Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win7 mit GVU-Trojaner 2.07 infiziert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 20.07.2012, 05:50   #1
UdoAssus
 
Win7 mit GVU-Trojaner 2.07 infiziert - Standard

Win7 mit GVU-Trojaner 2.07 infiziert



Guten Tag.

Vor ein paar Stunden erschien plötzlich dieser Bildschirm: https://www.bsi-fuer-buerger.de/SharedDocs/Bilder/DE/BSIFB/Schadprogramme/GVU-BSI-Trojaner-Webcam.jpg?__blob=poster&v=3

Wenn ich nicht irre, handelt es sich dabei um den GVU-Trojaner Version 2.07.
Durch einen Druck auf den On/Off-Knopf meines PC (sicher nicht die eleganteste Lösung ) und anschließendem Abbruch des Herunterfahrens ließ sich das Fenster schließen und der PC wieder voll nutzen. Ich habe ihn seitdem nicht heruntergefahren, da andere User über Komplikationen beim Hochfahren infolge des Virus berichten. Jedenfalls habe ich mit anschließend ähnliche Threads durchgelesen und infolge dessen bereits mit Malwarebytes Anti-Malware einen Scan durchgeführt mit diesem Ergebnis:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.19.15

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
***  :: ***-PC [Administrator]

20.07.2012 02:24:35
mbam-log-2012-07-20 (02-24-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 602905
Laufzeit: 2 Stunde(n), 30 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Local\Temp\toip0_tmp.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
         
Ich habe beide Dateien löschen lassen und daraufhin einen Scan mit Oldtimer durchgeführt. Ergebnis:
Code:
ATTFilter
OTL logfile created on: 20.07.2012 05:10:57 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Yannik\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 44,89% Memory free
6,50 Gb Paging File | 4,19 Gb Available in Paging File | 64,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 37,05 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
Drive F: | 455,99 Gb Total Space | 155,22 Gb Free Space | 34,04% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software)
PRC - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Mumble\murmur.exe (Thorvald Natvig)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Wippien\Wippien.exe ()
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Programme\Steam\bin\libcef.dll ()
MOD - C:\Programme\Steam\bin\chromehtml.dll ()
MOD - C:\Programme\Steam\bin\avutil-51.dll ()
MOD - C:\Programme\Steam\bin\avformat-53.dll ()
MOD - C:\Programme\Steam\bin\avcodec-53.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Programme\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Programme\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Programme\Wippien\Wippien.exe ()
MOD - C:\Programme\Mumble\mumble_ol.dll ()
MOD - C:\Programme\Mumble\libprotobuf.dll ()
MOD - C:\Programme\Mumble\QtPlugins\imageformats\qtiff4.dll ()
MOD - C:\Programme\Mumble\QtPlugins\imageformats\qsvg4.dll ()
MOD - C:\Programme\Mumble\QtPlugins\imageformats\qmng4.dll ()
MOD - C:\Programme\Mumble\QtPlugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Mumble\QtPlugins\imageformats\qico4.dll ()
MOD - C:\Programme\Mumble\QtPlugins\imageformats\qgif4.dll ()
MOD - C:\Programme\Mumble\QtGui4.dll ()
MOD - C:\Programme\Mumble\QtNetwork4.dll ()
MOD - C:\Programme\Mumble\QtSvg4.dll ()
MOD - C:\Programme\Mumble\QtSql4.dll ()
MOD - C:\Programme\Mumble\QtXml4.dll ()
MOD - C:\Programme\Mumble\QtCore4.dll ()
MOD - C:\Programme\Mumble\libmysql.dll ()
MOD - C:\Programme\Mumble\bzip2.dll ()
MOD - C:\Programme\Mumble\zlib1.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Wippien\Emoticon.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (gupdatem) Google Update-Dienst (gupdatem) -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found
SRV - (gupdate) Google Update-Dienst (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ononxabo) -- C:\Windows\System32\drivers\lmtguo.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (wod0205) -- C:\Windows\System32\drivers\wod0205.sys (WeOnlyDo Software)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (Spyder2) -- C:\Windows\System32\drivers\Spyder2.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 58 71 D6 06 66 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.07.17 11:51:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.02 14:57:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.09 23:43:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2012.01.30 17:11:36 | 000,000,000 | ---D | M]
 
[2011.08.19 21:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.08.19 21:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\Yannik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yannik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9672DFD6-FCB2-45E2-926A-0AEAE31E9D0A}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCF5641D-53E8-47DC-BA5B-D83B0EBF0C36}: NameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.20 05:07:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.20 02:24:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.07.20 02:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.20 02:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.20 02:23:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.20 02:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.20 02:22:53 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.20 01:57:41 | 000,000,000 | ---D | C] -- C:\Users\***Desktop\Trojanerverdacht
[2012.07.19 00:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.07.19 00:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.07.19 00:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2012.07.17 11:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.07.16 21:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012.07.12 14:56:20 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mfc42loc.dll
[2012.07.12 14:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Fox
[2012.07.12 14:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
[2012.07.12 00:57:14 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 21:59:19 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 21:59:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.11 21:59:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.10 20:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.07.10 19:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2012.07.10 19:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.07.10 19:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.07.10 19:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.07.10 19:11:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\atitray
[2012.07.10 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ray Adams
[2012.07.10 17:27:36 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2012.07.10 15:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2012.06.28 16:57:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Anno 1701
[2012.06.28 16:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1701
[2012.06.28 16:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Anno 1701
[2012.06.23 01:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2012.06.22 16:38:58 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.22 16:38:58 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.22 16:38:46 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.22 16:38:46 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.22 16:38:46 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.22 16:38:33 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.22 16:38:33 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.20 05:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.20 05:07:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.20 05:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.20 04:56:04 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\lmtguo.sys
[2012.07.20 03:04:55 | 000,460,800 | ---- | M] () -- C:\Users\Yannik\murmur.sqlite
[2012.07.20 02:23:45 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 02:22:54 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.20 01:50:36 | 101,771,502 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.07.20 01:34:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 01:34:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.20 01:33:05 | 000,027,520 | ---- | M] () -- C:\Users\***\AppData\Local\dt.dat
[2012.07.19 22:00:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.19 16:53:59 | 000,013,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 16:53:59 | 000,013,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 14:44:44 | 000,001,872 | ---- | M] () -- C:\Users\Yannik\Desktop\Crysis2.lnk
[2012.07.19 13:20:07 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.18 23:37:40 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.18 23:37:40 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.18 23:37:40 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.18 23:37:40 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.17 18:16:36 | 000,360,258 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.07.16 21:30:41 | 000,004,158 | ---- | M] () -- C:\Users\Yannik\AppData\Roaming\wklnhst.dat
[2012.07.12 19:15:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 19:15:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.12 14:59:15 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\No One Lives Forever 2 .lnk
[2012.07.12 12:26:10 | 000,365,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.10 17:31:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Spyder2_01001.Wdf
[2012.07.10 16:28:29 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2012.07.09 22:08:19 | 000,008,421 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012.07.06 12:24:05 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.28 17:04:25 | 000,083,872 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.06.28 17:04:25 | 000,025,888 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.06.23 13:08:08 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\MechWarrior Vengeance.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.20 04:56:04 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lmtguo.sys
[2012.07.20 02:23:45 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.20 01:33:05 | 000,027,520 | ---- | C] () -- C:\Users\***\AppData\Local\dt.dat
[2012.07.20 01:32:56 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012.07.19 14:44:44 | 000,001,872 | ---- | C] () -- C:\Users\***\Desktop\Crysis2.lnk
[2012.07.16 21:42:11 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.07.16 21:42:11 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.07.16 21:42:11 | 000,001,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.07.12 14:59:15 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\No One Lives Forever 2 .lnk
[2012.07.10 17:31:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Spyder2_01001.Wdf
[2012.07.09 22:08:19 | 000,008,421 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.07.02 14:48:59 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.28 16:41:35 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.06.28 16:41:02 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.06.23 13:08:08 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\MechWarrior Vengeance.lnk
[2012.06.11 18:41:48 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.06.11 18:41:48 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.04.06 23:55:25 | 000,055,026 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.08.22 22:24:42 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.08.22 22:20:41 | 000,038,251 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.08.20 12:15:55 | 000,460,800 | ---- | C] () -- C:\Users\***\murmur.sqlite
[2011.08.17 19:04:56 | 000,004,158 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2011.08.16 19:44:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.14 14:36:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.02.15 18:56:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.06.23 15:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple
[2012.01.30 17:11:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012
[2011.08.22 22:17:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.08.17 14:33:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2011.12.24 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.12.23 21:42:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.09 22:05:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.11.29 19:23:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Language
[2012.02.25 00:22:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice
[2011.11.29 22:55:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lionhead Studios
[2012.04.21 13:13:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mount&Blade
[2011.09.01 16:08:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut
[2012.07.20 03:04:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mumble
[2011.08.14 20:41:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.03.08 22:38:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rovio
[2011.10.08 22:47:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.08.14 21:41:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.11.29 19:23:16 | 000,000,000 | ---D | M] -- C:\Users\Yannik\AppData\Roaming\Wippien
[2012.05.15 19:33:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
und Nr. 2:
Code:
ATTFilter
OTL Extras logfile created on: 20.07.2012 05:10:57 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 44,89% Memory free
6,50 Gb Paging File | 4,19 Gb Available in Paging File | 64,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 37,05 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
Drive F: | 455,99 Gb Total Space | 155,22 Gb Free Space | 34,04% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EFDFCE-4126-4D54-8CDC-E0A024CCF834}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{06588F67-DDAA-41E5-BD49-D0A22382302B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{06C40A16-8B5F-4974-80B8-BFB154E73CD1}" = lport=25565 | protocol=17 | dir=in | name=minecraft-server | 
"{08BC5D9E-BC02-41C1-B9BB-2FA987CA7789}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0B6449AF-00A6-49AD-96A7-B704CFDB3D6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{15D72D08-0118-466B-8882-B321315FF167}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{16092EE6-7FBF-466B-A544-668884F832C5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1D3C475C-FBBB-49A3-BDCC-AE1197ACD573}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2D74C054-95F9-4D72-9733-3C197438FD92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{49C74D9D-A812-4FC6-A03A-20B0E384AFEE}" = rport=25565 | protocol=6 | dir=out | name=minecraft-server | 
"{5D79BE25-A221-4602-8896-489BC659FDB3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{603983BF-791A-4FE2-82B8-6032E10D21EF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{62F2EB9C-E2AF-495D-86C6-ABE16851B3A9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{65FF989D-817E-45DE-B4D1-9928F106D4BC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7ACF4472-4831-491D-B846-701B21A8E7E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E6746FF-4D44-46BE-91D5-C29512ECD563}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8474C6ED-A193-4012-868D-B27EC90417BF}" = rport=25565 | protocol=17 | dir=out | name=minecraft-server | 
"{8637D394-0798-44FB-9F76-F0E1B330F574}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{89A3887A-4EC1-4475-8D5B-E08414E95106}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8C60A011-CA58-462F-8D82-8E50B1ED118B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9250758B-11CE-4394-82B3-CDE9CE4C7AD0}" = lport=5222 | protocol=6 | dir=in | name=wippien selbst | 
"{9405193F-C95C-4061-9063-F93B813ABFCD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A2674C04-4F3C-4D6F-A302-AF289495A62D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A5F37681-A4A8-403B-B9C6-93DD2A34CE61}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A706C34E-0A78-4AF5-A520-B7E6B0F6D6DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AE616FBD-2F11-4EAF-901E-E91301425753}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B74FEE57-71E1-4748-B2D2-A80A68E10879}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BC0E89EC-265D-445B-B507-55F5E53D23F1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D7EBFCB7-63BF-4B8A-B4EB-517212118EA4}" = rport=5222 | protocol=6 | dir=out | name=wippien selbst | 
"{DA9E3BC0-39F6-4E0D-B986-E92FA774E7AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E162AC7D-721E-48EF-8FD7-6E607DD7735D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E240A71D-83CE-43CD-AE11-1544A08FFC07}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E8029BD7-0F41-48D2-9DC8-19072378A945}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F0FD6DF8-1D58-4600-8FE5-674ADB31C5E4}" = lport=25565 | protocol=6 | dir=in | name=minecraft-server | 
"{F70AFF1E-EC40-47DA-8961-8D2FCFF07D12}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F931B772-5974-4A5F-8802-CB44FA82CDF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FBCD0F08-2E89-474C-8D5F-377629D7E5FB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001B9E27-4D2D-4B19-8657-9ADEC31E36F1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{002E02CA-631F-4368-941F-EAE343BC772C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{020A575E-289E-470F-BDC9-22C0849E8A96}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{02EF9E50-8019-41D4-834C-AC6583C53725}" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"{063587AA-2EDA-4E0A-85A0-C42B4CD8C035}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe | 
"{0F527516-E59D-418C-8382-67AD2DFEC37E}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{0FD0F9D8-6230-4635-8BD9-276BE8EE52F5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\toy soldiers\game.exe | 
"{131AEC10-BBFC-4BCF-B191-5B3A31DAC01E}" = protocol=6 | dir=in | app=c:\program files\mumble\murmur.exe | 
"{1505488D-D6F7-435C-B061-74021E7E9C35}" = protocol=6 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe | 
"{1AC164C8-B660-4DB4-A305-648CC0F31875}" = protocol=17 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe | 
"{227598BF-3541-4084-8548-097210184D78}" = protocol=6 | dir=out | app=system | 
"{23478101-C22B-490C-A52F-2C8C477C11E4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{271FDB4B-181E-4BC7-92F9-3995C5B04374}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite\sniperelite.exe | 
"{2E657FBE-0684-410F-86D0-71507CF1DE3D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{3088F938-106D-49DC-92CB-F47CCB7B050E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\config.exe | 
"{3209C544-5C58-40DD-8A99-63580255C83B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{32C520F2-CF58-475D-9000-EF6A6C3E4A6F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{386F6BF3-92A5-41D1-A24F-DB029261E107}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3E18FEDC-7AF7-4252-9C41-8756988B6852}" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe | 
"{3EAA163D-7530-41D6-BD03-497D018840A0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{49C0E022-E1DA-4EFB-B53C-29372AEB77AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4BC6B86D-42C9-4C79-813C-974C8DF3207B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\config.exe | 
"{4EE82E30-F4EC-4DA4-BB8E-214404388985}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe | 
"{5418A2BD-A771-4187-A5D6-5E96CFAFFB1C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\toy soldiers\game.exe | 
"{55237E8C-AB70-445A-AB46-E0585B0A4ADD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{55ABBA22-F042-4095-90EB-E0C1F06814E4}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{60DBE17F-27DD-489C-A22C-2DDC92FB2D71}" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe | 
"{6158C992-5484-46FC-B1A2-71130070773A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\overlord2.exe | 
"{6186AEAC-482E-4AA9-AA19-5A0906368DE6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{63CD194D-7FCC-490F-8D96-C85B4B7837C9}" = protocol=6 | dir=in | app=c:\program files\wippien\wippien.exe | 
"{662A75A4-43A3-4DFA-83E4-908AE18D675C}" = dir=out | app=%programfiles%\wippien\wippien.exe | 
"{67EB0788-C96C-49D9-8962-FC75363503E5}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{6CAC3767-AF30-4CE9-9B8F-BF56DCB7090C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{6EBD1456-0B1B-4E23-86BC-3AB769025C2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F767085-0520-4E6E-A478-3177020A5329}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{70D17436-5FAA-4CFB-A3B0-881A563DA85B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{71985D10-D06A-42E5-BE77-BEBC52FED508}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe | 
"{757D01B2-1BF2-4C06-9022-FC0A6F1D2FB7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{769466F2-A163-44DD-A344-77800B20A777}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{77EC8367-F443-4C27-80B7-2D229965D905}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord ii\overlord2.exe | 
"{78829DA7-A505-4912-B0CF-D2C6F0A47575}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{80592F22-7B5C-42E3-B460-D94D755FDE63}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{80D43123-CE81-4391-AFE1-8B162C2F183D}" = protocol=17 | dir=in | app=c:\program files\wippien\wippien.exe | 
"{8820348A-F9CF-4799-83D2-F924415B1A00}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{8A459F79-2E7F-42EC-975A-4DE8743142C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{8E48D6CF-1D3E-450B-A7F6-BE6FA3FB8993}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{915486CB-7140-4B87-88BF-A5B31F00EE65}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{91F7F5A3-14DF-47FE-9351-504BB45E6924}" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"{92DE8AEE-6596-495E-B5FE-FA3B8C30E615}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{96FF075F-48F4-4D9E-991D-9FB5325592D3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{9C0863AE-8E40-4A4E-838B-DDE3FE78F6A2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{A07794D5-7FBE-4612-BF7D-0ABCBAEEC072}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A307150D-483D-4282-B360-9AA708C9D0F8}" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | 
"{A6317F27-12C2-4034-ACA0-30ED5E0DE290}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe | 
"{A74D93B8-E787-442E-BF4E-9FADB47E185B}" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo 2\halo2.exe | 
"{A836BCCC-F000-4CF2-98C2-9CC7FF3DAB75}" = protocol=58 | dir=in | app=system | 
"{AADE2F97-CCD9-4A74-90ED-972C772C44B5}" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe | 
"{AB145289-BCA2-4C4F-85A8-C09B92229F35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ACD754A1-F24D-4AD0-8BEB-CB6496C70811}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B0BB929F-3AD0-44D6-AB4C-8CAE6B72CC3B}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{B0FC9A48-8F4E-43F5-82ED-0732637B37BC}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{B4FBA645-B519-4560-A6CF-E8FEA9B2BF71}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{B5082D14-0FAF-470F-B882-C4E2AECC9CFA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{B586263D-2A69-4726-8C27-91ACE49C74FC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{B6422B6C-605C-4B8F-9921-FC3905E13DE7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{B6965B70-334A-4EAD-AF36-721A09A99044}" = protocol=17 | dir=in | app=c:\program files\wippien\wippien.exe | 
"{B78049D2-985E-4CC8-8CDD-9530A8AFB166}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BC1EBB1F-E292-4323-8D94-F266A0231A13}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe | 
"{C1AA6DE7-ACDD-46A4-862C-B643D689D550}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2A7AAF5-8622-4BA3-85FA-58E6B7361054}" = protocol=17 | dir=in | app=c:\program files\mumble\murmur.exe | 
"{C2C1DAEE-699D-412E-8AD3-A2399AB8EC7C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{C35E8875-6F28-4514-A4D1-20C065FDEFB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CBA58CFC-2811-4CC8-9FFD-9E4218DF08F6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{CDF9917B-BE40-4982-8E0E-5BCFCC24D70E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DAED0437-BA4B-4995-82BE-6DAB75F640F7}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{DCC4F26A-9FD1-4867-B9AD-CE0D97269A50}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E4663123-B20F-4A3D-8BAF-620DC3A02D7D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EAEC6904-A966-43FB-B0B2-7CF10915D140}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{EC9C3F41-B38F-42E1-B69B-573D5927B502}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ECB8D84F-28E8-47A2-8EBD-2C58830BC1DA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{ED3EE91E-F43D-476C-8422-E41CFBFB962C}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{ED79E357-3BE4-46C9-AC76-04B64EE430C9}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{EF64C3A3-B007-4985-963E-270D2ED8F730}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sniper elite\sniperelite.exe | 
"{F12BA258-C482-4C2A-9B00-76A14A188426}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{F206ECD5-7916-44BB-9359-AFDA3FEC489E}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe | 
"{F2ADC6FB-7E41-4104-9F00-AA12B9CA8D9F}" = protocol=6 | dir=in | app=c:\program files\wippien\wippien.exe | 
"{F357CAA6-7D05-46ED-A874-D699EFD8BDD8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{F3D50767-5668-4CA8-83C1-4C550D95F2B4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F57AC9F4-BC83-4E01-944D-648BA6573B25}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fable 3\fablelauncher.exe | 
"{F77AA1E4-6619-475C-8F3B-568FE78FA0FB}" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe | 
"TCP Query User{13C55265-EB02-495D-9024-2940D35166B0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{13D545FA-5B15-4DAA-A896-F95582006E2C}C:\program files\rtw - multicampaign\cbclient.exe" = protocol=6 | dir=in | app=c:\program files\rtw - multicampaign\cbclient.exe | 
"TCP Query User{1CED553D-57E1-4DB4-ACBB-6FC0959C1F51}C:\users\yannik\appdata\local\temp\rar$ex00.589\volley.exe" = protocol=6 | dir=in | app=c:\users\yannik\appdata\local\temp\rar$ex00.589\volley.exe | 
"TCP Query User{1EAB7AF3-EAAC-4200-A375-9FAB78BF82BA}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{23CB68BD-4B97-49AF-B0F3-6FAFACD7B4DE}C:\program files\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | 
"TCP Query User{253224D6-3A78-477D-88E0-42984CDD5AC2}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"TCP Query User{2C86AA98-F95B-46C6-860A-FE29A6F775C8}C:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe | 
"TCP Query User{339BDCD9-6D68-4B85-A34F-85DDBE188EAD}C:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe | 
"TCP Query User{4F0D0283-FF2C-45DA-805C-BA8AE5F2D013}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe | 
"TCP Query User{5B2498E3-1EC2-4553-9585-B44FF2281716}C:\program files\rtw - multicampaign\cbserv.exe" = protocol=6 | dir=in | app=c:\program files\rtw - multicampaign\cbserv.exe | 
"TCP Query User{5F84E32E-2918-460D-882A-5DDB80E25278}C:\program files\savage 2 - a tortured soul\savage2.exe" = protocol=6 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe | 
"TCP Query User{657C2EB9-0546-42F3-B8A4-B1FEFDC4BF7F}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{73F1A104-BB6F-4701-BC9B-FEFE34D4E08E}C:\program files\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fable 3\fable3.exe | 
"TCP Query User{77E41B7F-A857-49EA-B229-9C9856EAE016}C:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"TCP Query User{B69B147A-F60E-43F3-8EF3-199AB188865D}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe | 
"TCP Query User{BB8DB480-4019-4880-9406-55DCBF31B2D9}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"TCP Query User{C91BE81E-B242-4100-86A8-E75FE610CCF6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{E0A03DE5-D22B-4DE4-BBF7-EE57C17A64A0}C:\program files\winpcap\rpcapd.exe" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe | 
"TCP Query User{E80F3F3C-2D89-43F4-A9BB-DD79CA70E973}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{F3A9F56D-A95D-42A6-B8BE-8F374F9A77EA}C:\program files\mumble\murmur.exe" = protocol=6 | dir=in | app=c:\program files\mumble\murmur.exe | 
"UDP Query User{0CD65F73-D942-4721-906B-14740B50977C}C:\program files\mumble\murmur.exe" = protocol=17 | dir=in | app=c:\program files\mumble\murmur.exe | 
"UDP Query User{0DF0AF0C-C27E-491C-824C-01171618872B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{1943FADF-EB29-42B4-80B9-AEBC0BD3DD89}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{19AC3C83-11A6-4CC0-A3A5-45FB0400408E}C:\program files\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\bloodline champions\binary\bloodlinechampions.exe | 
"UDP Query User{33C8677C-F191-4EE1-8E7E-52861A3DD4EE}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{375549FF-E21A-4D70-B6A1-AA8E1B89ABD9}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"UDP Query User{44744833-E004-4000-8E13-066AEF974677}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe | 
"UDP Query User{710D025D-8DE7-4C7B-915D-F6A6DC93F127}C:\program files\rtw - multicampaign\cbserv.exe" = protocol=17 | dir=in | app=c:\program files\rtw - multicampaign\cbserv.exe | 
"UDP Query User{759F5B74-C73F-4CDA-A774-66B6CF0B549D}C:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe | 
"UDP Query User{980A06CC-D831-42A3-B408-FC21BDF200E6}C:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\udoassus\team fortress 2\hl2.exe | 
"UDP Query User{99E80D50-576D-4777-B35B-B7FA9BED590E}C:\program files\winpcap\rpcapd.exe" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe | 
"UDP Query User{9B939DBF-4196-4A79-BC4F-47C416D7DC34}C:\program files\savage 2 - a tortured soul\savage2.exe" = protocol=17 | dir=in | app=c:\program files\savage 2 - a tortured soul\savage2.exe | 
"UDP Query User{BE1920B4-F0F8-4D2A-9120-8E13ACEFC9D2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{C45B4504-10AC-4B9F-954C-846758E4F36F}C:\program files\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fable 3\fable3.exe | 
"UDP Query User{CA1D29A4-FD9E-4932-95A9-BF8DC19F6163}C:\users\yannik\appdata\local\temp\rar$ex00.589\volley.exe" = protocol=17 | dir=in | app=c:\users\yannik\appdata\local\temp\rar$ex00.589\volley.exe | 
"UDP Query User{CD0E6FD0-9743-4788-9290-35139F18D98D}C:\program files\rtw - multicampaign\cbclient.exe" = protocol=17 | dir=in | app=c:\program files\rtw - multicampaign\cbclient.exe | 
"UDP Query User{D5A4C795-DD13-4B80-A2C4-C24D574AE5FC}C:\program files\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aomx.exe | 
"UDP Query User{EF56D555-942C-4221-BA7C-1302DCBB1453}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"UDP Query User{F3179D5E-8083-4F9C-9A24-09BCC9C43E0A}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{F6C265BE-79B1-43EC-BFBA-781810A6E1E2}C:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04587046-E062-A70D-10C0-108318D5AD2C}" = ccc-utility
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = HALO 2 FÜR WINDOWS VISTA
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{11A247C5-3741-06EA-37BE-F962C5D09DF1}" = HydraVision
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{155FE169-9143-4179-B68E-E7D74CD3F43C}" = ATI AVIVO Codecs
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F41998F-9307-C88C-FA64-A28FFF4B8800}" = ATI Problem Report Wizard
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{B7C6F142-1136-EDB0-C1C4-1F28A6639768}" = AMD Drag and Drop Transcoding
"{BA12FD6D-169A-11D7-A6A9-00C026281E5A}" = Twin USB Vibration Gamepad
"{BB21B808-F784-4883-A4D4-B1473384C1C6}" = LibreOffice 3.5
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CDFBE82A-62CF-ACD5-5BDC-A776229D694A}" = AMD Media Foundation Decoders
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE9B60E1-BC90-DADA-0935-02F51FB9228C}" = AMD Catalyst Install Manager
"{D69B5522-2170-962F-58E8-DDEFA6636DA9}" = AMD Accelerated Video Transcoding
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2 
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{F0000C3B-FD74-4E5F-B574-CA4AB150E86F}" = Angry Birds
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1" = Wippien 2.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"Blue Byte Game Channel" = Blue Byte Game Channel
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"GameSpy Arcade" = GameSpy Arcade
"Halo" = Microsoft Halo
"Halo 2" = HALO 2 FÜR WINDOWS VISTA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MechWarrior Vengeance" = MechWarrior Vengeance
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"Opera 12.00.1467" = Opera 12.00
"Pidgin" = Pidgin
"S4Uninst" = Die Siedler IV
"Steam App 102600" = Orcs Must Die!
"Steam App 105400" = Fable III
"Steam App 12810" = Overlord II
"Steam App 3700" = Sniper Elite
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 73050" = Magicka - Demo
"Steam App 98300" = Toy Soldiers
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.07.2012 07:57:25 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
 0x21544c46  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x560004c2  ID des fehlerhaften Prozesses:
 0x13e4  Startzeit der fehlerhaften Anwendung: 0x01cd60ee9931caf6  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: e8a5be44-cce1-11e1-bc81-001fc652aad5
 
Error - 13.07.2012 07:58:01 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
 0x21544c46  Name des fehlerhaften Moduls: dwmapi.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5bda07  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000003  ID des fehlerhaften Prozesses:
 0xd8  Startzeit der fehlerhaften Anwendung: 0x01cd60eeb6a28a31  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\dwmapi.dll  Berichtskennung: fe90917c-cce1-11e1-bc81-001fc652aad5
 
Error - 13.07.2012 07:58:30 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
 0x21544c46  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x458bff85  ID des fehlerhaften Prozesses:
 0x58c  Startzeit der fehlerhaften Anwendung: 0x01cd60eec6abb1ad  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 0f9ea9aa-cce2-11e1-bc81-001fc652aad5
 
Error - 14.07.2012 07:08:36 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
 0x21544c46  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xc25ec68b  ID des fehlerhaften Prozesses:
 0x1650  Startzeit der fehlerhaften Anwendung: 0x01cd61b0ea6229d7  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 41afcfb2-cda4-11e1-8085-001fc652aad5
 
Error - 14.07.2012 07:09:07 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
 0x21544c46  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x106cb0d8  ID des fehlerhaften Prozesses:
 0x1680  Startzeit der fehlerhaften Anwendung: 0x01cd61b107e02fb4  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 53b60722-cda4-11e1-8085-001fc652aad5
 
Error - 14.07.2012 07:09:42 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lithtech.exe, Version: 1.0.0.1, Zeitstempel:
 0x21544c46  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x06c7ffff  ID des fehlerhaften Prozesses:
 0xff8  Startzeit der fehlerhaften Anwendung: 0x01cd61b119eb4936  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Fox\No One Lives Forever 2\lithtech.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 68b69dfc-cda4-11e1-8085-001fc652aad5
 
Error - 17.07.2012 12:11:50 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffect2.exe, Version: 1.2.1604.0,
 Zeitstempel: 0x4bd60ba2  Name des fehlerhaften Moduls: MassEffect2.exe, Version: 
1.2.1604.0, Zeitstempel: 0x4bd60ba2  Ausnahmecode: 0xc0000005  Fehleroffset: 0x007cbceb
ID
 des fehlerhaften Prozesses: 0x9d0  Startzeit der fehlerhaften Anwendung: 0x01cd641e04adae13
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Berichtskennung:
 1d0bb0c2-d02a-11e1-b8a9-001fc652aad5
 
Error - 17.07.2012 14:15:13 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffect2.exe, Version: 1.2.1604.0,
 Zeitstempel: 0x4bd60ba2  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x172c  Startzeit der fehlerhaften Anwendung: 0x01cd6438850422dc  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 5a008f0b-d03b-11e1-b8a9-001fc652aad5
 
Error - 17.07.2012 15:31:57 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffect2.exe, Version: 1.2.1604.0,
 Zeitstempel: 0x4bd60ba2  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x13d4  Startzeit der fehlerhaften Anwendung: 0x01cd64486d7b86e6  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 11feeae1-d046-11e1-b8a9-001fc652aad5
 
Error - 18.07.2012 17:29:23 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MassEffect2.exe, Version: 1.2.1604.0,
 Zeitstempel: 0x4bd60ba2  Name des fehlerhaften Moduls: MassEffect2.exe, Version: 
1.2.1604.0, Zeitstempel: 0x4bd60ba2  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00511eb0
ID
 des fehlerhaften Prozesses: 0xb94  Startzeit der fehlerhaften Anwendung: 0x01cd6518db998d57
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Mass Effect 2\Binaries\MassEffect2.exe
Berichtskennung:
 a4589bbe-d11f-11e1-ab36-001fc652aad5
 
[ System Events ]
Error - 13.07.2012 12:22:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 14.07.2012 05:43:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 14.07.2012 16:18:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 15.07.2012 05:44:44 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 16.07.2012 06:39:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 17.07.2012 05:46:57 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 18.07.2012 02:59:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 18.07.2012 14:13:11 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 19.07.2012 07:22:25 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 19.07.2012 16:32:07 | Computer Name = ***-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
 
< End of report >
         
(Benutzername durch *** ersetzt)
Ich danke bereits im Vorraus für die Hilfe und hoffe, dass ich soweit alles richtig gemacht habe.

 

Themen zu Win7 mit GVU-Trojaner 2.07 infiziert
abbruch, autorun, avg, bho, bildschirm, c:\windows\system32\cmd.exe, converter, ctfmon.lnk, error, firefox, flash player, format, google, grand theft auto, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, langs, logfile, mp3, nexus, plug-in, problem, registry, rundll, scan, searchscopes, security, software, svchost.exe, taskhost.exe, udp, virus, wrapper




Ähnliche Themen: Win7 mit GVU-Trojaner 2.07 infiziert


  1. Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung?
    Log-Analyse und Auswertung - 01.10.2014 (9)
  2. System mit BKA-Trojaner ähnlichem Schädling infiziert (Win7 Home Premium)
    Log-Analyse und Auswertung - 17.04.2014 (7)
  3. Win7 (x64) 'Registry Helper' etc . infiziert
    Plagegeister aller Art und deren Bekämpfung - 25.03.2014 (7)
  4. Win7-64: Eltern-PC infiziert; ESET startet nicht, Malwarebytes updatet nicht
    Plagegeister aller Art und deren Bekämpfung - 31.12.2013 (11)
  5. Win7 infiziert, u.a. TR/ATRAPS.Gen2 (Trojaner)
    Log-Analyse und Auswertung - 01.10.2013 (14)
  6. Win7: Webseiten werden mit Werbung verlinkt; Suchmaschinen-ergebnisse sind infiziert (monstermarketplace.com)
    Log-Analyse und Auswertung - 02.09.2013 (23)
  7. Malware trotz OS X Internet Reccovery - VM Malware? Ubuntu in EFI ? Win7 im gleichen Netz infiziert
    Alles rund um Mac OSX & Linux - 26.06.2013 (5)
  8. trojan.hijacker - win7 auch nach neuinstallation infiziert? rootkit?
    Log-Analyse und Auswertung - 04.02.2013 (40)
  9. Mit Guv Trojaner infiziert
    Log-Analyse und Auswertung - 22.01.2013 (3)
  10. Win7-PC mit GVU/BSI-Trojaner infiziert
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (17)
  11. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  12. PC mit GUV Trojaner infiziert
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (2)
  13. Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)
    Log-Analyse und Auswertung - 08.08.2012 (18)
  14. BKA Trojaner und GEMA Trojaner haben mein System infiziert!
    Log-Analyse und Auswertung - 23.03.2012 (4)
  15. System infiziert. USB-Stick und Datensicherung auch infiziert?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2011 (2)
  16. Win7 total securtiy Spyware infiziert
    Log-Analyse und Auswertung - 01.05.2011 (1)
  17. Mit Trojaner (Worm.KoobFace) über Facebook infiziert/Trojaner verschwunden?
    Plagegeister aller Art und deren Bekämpfung - 14.11.2009 (1)

Zum Thema Win7 mit GVU-Trojaner 2.07 infiziert - Guten Tag. Vor ein paar Stunden erschien plötzlich dieser Bildschirm: https://www.bsi-fuer-buerger.de/SharedDocs/Bilder/DE/BSIFB/Schadprogramme/GVU-BSI-Trojaner-Webcam.jpg?__blob=poster&v=3 Wenn ich nicht irre, handelt es sich dabei um den GVU-Trojaner Version 2.07. Durch einen Druck auf den On/Off-Knopf - Win7 mit GVU-Trojaner 2.07 infiziert...
Archiv
Du betrachtest: Win7 mit GVU-Trojaner 2.07 infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.