ESETLog:Win32/OpenCandy Anwendung; Win32/Toolbar.Zugo Anwendung; Var. von: Win32/Bundled.Toolbar.Ask Anwendung; Win32/Injector.AIBG Trojaner

Verbraucher · 14.06.2013, 23:26

Guten Abend,

ich befürchte, dass ich mir verschiedene Trojaner eingefangen habe und einer Spam E-Mailliste stehe. Sprich ich bekomme seit gestern E-Mails mit dubiosem Anhang.

Zunächst habe ich einen Suchlauf mit AVG AntiVirus Free durchgeführt. Dieser hatte verschiedene Malware gefunden und konnte diese nicht entfernen. Ich habe die angegebenen Dateien dann mit dem Programm Secure Eraser gelöscht. Leider habe ich den zugehörigen Bericht archiviert und weiß nicht, wo AVG sein Archiv hat.
Anschließend habe ich noch einen Suchlauf durchgeführt. Hierbei gab es zwar wieder Meldungen aber eher nach dem Typ: "Gesperrte Datei. Nicht getestet".
Wo finde ich die Logs von AVG, damit ich diese hier rein stellen kann?

Anschließend habe ich mein System mit Malwarebytes Anti-Malware getestet. Hier der Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.14.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
Lars :: LARS-PC [Administrator]

14.06.2013 15:07:35
mbam-log-2013-06-14 (15-07-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 41727
Laufzeit: 6 Minute(n), 11 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Da hierbei nichts gefunden wurde, habe ich die Suche ausgeweitet.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.14.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
Lars :: LARS-PC [Administrator]

14.06.2013 15:15:36
mbam-log-2013-06-14 (15-15-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 633249
Laufzeit: 3 Stunde(n), 33 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Auch hierbei wurde nichts gefunden. Ich habe darauf hin den Anhang der E-Mail gespeichert, um diese zu untersuchen. Doch auch da wurde Malewarebytes nicht fündig.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.14.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
Lars :: LARS-PC [Administrator]

14.06.2013 20:15:34
mbam-log-2013-06-14 (20-15-34).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf (E:\Lars\Download\löschen\Rechnung vom 14.06.2013 Inkasso Tchibo GmbH.zip|)
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra
Durchsuchte Objekte: 1
Laufzeit: 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Da ich mir nicht vorstellen kann, dass ein Spammer ungefährliche Dateien zipt und versendet habe ich einen Suchlauf mit ESET durchgeführt. Hierbei gab es 13 Meldungen. Unter anderem auch die gezippte Datei.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f77dbf8e0bcd1149af2399ef8c38f2ac
# engine=14075
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-14 09:28:55
# local_time=2013-06-14 11:28:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1039 16777213 100 80 30209 58379319 0 0
# compatibility_mode=5893 16776574 100 94 42171351 122876526 0 0
# scanned=342157
# found=13
# cleaned=13
# scan_time=10879
sh=7CE3756FD766C5ABF3040C21F5B7ECCE2A426B23 ft=1 fh=abdbfcd593573440 vn="Win32/OpenCandy Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll"
sh=441A2DB1E874921AB5A464A19C019F0DD218DCAA ft=1 fh=cae042f77220f344 vn="Win32/Toolbar.Zugo Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S7QM11E\ApnIC[1].0"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SECRHRAN\ApnIC[1].0"
sh=02C6F30D4206AAA4DC9D5B67F9E42902BF0E5F0A ft=1 fh=011e7c44665e1436 vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="D:\Games\Neuer Ordner\Wechseldatenträger\avira_free_antivirus_de.exe"
sh=9CFEF53A709DAF04A790B04DE5BC6E05F15B3401 ft=0 fh=0000000000000000 vn="Variante von Win32/Injector.AIBG Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\Lars\Download\löschen\Rechnung vom 14.06.2013 Inkasso Tchibo GmbH.zip"
sh=DB46ADC96CA84B495806A55F77196F154906F500 ft=1 fh=01ef0128d5c02d06 vn="Variante von Win32/SpeedingUpMyPC.B Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Users\Lars\AppData\Local\DownloadAssist\Offers\optimizerpro.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Users\Lars\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VAXRZY7O\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Users\Lars\AppData\Local\Sicherung\Microsoft\Windows\Temporary Internet Files\Content.IE5\VAXRZY7O\ApnIC[1].0"
sh=EEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B ft=1 fh=8f8f2608bfa07014 vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Users\Lars-Admin\AppData\Local\Temp\AskSLib.dll"
sh=C89865B729E1F6027A461E7B48CFA68A54590A2D ft=1 fh=30a236b0a4800cbe vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Users\Lars-Admin\AppData\Local\Temp\RarSFX0\apnic.dll"
sh=085E2EFA6A258EEC88044241035A37DFF3DE3AE9 ft=1 fh=561b7be0126badba vn="Variante von Win32/Bundled.Toolbar.Ask Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Users\Lars-Admin\AppData\Local\Temp\RarSFX0\apntoolbarinstaller.exe"
sh=E3087F423D8D765A7F7792DFBEE98F5161656BA7 ft=1 fh=ec7296c810cf402f vn="Win32/OpenCandy Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Users\Lars-Admin\Downloads\PDFCreator-1_4_3_setup.exe"

Im Moment habe ich das Abschlussfenster noch offen. Sollte ich jetzt "Dateien in Quarantäne löschen" aktivieren, bevor ich auf Fertig stellen klicke, oder ist das eher nicht ratsam?

Noch einmal zurück zu den E-Mails. Insgesamt habe ich zwei E-Mails mit verdächtigem Inhalt bekommen. Beide sind vom Text gleich aufgebaut und unterscheiden sich nur in den Variablen: angeblicher Händler, Datum, Beträge. Wie gehe ich mit den E-Mails innerhalb von Outlook 2010 um? Gibt es Tipps, wie man Outlook am Besten einrichten sollte?

Bitte helft mir dabei mein System sauber zu bekommen. Seit Anfang des Monats habe ich ein Konto mit Onlinebanking, welches ich gerne nutzen würde und mich gerade nicht traue.

vG und Dank im Voraus.

PS: Ich habe gelesen, dass man verdächtige E-Mails an euch zur Überprüfung senden kann. Allerdings weiß ich nicht, wie ich die entsprechende .eml Datei erstellen kann.

cosinus · 15.06.2013, 01:49

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Verbraucher · 15.06.2013, 15:46

Danke für den freundlichen Empfang. Es folgen die gewünschten Daten:

JRT-Log:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x86
Ran by Lars on 15.06.2013 at 15:44:10,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "E:\Users\Lars\appdata\local\tempdir"



~~~ FireFox

Successfully deleted: [File] E:\Users\Lars\AppData\Roaming\mozilla\firefox\profiles\tgxgxylr.default\user.js
Successfully deleted: [Folder] E:\Users\Lars\AppData\Roaming\mozilla\firefox\profiles\tgxgxylr.default\conduitcommon
Successfully deleted the following from E:\Users\Lars\AppData\Roaming\mozilla\firefox\profiles\tgxgxylr.default\prefs.js

user_pref("CT2653012..clientLogIsEnabled", true);
user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2653012.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2653012.BrowserCompStateIsOpen_129514968327663878", true);
user_pref("CT2653012.BrowserCompStateIsOpen_129653180391256971", true);
user_pref("CT2653012.CTID", "CT2653012");
user_pref("CT2653012.CurrentServerDate", "13-12-2011");
user_pref("CT2653012.DSInstall", false);
user_pref("CT2653012.DialogsAlignMode", "LTR");
user_pref("CT2653012.DialogsGetterLastCheckTime", "Tue Dec 13 2011 17:16:05 GMT+0100");
user_pref("CT2653012.DownloadReferralCookieData", "");
user_pref("CT2653012.EnableClickToSearchBox", false);
user_pref("CT2653012.EnableSearchHistory", false);
user_pref("CT2653012.EnableSearchSuggest", false);
user_pref("CT2653012.FirstServerDate", "13-12-2011");
user_pref("CT2653012.FirstTime", true);
user_pref("CT2653012.FirstTimeFF3", true);
user_pref("CT2653012.FixPageNotFoundErrors", true);
user_pref("CT2653012.GroupingServerCheckInterval", 1440);
user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2653012.HPInstall", false);
user_pref("CT2653012.HasUserGlobalKeys", true);
user_pref("CT2653012.Initialize", true);
user_pref("CT2653012.InitializeCommonPrefs", true);
user_pref("CT2653012.InstallationAndCookieDataSentCount", 1);
user_pref("CT2653012.InstallationId", "ConduitNSISIntegration");
user_pref("CT2653012.InstallationType", "ConduitXPEIntegration");
user_pref("CT2653012.InstalledDate", "Tue Dec 13 2011 17:16:04 GMT+0100");
user_pref("CT2653012.InvalidateCache", false);
user_pref("CT2653012.IsAlertDBUpdated", true);
user_pref("CT2653012.IsGrouping", false);
user_pref("CT2653012.IsInitSetupIni", true);
user_pref("CT2653012.IsMulticommunity", false);
user_pref("CT2653012.IsOpenThankYouPage", false);
user_pref("CT2653012.IsOpenUninstallPage", true);
user_pref("CT2653012.LanguagePackLastCheckTime", "Tue Dec 13 2011 17:47:55 GMT+0100");
user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2653012.LastLogin_3.8.1.0", "Tue Dec 13 2011 17:16:11 GMT+0100");
user_pref("CT2653012.LatestVersion", "3.8.1.0");
user_pref("CT2653012.Locale", "en");
user_pref("CT2653012.MCDetectTooltipHeight", "83");
user_pref("CT2653012.MCDetectTooltipShow", false);
user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2653012.MCDetectTooltipWidth", "295");
user_pref("CT2653012.MyStuffEnabledAtInstallation", true);
user_pref("CT2653012.OriginalFirstVersion", "3.8.1.0");
user_pref("CT2653012.RadioIsPodcast", false);
user_pref("CT2653012.RadioLastCheckTime", "Tue Dec 13 2011 17:16:12 GMT+0100");
user_pref("CT2653012.RadioLastUpdateIPServer", "3");
user_pref("CT2653012.RadioLastUpdateServer", "129438915777300000");
user_pref("CT2653012.RadioMediaID", "21806912");
user_pref("CT2653012.RadioMediaType", "Media Player");
user_pref("CT2653012.RadioMenuSelectedID", "EBRadioMenu_CT265301221806912");
user_pref("CT2653012.RadioShrinkedFromSetup", false);
user_pref("CT2653012.RadioStationName", "California%20Rock%20-%20Rock");
user_pref("CT2653012.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
user_pref("CT2653012.SearchCaption", "Veoh Web Player Customized Web Search");
user_pref("CT2653012.SearchFromAddressBarIsInit", true);
user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q=");
user_pref("CT2653012.SearchInNewTabEnabled", true);
user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
user_pref("CT2653012.SearchInNewTabLastCheckTime", "Tue Dec 13 2011 17:16:11 GMT+0100");
user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2653012.SearchProtectorToolbarDisabled", true);
user_pref("CT2653012.SendProtectorDataViaLogin", true);
user_pref("CT2653012.ServiceMapLastCheckTime", "Tue Dec 13 2011 17:47:54 GMT+0100");
user_pref("CT2653012.SettingsLastCheckTime", "Tue Dec 13 2011 17:47:54 GMT+0100");
user_pref("CT2653012.SettingsLastUpdate", "1323783426");
user_pref("CT2653012.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13");
user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Tue Dec 13 2011 17:47:54 GMT+0100");
user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2653012.ToolbarDisabled", true);
user_pref("CT2653012.ToolbarShrinkedFromSetup", false);
user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
user_pref("CT2653012.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2653012.UserID", "UN88898721488223468");
user_pref("CT2653012.alertChannelId", "1045667");
user_pref("CT2653012.approveUntrustedApps", false);
user_pref("CT2653012.autoDisableScopes", -1);
user_pref("CT2653012.backendstorage.cb_firstuse0100", "31");
user_pref("CT2653012.backendstorage.cbfirsttime", "5475652044656320313320323031312031373A31363A313520474D542B30313030");
user_pref("CT2653012.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
user_pref("CT2653012.backendstorage.url_history", "687474703A2F2F7777772E796F75747562652E636F6D2F77617463683F763D6E344B5357746A4D665745");
user_pref("CT2653012.backendstorage.url_history_time", "31333233373936383133313538");
user_pref("CT2653012.components.1000082", false);
user_pref("CT2653012.components.129514973829994437", false);
user_pref("CT2653012.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Tue Dec 13 2011 17:16:06 GMT+0100");
user_pref("CT2653012.homepageProtectorEnableByLogin", true);
user_pref("CT2653012.initDone", true);
user_pref("CT2653012.isAppTrackingManagerOn", true);
user_pref("CT2653012.isFirstRadioInstallation", false);
user_pref("CT2653012.myStuffEnabled", true);
user_pref("CT2653012.myStuffPublihserMinWidth", 400);
user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2653012.revertSettingsEnabled", true);
user_pref("CT2653012.searchProtectorDialogDelayInSec", 10);
user_pref("CT2653012.searchProtectorEnableByLogin", true);
user_pref("CT2653012.testingCtid", "");
user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Tue Dec 13 2011 17:16:05 GMT+0100");
user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Tue Dec 13 2011 17:16:11 GMT+0100");
user_pref("CT2653012.usagesFlag", 1);
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2653012/CT2653012", "\"1323783427\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", "\"1320844439\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012", "\"93602d2a60e927e3ca51f1ad15996f04\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equalizer_dead.gif", "\"0678fe477ac91:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimize.gif", "\"046c7ab477ac91:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gif", "\"0484de117c4c91:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gif", "\"0e7a152347ac91:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif", "\"087c778347ac91:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"4b121196b3398318f01c08fb8af8d394\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d81252562c31be757300e4205a85371\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Lars\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\tgxgxylr.default\\conduitCommon\\modules\\3.8.1.0");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT2653012");
user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
user_pref("CommunityToolbar.ToolbarsList4", "CT2653012");
user_pref("CommunityToolbar.globalUserId", "51c6cf81-a2b6-4867-99d9-5d1b51e31f59");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2653012");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Dec 13 2011 17:47:56 GMT+0100");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Dec 13 2011 17:48:04 GMT+0100");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Dec 13 2011 17:47:56 GMT+0100");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "41d7d40a-b7fd-4dc4-a527-ce9d6c1eaf36");
user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.de/firefox");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={18848F28-20F3-401D-B711-CA6FD047DB00}&mid=38c6aa214bcc47d1bb6fd1527e2a540c-1f681911af5deb7b23f0d5b5d36f4996d8d44c7
Emptied folder: E:\Users\Lars\AppData\Roaming\mozilla\firefox\profiles\tgxgxylr.default\minidumps [394 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.06.2013 at 15:45:51,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v2.303 - Datei am 15/06/2013 um 15:47:43 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Lars - LARS-PC
# Bootmodus : Normal
# Ausgeführt unter : E:\Users\Lars\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Covus Freemium
Ordner Gelöscht : E:\ProgramData\AVG Secure Search
Ordner Gelöscht : E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium
Ordner Gelöscht : E:\Users\Lars\AppData\Local\AVG Secure Search
Ordner Gelöscht : E:\Users\Lars\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : E:\Users\Lars-Admin\AppData\Local\AVG Secure Search
Ordner Gelöscht : E:\Users\Lars-Admin\AppData\LocalLow\AVG Secure Search

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : E:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\tgxgxylr.default\prefs.js

Gelöscht : user_pref("CT2653012.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d8[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Lars\\AppData\\Roaming\\Mozilla\\Fi[...]
Gelöscht : user_pref("avg.install.installDirPath", "E:\\ProgramData\\AVG Secure Search\\12.2.5.32");
Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Datei : E:\Users\Lars-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pdo53q56.default\prefs.js

Gelöscht : user_pref("avg.install.installDirPath", "E:\\ProgramData\\AVG Secure Search\\11.1.0.12");
Gelöscht : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B67f969ce-cc4d-466d-8eb7-3798613f6de9%[...]

-\\ Opera v12.15.1748.0

Datei : E:\Users\Lars\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : application/x-winampx-1.0.0.1=6,,C:\Program Files\Mozilla Firefox\plugins\npwachk.dll,Winamp Applica[...]
Gelöscht : application/x-winampx-1.0.0.1=,0

Datei : E:\Users\Lars-Admin\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [8645 octets] - [15/06/2013 15:47:43]

########## EOF - E:\AdwCleaner[S1].txt - [8705 octets] ##########

OTL.txt

Code:

ATTFilter

OTL logfile created on: 15.06.2013 16:08:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Users\Lars\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,85% Memory free
5,99 Gb Paging File | 4,92 Gb Available in Paging File | 82,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,11 Gb Total Space | 9,06 Gb Free Space | 23,76% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 24,67 Gb Free Space | 16,55% Space Free | Partition Type: NTFS
Drive E: | 100,10 Gb Total Space | 35,13 Gb Free Space | 35,10% Space Free | Partition Type: NTFS
 
Computer Name: LARS-PC | User Name: Lars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\Users\Lars\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Programme\Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe ()
PRC - C:\Windows\System32\lxducoms.exe ( )
 
 
========== Modules (No Company Name) ==========
 
MOD - E:\Users\Lars\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - E:\Users\Lars\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Programme\Tools\Secure Eraser\SecEraser32.dll ()
MOD - C:\Windows\System32\CmdLineExt03.dll ()
MOD - C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe ()
MOD - C:\Programme\Lexmark 5600-6600 Series\lxducaps.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\lxduscw.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\lxdudrs.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\iptk.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\lxdudatr.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\lxducnv4.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\lxduptp.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vToolbarUpdater15.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SystemStoreService) -- C:\Programme\SoftwareUpdater\SystemStore.exe ()
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (avgwd) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (EPSON_PM_RPCV4_05) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (SEIKO EPSON CORPORATION)
SRV - (CLKMSVC10_783BBB28) -- C:\Program Files\Acer Arcade Deluxe\Arcade Movie\NavFilter\kmsvc.exe (CyberLink)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (lxduCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe ()
SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( )
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (esihdrv) -- E:\Users\Lars\AppData\Local\Temp\esihdrv.sys File not found
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys File not found
DRV - (aaudstum) -- E:\Users\Lars\AppData\Local\Temp\aaudstum.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - ({6E090BD5-4EF5-4bf0-A968-74049E88E935}) -- C:\Programme\Acer Arcade Deluxe\Arcade Movie\000.fcl (CyberLink Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (RTCore32) -- D:\Programme\MSI Afterburner\RTCore32.sys ()
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-207272529-1978318306-672765162-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-207272529-1978318306-672765162-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-207272529-1978318306-672765162-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-207272529-1978318306-672765162-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 8A 9D 0E 10 4A CB 01  [binary data]
IE - HKU\S-1-5-21-207272529-1978318306-672765162-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-207272529-1978318306-672765162-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-207272529-1978318306-672765162-1001\..\SearchScopes\{19EA5D7D-D702-4143-94E3-57D77BC7EE14}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-207272529-1978318306-672765162-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-207272529-1978318306-672765162-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: E:\Users\Lars\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.16 23:13:14 | 000,000,000 | ---D | M]
 
[2013.05.09 13:34:01 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Lars\AppData\Roaming\Mozilla\Extensions
[2013.05.21 10:43:10 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\tgxgxylr.default\extensions
[2013.05.21 10:43:10 | 000,000,000 | ---D | M] (Flagfox) -- E:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\tgxgxylr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.10.24 17:54:02 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- E:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\tgxgxylr.default\extensions\2020Player_IKEA@2020Technologies.com
[2013.01.13 14:14:58 | 000,000,000 | ---D | M] (German Dictionary) -- E:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\tgxgxylr.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.05.09 14:39:08 | 000,870,680 | ---- | M] () (No name found) -- E:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\tgxgxylr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010.02.17 01:29:22 | 000,002,329 | ---- | M] () -- E:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\tgxgxylr.default\searchplugins\openthesaurus.xml
[2009.04.05 02:27:55 | 000,001,334 | ---- | M] () -- E:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\tgxgxylr.default\searchplugins\wiktionary-de.xml
[2008.12.25 17:40:56 | 000,002,108 | ---- | M] () -- E:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\tgxgxylr.default\searchplugins\youtube-videosuche.xml
[2013.05.18 15:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.18 15:36:02 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-207272529-1978318306-672765162-1001\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-207272529-1978318306-672765162-1001\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-207272529-1978318306-672765162-1001..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: E:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = E:\Users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: E:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = D:\Programme\Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: E:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Programme\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-207272529-1978318306-672765162-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AF33386-EEE2-4974-B69C-F6EA76DA2B13}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AF33386-EEE2-4974-B69C-F6EA76DA2B13}: NameServer = 141.30.228.39,141.30.228.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96AD70DA-A050-41A4-9B38-7E4754AA3A00}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{13552258-4d45-11e2-80e9-001b38cebdff}\Shell - "" = AutoRun
O33 - MountPoints2\{13552258-4d45-11e2-80e9-001b38cebdff}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\DVR/AutoRun.exe start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.15 15:44:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.15 15:43:37 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.15 14:16:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Users\Lars\Desktop\OTL.exe
[2013.06.15 14:14:27 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- E:\Users\Lars\Desktop\JRT.exe
[2013.06.14 20:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.14 15:06:12 | 000,000,000 | ---D | C] -- E:\Users\Lars\AppData\Local\Programs
[2013.06.13 02:11:45 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.13 02:11:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.13 02:04:51 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.13 02:04:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.06.13 02:04:51 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.13 02:04:50 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.13 02:04:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.06.13 02:04:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.06.13 02:04:50 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.06.13 02:04:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.06.12 18:30:04 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.06.12 18:29:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013.06.12 18:29:46 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.12 18:29:46 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.12 18:29:35 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.12 18:29:35 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.11 13:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.06.11 13:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013.06.04 23:07:51 | 000,592,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2013.05.28 20:43:07 | 000,000,000 | ---D | C] -- E:\Users\Lars\AppData\Roaming\CyberLink
[2013.05.20 14:56:20 | 000,000,000 | ---D | C] -- E:\Users\Lars\AppData\Roaming\ICQ-Profile
[2013.05.20 14:55:15 | 000,000,000 | ---D | C] -- E:\Users\Lars\AppData\Local\DownloadAssist
[2013.05.18 16:39:50 | 000,000,000 | ---D | C] -- E:\Users\Lars\AppData\Local\Cisco
[2013.05.18 16:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2013.05.18 16:38:58 | 000,000,000 | ---D | C] -- E:\ProgramData\Cisco
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[11 E:\ProgramData\*.tmp files -> E:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.15 16:12:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.15 16:11:32 | 000,016,384 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.15 16:11:32 | 000,016,384 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.15 16:04:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.15 16:04:39 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013.06.15 16:03:51 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.06.15 16:03:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.15 16:03:45 | 2414,395,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.15 15:48:26 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.15 14:16:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\Lars\Desktop\OTL.exe
[2013.06.15 14:15:33 | 000,648,201 | ---- | M] () -- E:\Users\Lars\Desktop\adwcleaner.exe
[2013.06.15 14:14:31 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- E:\Users\Lars\Desktop\JRT.exe
[2013.06.14 15:06:35 | 000,000,949 | ---- | M] () -- E:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.14 00:35:20 | 000,004,442 | ---- | M] () -- E:\Lars\Dokumente\scan 2013.06.13.csv
[2013.06.13 13:04:00 | 000,664,148 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.13 13:04:00 | 000,625,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.13 13:04:00 | 000,133,720 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.13 13:04:00 | 000,109,936 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.12 19:12:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.12 19:12:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.11 12:12:34 | 000,000,861 | ---- | M] () -- E:\Users\Public\Desktop\AVG 2013.lnk
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.30 12:15:05 | 000,072,719 | ---- | M] () -- E:\Users\Lars\Desktop\48fa7e25be97ecf3c3104bc307118526_normal.png
[2013.05.29 22:37:23 | 000,001,047 | ---- | M] () -- E:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.29 22:36:35 | 000,001,013 | ---- | M] () -- E:\Users\Lars\Desktop\Dropbox.lnk
[2013.05.28 20:12:08 | 000,002,622 | ---- | M] () -- E:\Lars\Dokumente\Schlüssel.pfx
[2013.05.20 21:38:05 | 000,000,913 | ---- | M] () -- E:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013.05.20 19:54:00 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013.05.17 03:26:04 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.17 03:25:33 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.17 03:25:27 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.17 03:25:27 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.17 03:25:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.17 03:25:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.17 03:25:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[11 E:\ProgramData\*.tmp files -> E:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.15 15:48:12 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.15 14:15:33 | 000,648,201 | ---- | C] () -- E:\Users\Lars\Desktop\adwcleaner.exe
[2013.06.14 00:35:20 | 000,004,442 | ---- | C] () -- E:\Lars\Dokumente\scan 2013.06.13.csv
[2013.06.03 21:10:38 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013.05.30 12:15:04 | 000,072,719 | ---- | C] () -- E:\Users\Lars\Desktop\48fa7e25be97ecf3c3104bc307118526_normal.png
[2013.05.28 20:11:57 | 000,002,622 | ---- | C] () -- E:\Lars\Dokumente\Schlüssel.pfx
[2013.05.06 20:14:56 | 000,001,564 | ---- | C] () -- C:\Windows\wininit.ini
[2013.05.06 20:10:13 | 000,000,341 | ---- | C] () -- C:\Windows\SIERRA.INI
[2013.04.24 23:56:26 | 000,000,824 | ---- | C] () -- E:\Users\Lars\AppData\Local\recently-used.xbel
[2013.03.18 20:14:51 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2013.03.18 20:14:46 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.10.22 19:15:35 | 000,000,054 | ---- | C] () -- E:\Users\Lars\pc-client.properties
[2012.10.04 02:22:08 | 000,007,901 | ---- | C] () -- E:\Users\Lars\AppData\Roaming\.freeciv-client-rc-2.3
[2012.07.09 14:15:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2012.05.02 18:22:39 | 000,446,464 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2012.05.02 18:22:39 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2012.03.31 19:23:45 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2012.03.31 19:23:14 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2012.03.31 19:23:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2012.03.31 19:23:12 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2012.03.31 19:23:12 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2012.03.31 19:23:11 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2012.03.31 19:23:11 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2012.03.31 19:23:10 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2012.03.31 19:23:10 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2012.03.31 19:23:10 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2012.03.31 19:23:10 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2012.03.31 19:23:09 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2012.03.31 19:23:09 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2012.03.31 19:23:08 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[2012.03.31 19:21:41 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2012.03.31 19:21:41 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2012.03.31 19:21:41 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2012.03.16 00:48:52 | 000,000,158 | ---- | C] () -- C:\Windows\ricdb.ini
[2012.01.22 03:29:28 | 000,233,472 | R--- | C] () -- E:\Users\Lars\AppData\Roaming\MafiaSetup.exe
[2012.01.22 03:29:28 | 000,000,344 | ---- | C] () -- E:\Users\Lars\AppData\Roaming\psppirerc
[2012.01.22 03:16:35 | 000,122,880 | ---- | C] () -- E:\Users\Lars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.22 03:16:35 | 000,007,627 | ---- | C] () -- E:\Users\Lars\AppData\Local\Resmon.ResmonCfg
[2012.01.22 03:16:32 | 000,022,662 | ---- | C] () -- E:\Users\Lars\Expert2.lst
[2012.01.22 03:16:32 | 000,004,836 | ---- | C] () -- E:\Users\Lars\Expert2.dic
[2012.01.22 03:16:32 | 000,000,435 | ---- | C] () -- E:\Users\Lars\pspp.jnl
[2012.01.22 03:16:32 | 000,000,205 | ---- | C] () -- E:\Users\Lars\autosave_Lars.CP4
[2012.01.22 03:16:32 | 000,000,100 | ---- | C] () -- E:\Users\Lars\Expert2.prf
[2012.01.22 03:16:32 | 000,000,084 | ---- | C] () -- E:\Users\Lars\Lars_CPlan.Einstellungen
[2011.12.28 17:17:01 | 000,001,222 | ---- | C] () -- C:\Windows\eReg.dat
[2011.12.19 12:16:03 | 000,303,104 | ---- | C] () -- C:\Windows\Uninstall_tkexe.exe
[2011.10.22 16:35:17 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 15.06.2013 16:08:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Users\Lars\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,85% Memory free
5,99 Gb Paging File | 4,92 Gb Available in Paging File | 82,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,11 Gb Total Space | 9,06 Gb Free Space | 23,76% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 24,67 Gb Free Space | 16,55% Space Free | Partition Type: NTFS
Drive E: | 100,10 Gb Total Space | 35,13 Gb Free Space | 35,10% Space Free | Partition Type: NTFS
 
Computer Name: LARS-PC | User Name: Lars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-207272529-1978318306-672765162-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Programme\Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09A2F85B-2A58-4373-9530-1E3D60AD5CB0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{0BF5DA1D-B91E-436B-8AF8-20F2128F15F0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{0FA5E9EF-0F97-41E1-B3AF-5FEB4196957B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{258E049D-0498-4176-A3E5-917B489BBDC3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2A3D2CDE-1203-4420-B915-0BBA479C05E9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3D73075B-F426-4C2A-903D-54ABFCC3025B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{41C3913E-7E49-4251-ADC4-600DB657198F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4296FB95-3EA7-4AD6-8C5F-1C01BF0FDA60}" = lport=445 | protocol=6 | dir=in | app=system | 
"{465CBB65-C546-44EF-BB55-8FD1EB3CC316}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4D8AA8DE-AEBE-4629-B08E-F7589522ACF9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4EAE50A2-BEC5-44F9-BD1A-F6C0A809D150}" = lport=137 | protocol=17 | dir=in | app=system | 
"{564F8EE0-4261-4712-AC5D-DD4B8E484750}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{578B9C41-C41D-4003-83B4-DA0B65CC4400}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{738828E0-9A57-4DC2-86B4-E92C3F78ADBB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{77F159CA-DB19-4DFA-9DEE-D7409819597E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7A18D44E-45B2-4C7B-87DC-7A3EC5A89925}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{867888A9-010E-418E-9BC3-A372A6FA24DA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8FA57F23-B0BB-47CE-8B71-7D1D8279F196}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{9447F7E2-16D1-4B0C-B9A2-7169F0D2916E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9A14F1DD-7B94-4EFB-96EE-C546A6C00CBB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9ADAE405-F91D-467F-9336-9931748BA8D8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe | 
"{A04CA820-5B90-48DD-AEAA-1AA3928970C7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A47C1482-26F7-4E6A-9DCC-A274DD6D1363}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A9C6821E-BE92-453B-BD25-A1585DB21CB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A9FFF31B-E858-4DA5-ABB3-AFB4762834C6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AAE3FF24-0D06-4E18-878F-9F0718B95E4B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{C8B35F0C-3590-469D-9916-9724F1E9A677}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{CA548CBC-5E28-47CD-9E68-9861CA6EE2BF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CE1D325C-889C-4B34-ABB7-3964CFAA35F4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D118E506-0ECA-46A4-B2DD-2B01E0A88172}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D867224E-7A85-4D93-B326-22FE88AF227F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DC111A8F-EA2C-4CE9-9AB6-AB4477BFE1FF}" = lport=6004 | protocol=17 | dir=in | app=d:\programme\office\office14\outlook.exe | 
"{DDC1A5E4-E9B9-4F57-AA93-617D8EC147A5}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{DF9754DA-ECEB-410D-95F8-C6B702AFD99D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F0279360-1C3A-4804-95B0-0B6803E6632A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F30D813F-BFA3-466B-AFB8-BF2E37AC34C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FF2868C7-DB48-496C-B895-995E62741874}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017E08A5-25F8-4CB5-B44B-D249455F34CD}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe | 
"{01B898D3-0DC4-460D-AF1D-BAB7120808CC}" = protocol=6 | dir=out | app=system | 
"{04642BB5-7B75-415F-B570-86631A35FAF3}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dirt showdown\showdown.exe | 
"{06CFDEE2-C72F-4141-9B99-F22DD3E91593}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"{08871514-1059-43BD-914E-76DCEA85D2D5}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\hearts of iron 2 demo\hoi2-demo.exe | 
"{094A3B41-2665-4746-B4ED-579E313B1674}" = dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe | 
"{1182F356-2268-43B3-A115-51E387DCCB0E}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{15B28022-D9F7-42F2-9ED9-6C0EBA8F9281}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe | 
"{18F53CBB-6A22-4A4C-A1B7-ABFC0098E1FF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1986B5FF-3E21-4DDC-B219-61F894B40DE5}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{1ECFA0DB-F2A8-4B71-8E5A-057539671EB9}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 
"{23F6711C-3486-4C3E-8E9C-49968030C902}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{27C4E286-3A26-443B-A676-A372E75703EA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2AA4EF04-34F2-4C88-BCD5-2A0A4EA45CC7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{2C07F3F7-4A60-4B08-9677-E854C4E41759}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe | 
"{34D4B4AE-CCB3-494E-B1F6-EF5588BB48D5}" = protocol=6 | dir=in | app=e:\users\lars\appdata\roaming\icqm\icq.exe | 
"{3C4A9FBA-44E6-46EB-BD90-FD146B30C4C7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{3D2BAF05-AA89-4D81-9833-E76B936D062B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe | 
"{3DC41BC0-BB47-4B43-9A23-EA2BECAABDFE}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{3DF0B068-A15C-48D6-A430-DD0E01B6AFDB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3F8F23C1-D415-490A-9843-4256D2C39A3F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{417BB1A1-E5A8-418C-9A39-3151EA7B4B92}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{422DA043-62D9-43C3-95E4-6E6108D8A472}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\pcmservice.exe | 
"{42338E8C-CDE1-4E2E-A029-319592D2A8C6}" = dir=in | app=c:\windows\system32\lxducoms.exe | 
"{43C9B8F0-A2EE-40A2-8021-1462F447EFA4}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\cities in motion\cities in motion.exe | 
"{4424F836-3EE0-48DE-B536-E2FB8DEADC43}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{45BA2588-A8CD-401C-AD02-FC4910D76FED}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{48B54F7B-3600-449C-9CFB-D3FE4A3B62A1}" = dir=in | app=c:\windows\system32\lxducoms.exe | 
"{491AEEA2-BA60-46E1-AC74-BFF1824E778F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4B30F624-19B2-4F7E-AA20-DA15327CDBD1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4B628258-BC24-4696-B69D-A99458BF42E1}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 
"{4E28D7B1-8F10-47CA-8C95-54D67F904D16}" = protocol=17 | dir=in | app=d:\programme\office\office14\onenote.exe | 
"{4E51B4E2-5E59-4D0C-AF39-39E7D2FC8D28}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe | 
"{5651B171-2A06-4543-8A01-D3847E7A9CE8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{579714E4-C613-49AF-A80C-FA896F25073E}" = dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdutime.exe | 
"{57E8EA84-9C9C-43D8-9863-6DFB4C3B5727}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{593A3BDF-2953-4972-994D-33331A35B727}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe | 
"{598DDF06-A702-4F4E-90E8-CF9FC955910C}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\powercinema.exe | 
"{63A0AD45-327C-442A-B02B-F3DFC494507E}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{63D65068-8A6C-4CDF-A6DB-56FC524CA417}" = dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe | 
"{6480238F-87E0-421B-A96E-A9A2F4681992}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{67E28677-DAC4-4AAE-AC9F-E77EF7D814C9}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{6962139B-F4D4-44CB-A1BC-103BB5E21BCF}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\zombie driver\release\zombiedriver.exe | 
"{6BE27F54-B606-4FF6-B32F-6E0E206520A1}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{6D93C572-90AA-45CF-B212-9A5AE551EED9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6D95BBC5-4713-4154-87C7-5231129906D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7092017C-EB66-4237-868B-BE26F7E2FF1D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{716E44AE-DAA6-46C1-96E8-3B8A21F041A5}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{758D6D27-AEBC-4350-B918-F6A7767441B5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{768B7C71-7444-4F21-A773-0A834CE8DDF3}" = dir=in | app=c:\program files\acer arcade deluxe\arcade movie\touchmovieservice.exe | 
"{7832BDFF-3863-4F81-95AB-A087B29D0B2C}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe | 
"{7B20E114-B0C5-455F-8EE9-2BC9F892B273}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{7BB6EFCF-3A40-4F46-B5B9-304098822815}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{7DAA7807-4C47-4A7A-B7E7-1D5E9D35273D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7E05DBAA-654D-4E46-95D7-BE4B1E7B9A3F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\swordsandsoldiershd\swords and soldiers launcher.exe | 
"{82003AC1-8883-4AEA-A68C-4900C8F53E44}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe | 
"{8430F76C-8182-46D9-9060-75A161FF3B8F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{86DA3707-2895-4709-A8F7-215665E042C0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8982B25A-29F7-4D04-A279-AB9915EF73D0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{89D364CB-C645-4FA3-8437-3E77FD267EE2}" = protocol=6 | dir=in | app=d:\programme\office\office14\onenote.exe | 
"{8A2ABF35-05A5-43BA-900D-27075AC7D640}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{8F5EA7BD-2E93-41E9-BF03-0D388AEBBC8B}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{8F6F7CB8-1A2A-4D07-A447-4A64993FD0CE}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\anno4.exe | 
"{901B52DD-597A-41CF-8F52-F22436C45ECA}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe | 
"{915C9780-86F1-497A-9529-43EB224D8CEA}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\anno4.exe | 
"{91A9634A-8963-4DD6-B496-91B4AA393712}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{98FCDBA8-A8BA-4460-9550-3EDCFE09949F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\zombie driver\release\zombiedriver.exe | 
"{9988F90B-1B96-4B84-AD30-8A8DCFB1C1CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9D6D1E85-A5BE-4DB7-9FA1-30205E90E9CC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{9DFEFA8B-D543-4124-8458-A1B5929A6F70}" = protocol=6 | dir=in | app=e:\users\lars\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A4583B31-B4A1-4AB3-B321-54AEA1E6BECE}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe | 
"{A7B5D4F3-6C51-4E9D-9C74-8C296E6AC24B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A7D36939-F8AD-45E9-BB4F-F65B5AC38A2F}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe | 
"{A7D723F3-DB62-44DE-AA34-910C5A1A3F71}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A8A20D4E-270F-480D-BC93-E3303F194DDF}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\swordsandsoldiershd\swords and soldiers launcher.exe | 
"{A8DDE2A1-D072-4C35-9123-C7D6759B32E7}" = protocol=17 | dir=in | app=e:\users\lars\appdata\roaming\icqm\icq.exe | 
"{AAB4CA2D-CCF7-44E4-8210-DA74EC635743}" = protocol=17 | dir=in | app=e:\users\lars\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B0B803FF-6594-46A2-993F-CC8C7AB923D4}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe | 
"{B155836E-D160-496C-87D0-E550C8ED2EE2}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{B537F8AE-F265-4935-9FA3-B2F20C867898}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B63C8176-F5CE-459B-A9F8-F58CBE56B150}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B6778D46-B466-4677-A06B-68C809937DAF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{B9425CEE-1CBB-4922-9558-56ED89B66137}" = dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdutime.exe | 
"{BB0AF433-BF86-4E47-B469-705C72939734}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBBD0DE3-DD38-431D-80F4-6A76EFCEC67E}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\ai war fleet command\aiwar.exe | 
"{BFB0A018-93EB-4B20-885C-E0CD83E6820A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C1A184B7-01BE-4CF3-9A34-F1353EE5F5DB}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\hearts of iron 2 demo\hoi2-demo.exe | 
"{C3143968-9437-4A86-8621-6969B5BE6FD4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{C31FC931-435A-4A73-97D3-F3C668BAF700}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{C348262F-EA4F-432F-80B9-7D9B903A7005}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CB76C0DB-D302-4810-97A8-045D208760A0}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{D31C8D57-37F1-4111-ABB4-8593F66A6776}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D748E2FA-3296-414C-B9B5-D91AFC6D2C47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D95B5883-A354-4458-A6B0-622A60B87266}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{DC3315D0-9300-4405-96F0-D508773F5743}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{DD27E379-3163-4B2F-B4A1-BDF9787C9DCE}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\ai war fleet command\aiwar.exe | 
"{DEA124EB-CEA7-4168-9ABE-82A74CAC04E4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{DEC7E155-091F-4F1E-B466-1B6D1F56E98F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\cities in motion\cities in motion.exe | 
"{E0ED372E-C250-4716-9411-7C222814FA0F}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"{E6FC86C8-0386-41D0-A883-00FD564FCC46}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dirt showdown\showdown.exe | 
"{E87F8BA9-F5FD-423D-88A4-BDB9AF4B44BC}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"{E9743412-585E-4217-9199-3F4C022AD03F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E9C352DF-0D03-4A96-AA77-F810B76FCC39}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{E9E3E96B-4726-43F8-978C-1A95E77C18FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EA6F2F0C-E64B-4CD8-B875-CF2DDAD65B83}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe | 
"{EC0215C1-F9B6-45F3-80F8-EE1FFA512D23}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{EC9D5FD1-FEBF-479E-98E0-ADD187998081}" = dir=in | app=c:\program files\acer arcade deluxe\arcade movie\touchmovie.exe | 
"{ED8EBE6D-2E4F-4EFB-88C2-85181B5B96A9}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{EF1EEE42-6A9D-4DD6-8E72-5E098E2C81CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F21227FE-3D3F-456E-8175-486A3A63EC95}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F268220B-EE8F-448F-933E-FB57BF5D9B24}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{F5185672-9E64-4604-9780-744A4FCA6CCF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F722C818-C162-49B6-A79F-7E150D075A88}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe | 
"{FA4F56A3-D099-4442-993C-2B4B4A372D6D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FBF0C077-15A3-48F0-AAC3-2980EE730CD3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{05ADD1E0-7998-4E4E-B981-A4BFADEDC923}D:\spiele\free civ\freeciv-gtk2.exe" = protocol=6 | dir=in | app=d:\spiele\free civ\freeciv-gtk2.exe | 
"TCP Query User{0C34B85D-4B8D-4BB5-A016-1ED2D4AB4BAB}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{1007776B-0047-49C4-AF6C-D9682BFD322C}C:\program files\zoiper\zoiper.exe" = protocol=6 | dir=in | app=c:\program files\zoiper\zoiper.exe | 
"TCP Query User{12BEAE2D-669F-4F39-84A4-55B900C560D1}D:\spiele\free civ\freeciv-server.exe" = protocol=6 | dir=in | app=d:\spiele\free civ\freeciv-server.exe | 
"TCP Query User{19820660-825C-4B87-AA8F-87C822F67912}C:\program files\zoiper\zoiper.exe" = protocol=6 | dir=in | app=c:\program files\zoiper\zoiper.exe | 
"TCP Query User{20A5A243-9DA8-4A25-9AD1-8C9196598125}D:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe | 
"TCP Query User{220128F6-E063-43B9-9CD3-1965FD28A39B}D:\spiele\stronghold\stronghold.exe" = protocol=6 | dir=in | app=d:\spiele\stronghold\stronghold.exe | 
"TCP Query User{24352B65-9F8E-47EB-B17B-D9F283E911C7}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{2D5CCF05-8D77-4E3C-B8FB-05D4C29EC377}C:\program files\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe | 
"TCP Query User{30867C49-EE7C-4C26-9D6F-DA8124A9978E}D:\spiele\free civ\freeciv-server.exe" = protocol=6 | dir=in | app=d:\spiele\free civ\freeciv-server.exe | 
"TCP Query User{3444704C-3A08-4AA8-A8F8-C89B50330DB8}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{3678A9CC-54C9-4BF3-831A-08A83AA19146}D:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe | 
"TCP Query User{3FEFF322-9C80-4EEB-8A3A-6AC1A3779450}D:\spiele\anno 1602\anno1602\1602.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1602\anno1602\1602.exe | 
"TCP Query User{4098C323-7A07-46A3-A2F7-285387C333E0}E:\users\lars\desktop\neuer ordner\wechseldatenträger\age of empires ii\age of empires no cd crack.exe" = protocol=6 | dir=in | app=e:\users\lars\desktop\neuer ordner\wechseldatenträger\age of empires ii\age of empires no cd crack.exe | 
"TCP Query User{4A58D0A2-3812-4F72-801A-85AA0673AB9A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{4B144490-6D20-4F90-9372-FF4CE971C581}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{5053B4F9-B273-461F-AC9A-531353D6B3BD}D:\spiele\railroad tycoon 3\rt3.exe" = protocol=6 | dir=in | app=d:\spiele\railroad tycoon 3\rt3.exe | 
"TCP Query User{55FA54C6-1180-451D-BE83-BB13DF9C1F31}D:\games\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\games\flatout2\flatout2.exe | 
"TCP Query User{5BF69BD6-EFD7-40C3-81E2-EB6737E82777}E:\users\lars\desktop\neuer ordner\wechseldatenträger\flatout2\flatout2.exe" = protocol=6 | dir=in | app=e:\users\lars\desktop\neuer ordner\wechseldatenträger\flatout2\flatout2.exe | 
"TCP Query User{5DC4BA20-9458-4579-8519-8971C863991A}D:\spiele\age of empires\age of empires ii\age of empires no cd crack.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires\age of empires ii\age of empires no cd crack.exe | 
"TCP Query User{61481F57-BD25-466E-9C5C-9D4A6B86C0E7}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{734023F5-D2FD-4E78-BE09-E94AA42DFEB7}D:\spiele\age of empires\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires\age of empires ii\empires2.exe | 
"TCP Query User{7823ED54-0B50-4BC2-8387-32FFFC00B1E8}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{7D71D35D-824C-4DAA-A1DB-84518C5A4B6E}D:\spiele\world racing\wr_multiplayer_lounge.exe" = protocol=6 | dir=in | app=d:\spiele\world racing\wr_multiplayer_lounge.exe | 
"TCP Query User{7E3D1CB6-EF9B-49D4-BC34-DE018609505E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{9C573E36-C1C4-4B64-B273-667AA8958D8F}D:\spiele\age of empires\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{A01F71E2-FFAD-4646-B01E-BF1B50CB5516}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{A0BB1D38-8900-4FAC-9C31-9D4CE7D82888}D:\spiele\s.w.i.n.e\swine.exe" = protocol=6 | dir=in | app=d:\spiele\s.w.i.n.e\swine.exe | 
"TCP Query User{A73AF5E8-78C7-49AD-A254-B95FDE37016F}D:\spiele\age of empires\age of empires i\empiresx.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires\age of empires i\empiresx.exe | 
"TCP Query User{AF4475F6-1F0F-4A95-82C2-0A966C5DD26A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{B34106FB-61DE-4269-A6FD-F5BD69FDA58B}E:\lars\download\jperf-2.0.2\bin\iperf.exe" = protocol=6 | dir=in | app=e:\lars\download\jperf-2.0.2\bin\iperf.exe | 
"TCP Query User{B498654C-6A5B-48B9-915E-7C69CE842570}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{C8AF94B1-A34C-4723-8944-0AB362D105EA}D:\spiele\railroad tycoon 3\rt3.exe" = protocol=6 | dir=in | app=d:\spiele\railroad tycoon 3\rt3.exe | 
"TCP Query User{D3B1D8D5-4DE7-424C-AE1F-09D94FD89ADE}G:\age of empires ii\age of empires no cd crack.exe" = protocol=6 | dir=in | app=g:\age of empires ii\age of empires no cd crack.exe | 
"TCP Query User{DABC9BAE-D9E9-4EE5-940B-8D82717130FB}E:\users\lars\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=e:\users\lars\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{DC4D4445-D4E5-424C-919A-F287102AA591}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{DF56F18D-8B26-408E-B7C6-1B437520B236}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"TCP Query User{E09263C9-1CD2-4CC2-A9E0-90888DD47C06}D:\spiele\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires ii\empires2.exe | 
"TCP Query User{EBBEF22C-AA32-4510-9F45-B20DD250370F}D:\spiele\age of empires\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires\age of empires ii\empires2.exe | 
"TCP Query User{F289FB57-A9AC-43CD-A04C-7FC58BF9BAF1}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"TCP Query User{F5ECB294-40C8-408D-9DCD-126A0FD1CCDB}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{FD835349-C7B5-4E29-9A68-9F4B1E8891B4}D:\spiele\world racing\mbwr_pc.exe" = protocol=6 | dir=in | app=d:\spiele\world racing\mbwr_pc.exe | 
"UDP Query User{10176719-0CD2-4F33-B2D1-AA4C423E27F7}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{1952CC7D-5495-4676-BACD-E64D46121067}D:\games\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\games\flatout2\flatout2.exe | 
"UDP Query User{1EAF0533-6EAD-4204-A305-7B26B432C4AF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{1F466E28-0495-49BE-B19F-64708ED1F077}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{278ABEF7-24E5-4466-BBBD-76CDF4284C12}D:\spiele\free civ\freeciv-gtk2.exe" = protocol=17 | dir=in | app=d:\spiele\free civ\freeciv-gtk2.exe | 
"UDP Query User{2F95C1FA-131F-4C61-AEC0-3EC84E123DAB}C:\program files\zoiper\zoiper.exe" = protocol=17 | dir=in | app=c:\program files\zoiper\zoiper.exe | 
"UDP Query User{3AF31776-58B8-4727-86FC-ECA60D6BFFCF}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{3BD927CE-00F1-405F-8966-919627343376}D:\spiele\free civ\freeciv-server.exe" = protocol=17 | dir=in | app=d:\spiele\free civ\freeciv-server.exe | 
"UDP Query User{43BE8078-7BBF-482F-9026-BA961B8C0BB4}D:\spiele\s.w.i.n.e\swine.exe" = protocol=17 | dir=in | app=d:\spiele\s.w.i.n.e\swine.exe | 
"UDP Query User{497D196E-979B-4117-91B7-ECB9C03CF4AD}D:\spiele\world racing\mbwr_pc.exe" = protocol=17 | dir=in | app=d:\spiele\world racing\mbwr_pc.exe | 
"UDP Query User{4E60DA83-1C3C-4541-8BFE-692FA68E2175}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{5576F4E0-29E3-4638-A3AB-A35D1C06116A}E:\users\lars\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=e:\users\lars\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{592C47F0-B668-4124-9165-29293A3887AB}E:\lars\download\jperf-2.0.2\bin\iperf.exe" = protocol=17 | dir=in | app=e:\lars\download\jperf-2.0.2\bin\iperf.exe | 
"UDP Query User{5973BF25-FA0A-4220-80C1-7800DA76E817}D:\spiele\stronghold\stronghold.exe" = protocol=17 | dir=in | app=d:\spiele\stronghold\stronghold.exe | 
"UDP Query User{5E122D16-CB37-4DAA-AA41-FC9F7FCE5375}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"UDP Query User{5EBE8166-3551-4AC1-9B7F-3CF6722F67D0}D:\spiele\anno 1602\anno1602\1602.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1602\anno1602\1602.exe | 
"UDP Query User{63321E86-B42C-4828-9576-4833F7AA8817}E:\users\lars\desktop\neuer ordner\wechseldatenträger\flatout2\flatout2.exe" = protocol=17 | dir=in | app=e:\users\lars\desktop\neuer ordner\wechseldatenträger\flatout2\flatout2.exe | 
"UDP Query User{697B8AD6-B85B-4DE2-9DB9-AFF88654FCD9}G:\age of empires ii\age of empires no cd crack.exe" = protocol=17 | dir=in | app=g:\age of empires ii\age of empires no cd crack.exe | 
"UDP Query User{6FC2FDE7-6B93-49F1-B603-23F3A24F828B}D:\spiele\age of empires\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires\age of empires ii\empires2.exe | 
"UDP Query User{77090AB4-FB6F-4E26-9FAC-0BC24F5AAC43}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{7FF0D0C7-C91A-4FAF-8E1D-99948969084E}E:\users\lars\desktop\neuer ordner\wechseldatenträger\age of empires ii\age of empires no cd crack.exe" = protocol=17 | dir=in | app=e:\users\lars\desktop\neuer ordner\wechseldatenträger\age of empires ii\age of empires no cd crack.exe | 
"UDP Query User{81515353-BC52-4DDA-AEA8-D603C3458454}D:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe | 
"UDP Query User{8A517AC6-4FB0-4236-9963-1B1FF80632E0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{8FBAB4A8-E96F-4F38-98DA-BB0F583E2923}D:\spiele\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires ii\empires2.exe | 
"UDP Query User{970E178F-687F-4AE0-8156-51E5D64D70A5}D:\spiele\age of empires\age of empires i\empiresx.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires\age of empires i\empiresx.exe | 
"UDP Query User{A20A70A9-F74F-4A79-BFBA-73F0605D9627}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{AB5847F6-8EE9-4AD4-A01B-9358FAFDE8CB}D:\spiele\age of empires\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires\age of empires ii\empires2.exe | 
"UDP Query User{B282E529-89F2-4207-A74F-E33CD1733146}C:\program files\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe | 
"UDP Query User{B312078D-67A9-4875-94F5-26360EFADD2C}D:\spiele\world racing\wr_multiplayer_lounge.exe" = protocol=17 | dir=in | app=d:\spiele\world racing\wr_multiplayer_lounge.exe | 
"UDP Query User{C3970C6F-4F4A-41D3-BF9D-B111191C4D8D}C:\program files\zoiper\zoiper.exe" = protocol=17 | dir=in | app=c:\program files\zoiper\zoiper.exe | 
"UDP Query User{C5013D7F-E9AF-4159-819D-0765C5D18EBC}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{C9D6D8F4-93F4-4F51-B0D5-E34ED13536DC}D:\spiele\age of empires\age of empires ii\age of empires no cd crack.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires\age of empires ii\age of empires no cd crack.exe | 
"UDP Query User{CCDBE437-8DE2-4A5E-B438-34DE34D750BF}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{CE1684E4-EBD5-4C14-829C-41D80898AA90}D:\spiele\age of empires\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{CF963F56-BF53-4DB1-A683-EDAC944EC142}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{D8C4500B-9E33-4C64-81FC-67622EAE335B}D:\spiele\railroad tycoon 3\rt3.exe" = protocol=17 | dir=in | app=d:\spiele\railroad tycoon 3\rt3.exe | 
"UDP Query User{DFA74450-2C3F-4666-B875-B612271959F6}D:\spiele\free civ\freeciv-server.exe" = protocol=17 | dir=in | app=d:\spiele\free civ\freeciv-server.exe | 
"UDP Query User{E05FD1B7-B4C7-43D2-A146-95EEF9FCBFD4}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{EACD3CF5-EC3F-4F2C-94C8-E4868326D041}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{F2C064A7-7A26-4B24-B92F-CDE351D149AE}D:\spiele\railroad tycoon 3\rt3.exe" = protocol=17 | dir=in | app=d:\spiele\railroad tycoon 3\rt3.exe | 
"UDP Query User{F88FF66D-4710-4ED3-9E0F-D655F2CE3183}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"UDP Query User{FDF06865-D669-465A-AEEF-6FE6DAF832C4}D:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{017E65B1-7484-461A-B16F-7C931166083B}" = Die Sims - Hot Date
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{0C808377-8C23-44ED-9016-05F42E6D4900}" = Nokia Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25F61E72-AAA4-4607-95D2-1E5139C98FFB}" = Nokia_Multimedia_Common_Components_2_5
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2806ECD7-D23E-45D7-A918-D6E5EA1C4D8E}" = S.W.I.N.E.
"{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE9EBE85-F0BA-476B-8BC9-B9705918C823}" = Free SystemUtilities
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D774186B-031F-4186-BC4D-B256B9831B85}" = AVG 2013
"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F2485BF4-830D-4D7F-B553-3B125CCFB255}" = Codename: Panzers Cold War
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{f8cd9221-848c-45fb-a509-fa75dea3a22f}" = Free System Utilities
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"AVG" = AVG 2013
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Caesar 3" = Caesar 3
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.2
"Earth 2160" = Earth 2160
"EAX Unified" = EAX Unified
"EPSON Scanner" = EPSON Scan
"EPSON WP-4535 Series" = EPSON WP-4535 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"Freeciv-2.3.2-gtk2" = Freeciv 2.3.2 (GTK+ client)
"GIMP-2_is1" = GIMP 2.8.4
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"IrfanView" = IrfanView (remove only)
"Jagged Alliance 2" = Jagged Alliance 2
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"LManager" = Launch Manager
"Loksim3D_is1" = Loksim3D
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenTTD" = OpenTTD 1.0.4
"Opera 12.15.1748" = Opera 12.15
"PaperCut NG Client_is1" = PaperCut NG Client 10.7
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Secure Eraser_is1" = Secure Eraser
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.2 for Windows
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SP6" = Logitech SetPoint 6.32
"SpeedFan" = SpeedFan (remove only)
"Steam App 201700" = DiRT Showdown
"Steam App 22170" = Hearts of Iron II Demo
"Steam App 31410" = Zombie Driver
"Steam App 40400" = AI War: Fleet Command
"Steam App 50130" = Mafia II
"Steam App 63500" = Swords and Soldiers HD
"Steam App 73010" = Cities in Motion
"Sweet Home 3D_is1" = Sweet Home 3D version 2.6
"TmNationsForever_is1" = TmNationsForever
"Trillian" = Trillian
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
"Zoiper" = Zoiper
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-207272529-1978318306-672765162-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 15.06.2013 09:44:39 | Computer Name = Lars-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::OnTaskbarCreated File: .\mainfrm.cpp Line: 639
Invoked
 Function: redisplayIcon Return Code: -33554425 (0xFE000007) Description: GLOBAL_ERROR_NOT_INITIALIZED

 
Error - 15.06.2013 09:48:07 | Computer Name = Lars-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 Eine vorhandene Verbindung wurde vom Remotehost geschlossen.   
 
Error - 15.06.2013 09:48:07 | Computer Name = Lars-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown 
 
Error - 15.06.2013 09:48:07 | Computer Name = Lars-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 15.06.2013 09:48:07 | Computer Name = Lars-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 15.06.2013 09:48:07 | Computer Name = Lars-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen.   
 
Error - 15.06.2013 09:48:07 | Computer Name = Lars-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 15.06.2013 10:04:39 | Computer Name = Lars-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 15.06.2013 10:04:44 | Computer Name = Lars-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 15.06.2013 10:04:45 | Computer Name = Lars-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1086 NULL object. Cannot establish a connection at this time.
 
[ System Events ]
Error - 15.06.2013 10:03:28 | Computer Name = Lars-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "0" in 
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie 
sich beim Hersteller des Computers nach aktualisierter Firmware.
 
Error - 15.06.2013 10:03:28 | Computer Name = Lars-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 35
Description = Die Energieverwaltungsfeatures für Leistung des Prozessors "1" in 
der Gruppe "0" sind aufgrund eines Firmwareproblems deaktiviert. Erkundigen Sie 
sich beim Hersteller des Computers nach aktualisierter Firmware.
 
Error - 15.06.2013 10:03:52 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 lxduCATSCustConnectService erreicht.
 
Error - 15.06.2013 10:03:52 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 15.06.2013 10:05:00 | Computer Name = Lars-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

Vielen Dank für die weitere Unterstützung!

cosinus · 15.06.2013, 15:51

Zitat:

d:\spiele\age of empires\age of empires ii\age of empires no cd crack.exe

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

Verbraucher · 15.06.2013, 17:01

Wie kommt der den da hin?

Kurz zur Verteidigung/Erläuterung. Ich besitze natürlich die Originalversion dieser Software. Hierbei handelt es sich um die "Collector's Edition von Age of Empires". Bestehend aus AoE 1 + AoE 2 + entsprechende Erweiterungen.

Warum findet sich dann ein Crack auf meiner Festplatte?

Der Grund liegt bei einem Freund. Dieser besitzt legal eine andere Version von Age of Empires 2 nämlich "Age of Empires 2: Gold Edition".

Jetzt spielen wir beide gerne Age of Empires 2 gegen einander im Netzwerk. Leider verweigern unsere beiden Versionen die Zusammenarbeit. Damit wir trotzdem spielen können, nutzen wir den Crack. Eine Schuld ist uns nicht bewusst, da wir den Crack nicht nutzen, um illegal erworbene Software zu nutzen, sondern um legal erworbene Software verwenden zu können. Somit handelt es sich hierbei aus meiner Sicht um einen Patch, um eine legale Software richtig nutzen zu können.

Ich hoffe, dass ihr daher bei mir eine Ausnahme macht und mir trotzdem weiter helft.

vG

cosinus · 17.06.2013, 10:00

Zitat:

Somit handelt es sich hierbei aus meiner Sicht um einen Patch, um eine legale Software richtig nutzen zu können.

Auch ein NoCD-Crack ist ein Crack, wenn wir hier sowas sehen gibt es nur Hilfe bei der Datensicherung und Neuinstallation des Rechners

Verbraucher · 17.06.2013, 10:48

Schade, aber mit euren Regeln muss ich leben. Ich hatte den extra noch gelöscht, aber ihr habt ihn wieder ausgegraben...
Soll ich evtl. Fragen zur Neuinstallation direkt in diesem Thread stellen, oder sind diese wo anders besser aufgehoben?

Wärst du vielleicht so freundlich und siehst in die Kristallkugel

, wie schlimm ich befallen bin. Sprich sollte ich sofort meinen Rechner neu machen, oder hat dies bis Anfang August Zeit, ohne dass mein Rechner und/oder Daten weiteren Schaden nehmen.

Immerhin finden sowohl ESET, AVG und Malewarebytes zur Zeit nichts.

Mit freundlichen Grüßen und vielen Dank für die weitere Hilfe

cosinus · 17.06.2013, 11:11

Zitat:

Ich hatte den extra noch gelöscht, aber ihr habt ihn wieder ausgegraben...

Bitte?

Was haben wir hier ausgegraben?
Wenn du deine Logs mit Cracks zeigt, haben wir das nicht ausgegraben

ESETLog:Win32/OpenCandy Anwendung; Win32/Toolbar.Zugo Anwendung; Var. von: Win32/Bundled.Toolbar.Ask Anwendung; Win32/Injector.AIBG Trojaner

Log-Analyse und Auswertung: ESETLog:Win32/OpenCandy Anwendung; Win32/Toolbar.Zugo Anwendung; Var. von: Win32/Bundled.Toolbar.Ask Anwendung; Win32/Injector.AIBG Trojaner