtskennung:
 605c1ce9-9587-11e2-9c51-5404a6b492c4
 
Error - 25/03/2013 17:22:25 | Computer Name = Andrej-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 25/03/2013 16:19:46 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25/03/2013 16:19:46 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25/03/2013 16:19:46 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25/03/2013 16:19:46 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25/03/2013 16:19:48 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25/03/2013 16:19:48 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25/03/2013 16:19:48 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25/03/2013 16:21:35 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv05
 
Error - 26/03/2013 08:12:08 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv05
 
Error - 26/03/2013 08:47:54 | Computer Name = Andrej-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv05
 
 
< End of report >
         
--- --- ---

Gmer

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-26 14:24:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320820AS rev.3.AAD 298,09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Andrej\AppData\Local\Temp\ugdiqpob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076991465 2 bytes [99, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000769914bb 2 bytes [99, 76]
.text  ...                                                                                                                              * 2
.text  C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[1996] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter   00000000765c87b1 5 bytes JMP 000000010065e3e0
.text  C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        0000000076991465 2 bytes [99, 76]
.text  C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe[1996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155       00000000769914bb 2 bytes [99, 76]
.text  ...                                                                                                                              * 2
.text  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2552] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69      0000000076991465 2 bytes [99, 76]
.text  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2552] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155     00000000769914bb 2 bytes [99, 76]
.text  ...                                                                                                                              * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                              C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                              0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                              0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                           0x3A 0x03 0x7C 0xA2 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                        
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                     0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                  0x90 0x98 0x5C 0x4D ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                             0x92 0x3E 0x42 0x37 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                             
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                  C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                  0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                  0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                               0x3A 0x03 0x7C 0xA2 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                    
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                         0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                      0x90 0x98 0x5C 0x4D ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)               
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                 0x92 0x3E 0x42 0x37 ...

---- EOF - GMER 2.1 ----
         
--- --- ---

Geändert von g1ve (26.03.2013 um 13:55 Uhr) Grund: Änderung

Alt 26.03.2013, 15:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ibvuy.exe und eweb.exe Malware? - Standard

ibvuy.exe und eweb.exe Malware?



Hallo und

Zitat:
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 26.03.2013, 18:04   #3
g1ve
 
ibvuy.exe und eweb.exe Malware? - Standard

ibvuy.exe und eweb.exe Malware?



Eigentlich hab ich mir nichts dabei gedacht mit der Windows-Version, mir wurde das damals so empfohlen und fertig.

Malware

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.25.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Andrej :: ANDREJ-PC [Administrator]

Schutz: Aktiviert

25/03/2013 21:12:48
mbam-log-2013-03-25 (21-12-48).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212361
Laufzeit: 2 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Avira Log

Code:
ATTFilter
Die Datei 'C:\Users\Andrej\AppData\Local\Temp\tmp3b681154\234.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Zbot.73728.247' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59983d01.qua' verschoben!

In der Datei 'C:\Users\Andrej\AppData\Local\Temp\tmp3b681154\234.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Zbot.73728.247' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
         
__________________

Alt 26.03.2013, 21:49   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ibvuy.exe und eweb.exe Malware? - Standard

ibvuy.exe und eweb.exe Malware?



Zitat:
mir wurde das damals so empfohlen und fertig.
Das finde ich als Erklärung etwas dürftig. Warum wurde das von wem empfohlen, warum brauchst du als als privater Anwender oder bist du kein reiner privater Anwender?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.03.2013, 11:43   #5
g1ve
 
ibvuy.exe und eweb.exe Malware? - Standard

ibvuy.exe und eweb.exe Malware?



Doch ich hab privater Anwender aber als mir mein PC Zusammengestellt wurde hatte man mir gesagt mit 8Gb Arbeitsspeicher bräuchte man das. Abgesehen davon tut das irgendwas zur Sache meines Problems?


Alt 27.03.2013, 15:06   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ibvuy.exe und eweb.exe Malware? - Standard

ibvuy.exe und eweb.exe Malware?



Nun beantworte bitte die Fragen. Nach der Größe des Arbeitsspeichers hab ich nicht gefragt, ich wollte wissen warum du eine ultimate edition hast und warum du diese brauchst - es sei denn du nutzt diese Kiste nicht nur rein privat.

Wer hat dir diese Edition aufgeschwatzt? Nur um 8 GB RAM nutzen zu können braucht man kein ultimate. Entscheidend ist 32 oder 64 bit
__________________
--> ibvuy.exe und eweb.exe Malware?

Antwort

Themen zu ibvuy.exe und eweb.exe Malware?
acedrv05.sys, antivir, application/pdf:, avg, avira, bho, black, converter, error, firefox, flash player, format, install.exe, jdownloader, logfile, malware, metin2, mozilla, mp3, realtek, registry, required, richtlinie, rundll, safer networking, scan, security, server, software, svchost.exe, teamspeak, udp, usb, windows



Ähnliche Themen: ibvuy.exe und eweb.exe Malware?


  1. Unistall-Vo-package (Malware/Virus?) bei Win7 64 bit /Malware-Adware gelöscht -Danke!
    Lob, Kritik und Wünsche - 06.07.2014 (1)
  2. GDATA und Malware Bytes Anti Malware Premium sinnvoll
    Antiviren-, Firewall- und andere Schutzprogramme - 20.06.2014 (1)
  3. Win7, firefox startet nicht, Malware laut Malwarebytes Anti-Malware, Security.Hijack
    Log-Analyse und Auswertung - 30.03.2014 (9)
  4. Malware Anti-Malware Scan meldet: pup.optional.opencandy
    Log-Analyse und Auswertung - 06.03.2014 (15)
  5. Trojaner und Malware auf meinem Laptop! Malwarebytes Anti-Malware hat 733 aufgespuert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (19)
  6. malware: antivirus security pro -anty-malware lässt sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 03.10.2013 (15)
  7. Malware trotz OS X Internet Reccovery - VM Malware? Ubuntu in EFI ? Win7 im gleichen Netz infiziert
    Alles rund um Mac OSX & Linux - 26.06.2013 (5)
  8. Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (14)
  9. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  10. OpenCandy [Malware] auf dem Rechner, aber Anti-Malware Programme finden keine Bedrohung.
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (5)
  11. Virus/Malware verhindert Installation/Start jeglicher Anti-Malware/Virusprogramme
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (17)
  12. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  13. Malware Spyware.passwords.xgen durch Malwarebyte Anti-Malware erkannt.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (50)
  14. Rätselhafter Mailversand - Malware.Packer.Gen, Trojan.Patched und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (25)
  15. Malware, die Google-Suche betrifft und Malware-Entfernungsprogramme blockiert
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (2)
  16. Kann Malware nicht löschen! Trojan.Agent und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 18.06.2010 (19)
  17. werde Malware nicht los z.B. HEUR/HTML.Malware [heuristic
    Log-Analyse und Auswertung - 31.03.2010 (10)

Zum Thema ibvuy.exe und eweb.exe Malware? - Seit einiger Zeit reagiert mein PC langsamer und er brauch auch länger beim Starten. Dann hab ich in der Systemkonfiguration gesehehn das diese beiden Dateien gestartet werden. hxxp://s7.directupload.net/file/d/3206/dddvkzse_png.htm Ich habe - ibvuy.exe und eweb.exe Malware?...
Archiv
Du betrachtest: ibvuy.exe und eweb.exe Malware? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.