|
Log-Analyse und Auswertung: Polizei-Trojaner Win7 x64Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
01.01.2013, 18:02 | #1 |
| Polizei-Trojaner Win7 x64 Hallo, am 21.12.12 habe ich eine file gedownloaded als keygen. Nach dem Öffnen erschien der bereits bekannte Polizei-Trojaner. Ich hatte keine Möglichkeit zu agieren außer Ein und Ausschalten des Notebooks. Nach Starten im Abgesicherten Modus war es mir möglich zu agieren, habe ich den Malewarebytes scan laut Anleitung zum Loswerden des Verschlüsselungstrojaners durchgeführt. Weiters habe ich bemerkt, das einige Datei auf meinem Desktop andere Symbole als vor dem Auftauchen des Trojaners tragen und nach Anklicken den Trojaner starten. Ich habe weiters die Schritte zum Scan meines Systems (OTL, etc.) durchgeführt. Hier meine Logfiles von OTL und Extra: Code:
ATTFilter OTL logfile created on: 01.01.2013 16:15:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: *** | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,63% Memory free 5,99 Gb Paging File | 4,66 Gb Available in Paging File | 77,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287,95 Gb Total Space | 152,15 Gb Free Space | 52,84% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,11 Gb Free Space | 51,08% Space Free | Partition Type: NTFS Drive F: | 346,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.01 16:01:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.10.28 11:51:19 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.10.11 08:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.10.11 08:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.10.03 14:51:04 | 000,725,400 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.10.03 14:50:46 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.31 15:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.08.21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011.01.28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\pg_ctl.exe PRC - [2011.01.28 06:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\postgres.exe ========== Modules (No Company Name) ========== MOD - [2012.11.15 11:37:54 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\ad81026776fce15ca95b5d24700f588f\System.ServiceProcess.ni.dll MOD - [2012.11.15 11:37:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65cbb9191c505c1a4543971d8d9a29ef\System.Runtime.Remoting.ni.dll MOD - [2012.11.15 03:43:22 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2b693062263360f48e7f9a5307bdd49e\System.Xaml.ni.dll MOD - [2012.11.15 03:25:24 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1283c31016c55e1417bea5be8a5aa6b7\PresentationFramework.ni.dll MOD - [2012.11.15 03:25:02 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ef471959d0869308ddeb5899c30753c5\PresentationCore.ni.dll MOD - [2012.11.15 03:24:45 | 003,880,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f2b33a0cacee1a8b16a1cb75e6b48ae3\WindowsBase.ni.dll MOD - [2012.11.15 03:18:51 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ff7d2ccac9623b009cf0b310f44c14b3\System.Configuration.ni.dll MOD - [2012.11.15 03:18:41 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3aa55846424ac3562c9c4719e356d5c2\System.Xml.ni.dll MOD - [2012.11.15 03:18:26 | 007,053,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\984dd13b0ef822c9c79271b5c309b7a1\System.Core.ni.dll MOD - [2012.11.15 03:18:15 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\551ff4adc88e19e4ff78ecdb39c4230b\System.ni.dll MOD - [2012.11.15 03:18:07 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\031abbfbd476fdc0c392160b67f2c662\mscorlib.ni.dll MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.12 17:34:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.05 21:18:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.03 14:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.31 15:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2011.01.28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- c:\postgreSQL\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.08.21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.08.21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.08.21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.08.21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.08.21 10:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.08.21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.06.27 14:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.15 09:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.07.09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.07 23:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2006.11.18 12:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2006.11.17 16:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D B5 A2 07 C2 44 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..extensions.enabledAddons: fbp%40fbpurity.com:8.0.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.10.14 11:48:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 21:18:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.08 21:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2012.12.14 14:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4y4aa8yq.default\extensions [2012.12.14 14:07:12 | 000,062,582 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4y4aa8yq.default\extensions\fbp@fbpurity.com.xpi [2012.12.05 21:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.05 21:18:29 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.01 17:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.10 09:31:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.01 17:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.01 17:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.01 17:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.01 17:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.26 15:10:30 | 000,000,861 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [CPN Notifier] C:\Program Files (x86)\PIVCAKE\PokerNotifier.exe File not found O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [Softonic for Windows] C:\Users\***\AppData\Local\Softonic\Softonic.exe (Softonic) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C1245CC-BE44-4F8B-830F-327533698757}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E2DB968-2B98-4109-886E-96BDCDE040F6}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93230C87-ACF9-4489-A867-05A9D4C7D219}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = "H:\Adobe CS5\Set-up.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.01 16:01:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.12.22 21:58:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.12.22 21:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.22 21:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.22 21:57:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.22 21:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.20 17:16:28 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop\desk [2012.12.14 14:33:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bulldog777 Poker [2012.12.14 14:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bulldog777 [2012.12.14 14:23:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Muchos Poker [2012.12.14 14:22:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps [2012.12.14 14:22:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Deployment [2012.12.07 02:08:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SimpleTV V03 [2012.12.07 02:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimpleTV [2012.12.07 02:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SimpleTV [2012.12.06 02:18:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\XBMC [2012.12.06 02:16:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC [2012.12.06 02:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBMC [2012.12.06 01:18:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PotPlayerMini64 [2012.12.06 01:18:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Daum [2012.12.06 01:18:16 | 000,000,000 | ---D | C] -- C:\Directx [2012.12.06 01:09:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum [2012.12.06 01:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum [2012.12.06 01:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\DAUM [2012.12.05 21:56:56 | 000,000,000 | ---D | C] -- C:\Users\***\Sleepy Hollow.1999.HDRip.x264.AAC[5.1]-VLiS [2012.12.05 21:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.04 14:03:56 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\VideoPad Projects [2012.12.04 13:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2012.12.04 13:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs [2012.12.04 13:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite [2012.12.04 13:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software [2012.12.04 13:00:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NCH Software ========== Files - Modified Within 30 Days ========== [2013.01.01 16:01:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.01 16:00:51 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.01 15:56:53 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.01 15:47:25 | 000,001,063 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.01 15:46:52 | 000,001,049 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk [2013.01.01 15:42:37 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.01 15:41:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.01 15:41:33 | 2414,325,760 | -HS- | M] () -- C:\hiberfil.sys [2012.12.23 10:24:09 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.23 10:24:09 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.23 10:18:16 | 004,973,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.23 10:03:20 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.23 10:03:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.22 21:57:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.22 21:53:02 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.12.22 21:52:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.12.18 02:33:39 | 000,026,672 | ---- | M] () -- C:\Users\***\Desktop\michael-appelt_ich.jpg [2012.12.17 23:39:24 | 000,022,642 | ---- | M] () -- C:\Users\***\Desktop\kata.jpg [2012.12.17 23:25:30 | 000,078,842 | ---- | M] () -- C:\Users\***\Desktop\christmas.jpg [2012.12.17 23:14:14 | 003,964,928 | ---- | M] () -- C:\Users\***\Desktop\Halloween Graz 31.10.2010 (29).JPG [2012.12.17 23:14:01 | 004,030,464 | ---- | M] () -- C:\Users\***\Desktop\Immanuel Wohnung Simons Graz besuch 06.12.2010 (1).JPG [2012.12.17 22:59:21 | 000,200,477 | ---- | M] () -- C:\Users\***\Desktop\pic.jpg [2012.12.17 22:56:54 | 000,645,806 | ---- | M] () -- C:\Users\***\Desktop\IMG_20121212_174415.jpg [2012.12.17 22:56:54 | 000,268,301 | ---- | M] () -- C:\Users\***\Desktop\IMG_20121217_225343.jpg [2012.12.17 22:56:17 | 000,914,173 | ---- | M] () -- C:\Users\***\Desktop\anhaenge.zip [2012.12.17 08:40:44 | 000,131,226 | ---- | M] () -- C:\Users\***\Desktop\bescheid stipendium phd.pdf [2012.12.14 14:33:37 | 000,001,895 | ---- | M] () -- C:\Users\***\Desktop\Bulldog777 Poker.lnk [2012.12.14 14:23:42 | 000,000,330 | ---- | M] () -- C:\Users\***\Desktop\Muchos App.appref-ms [2012.12.13 16:23:25 | 002,344,501 | ---- | M] () -- C:\Users\***\Desktop\20121213_162303.jpg [2012.12.11 22:26:19 | 000,248,813 | ---- | M] () -- C:\Users\***\Desktop\huntington.pdf [2012.12.09 18:13:16 | 000,189,474 | ---- | M] () -- C:\Users\***\Desktop\OBL_Miet-Wohnung Jahnstraße IBK.pdf [2012.12.08 01:04:31 | 000,001,037 | ---- | M] () -- C:\Users\***\Desktop\PotPlayer x64.lnk [2012.12.07 02:08:20 | 000,000,971 | ---- | M] () -- C:\Users\***\Desktop\SimpleTV.lnk [2012.12.06 13:24:56 | 000,004,934 | ---- | M] () -- C:\Users\***\Desktop\Studienblatt *** 2224 16.03.1987.pdf [2012.12.06 03:25:07 | 000,000,248 | ---- | M] () -- C:\Users\***\.swfinfo [2012.12.05 22:38:50 | 1311,572,829 | ---- | M] () -- C:\Users\***\Desktop\Sleepy Hollow.1999.HDRip.x264.AAC[5.1]-VLiS.mkv [2012.12.05 03:32:23 | 002,322,432 | ---- | M] () -- C:\Users\***\Desktop\fm4_ombudsmann_121123_215445.mp3 [2012.12.04 13:04:30 | 000,001,134 | ---- | M] () -- C:\Users\***\Desktop\VideoPad Video Editor.lnk ========== Files Created - No Company Name ========== [2013.01.01 16:00:51 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.01 15:56:51 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.12.22 21:57:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.22 21:53:02 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.12.18 02:33:35 | 000,026,672 | ---- | C] () -- C:\Users\***\Desktop\michael-appelt_ich.jpg [2012.12.17 23:39:18 | 000,022,642 | ---- | C] () -- C:\Users\***\Desktop\kata.jpg [2012.12.17 23:25:27 | 000,078,842 | ---- | C] () -- C:\Users\***\Desktop\christmas.jpg [2012.12.17 23:12:34 | 003,964,928 | ---- | C] () -- C:\Users\***\Desktop\Halloween Graz 31.10.2010 (29).JPG [2012.12.17 23:12:30 | 004,030,464 | ---- | C] () -- C:\Users\***\Desktop\Immanuel Wohnung Simons Graz besuch 06.12.2010 (1).JPG [2012.12.17 22:59:18 | 000,200,477 | ---- | C] () -- C:\Users\***\Desktop\pic.jpg [2012.12.17 22:56:38 | 000,268,301 | ---- | C] () -- C:\Users\***\Desktop\IMG_20121217_225343.jpg [2012.12.17 22:56:35 | 000,645,806 | ---- | C] () -- C:\Users\***\Desktop\IMG_20121212_174415.jpg [2012.12.17 22:56:12 | 000,914,173 | ---- | C] () -- C:\Users\***\Desktop\anhaenge.zip [2012.12.17 08:40:44 | 000,131,226 | ---- | C] () -- C:\Users\***\Desktop\bescheid stipendium phd.pdf [2012.12.14 14:33:37 | 000,001,895 | ---- | C] () -- C:\Users\***\Desktop\Bulldog777 Poker.lnk [2012.12.14 14:23:42 | 000,000,330 | ---- | C] () -- C:\Users\***\Desktop\Muchos App.appref-ms [2012.12.13 16:22:45 | 002,344,501 | ---- | C] () -- C:\Users\***\Desktop\20121213_162303.jpg [2012.12.11 22:26:19 | 000,248,813 | ---- | C] () -- C:\Users\***\Desktop\huntington.pdf [2012.12.09 18:13:16 | 000,189,474 | ---- | C] () -- C:\Users\***\Desktop\OBL_Miet-Wohnung Jahnstraße IBK.pdf [2012.12.07 02:08:20 | 000,000,971 | ---- | C] () -- C:\Users\***\Desktop\SimpleTV.lnk [2012.12.06 13:24:56 | 000,004,934 | ---- | C] () -- C:\Users\***\Desktop\Studienblatt *** 2224 16.03.1987.pdf [2012.12.06 03:25:06 | 000,000,248 | ---- | C] () -- C:\Users\***\.swfinfo [2012.12.06 01:09:10 | 000,001,037 | ---- | C] () -- C:\Users\***\Desktop\PotPlayer x64.lnk [2012.12.05 21:56:56 | 1311,572,829 | ---- | C] () -- C:\Users\***\Desktop\Sleepy Hollow.1999.HDRip.x264.AAC[5.1]-VLiS.mkv [2012.12.05 03:32:18 | 002,322,432 | ---- | C] () -- C:\Users\***\Desktop\fm4_ombudsmann_121123_215445.mp3 [2012.12.04 13:04:30 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk [2012.12.04 13:04:30 | 000,001,134 | ---- | C] () -- C:\Users\***\Desktop\VideoPad Video Editor.lnk [2012.12.04 13:03:51 | 000,001,122 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk [2012.11.14 01:59:48 | 740,300,690 | ---- | C] () -- C:\Users\***\One Day in September (1999)[DVDRip (Xvid)] - LikeHerod [2012.10.31 12:58:41 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.20 19:56:17 | 000,143,664 | ---- | C] () -- C:\Users\***\Faust.2011.DVDRip.AC3.HORiZON-ArtSubs.idx [2012.10.20 19:55:12 | 013,398,016 | ---- | C] () -- C:\Users\***\Faust.2011.DVDRip.AC3.HORiZON-ArtSubs.sub [2012.10.10 15:57:05 | 098,005,738 | ---- | C] () -- C:\Users\***\Photoshop_Portable_13.0.1_Multilingual.exe [2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.06.30 00:24:16 | 000,007,632 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.06.28 14:13:20 | 001,642,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.07 15:26:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.27 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Awesomium [2013.01.01 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.06.13 22:11:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EndNote [2012.10.26 15:33:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Guitar Pro 6 [2012.06.29 10:09:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEM Data [2012.12.20 12:18:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HoldemManager [2012.07.27 17:04:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MuchosPoker [2012.07.27 13:29:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MuchosPoker CustomAvatars [2012.06.28 22:52:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2012.07.27 17:42:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PacificPoker [2012.10.23 18:48:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.12.06 01:18:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PotPlayerMini64 [2012.12.05 02:14:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\qs [2012.10.19 18:58:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.12.09 13:33:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SimpleTV V03 [2012.12.19 21:11:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2012.09.04 17:31:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.06.11 13:15:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thinstall [2012.12.04 23:53:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle [2013.01.01 15:43:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2012.12.09 13:51:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XBMC ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\PIVCAKE:MID @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:DBC416F8 < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.01.2013 16:15:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,63% Memory free 5,99 Gb Paging File | 4,66 Gb Available in Paging File | 77,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287,95 Gb Total Space | 152,15 Gb Free Space | 52,84% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,11 Gb Free Space | 51,08% Space Free | Partition Type: NTFS Drive F: | 346,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KATARINADANZL | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00E9A549-9DBB-4221-8567-6DBB4D3CDB2C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{08B60C1A-C420-49F4-B18B-D3DA61583749}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0EE239A5-501D-4176-B89D-BFD946D184E3}" = lport=139 | protocol=6 | dir=in | app=system | "{1F80C0EE-84F8-41E7-919B-5479327C243F}" = rport=137 | protocol=17 | dir=out | app=system | "{2CA756A2-2ACC-4FC3-BD0A-2054B7B301BF}" = rport=445 | protocol=6 | dir=out | app=system | "{327441CD-3A2D-40A8-869E-F0CFFC323A0B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{524E56C4-E657-4BC6-A2BA-DE41D8B76C5E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{556817AD-2472-4D1A-A6E8-8BD2D43088D1}" = lport=138 | protocol=17 | dir=in | app=system | "{597E3C2A-188B-4032-A31D-90F226F240B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{67D33803-4F48-4827-922F-2395991AA98E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6DABB089-8DD3-4FDD-8A09-F7BA66F9D505}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6DCE0757-676D-4395-8BDE-B950F1E0DF14}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{71C235AB-1B96-4856-A37B-87586234C184}" = rport=139 | protocol=6 | dir=out | app=system | "{7E948BA9-593C-4F4E-A16E-50AFC68496F8}" = lport=445 | protocol=6 | dir=in | app=system | "{86873774-AE6F-4706-BF19-76D0AADE03D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A159E066-C4E7-473E-BFA4-DFE3CB77F980}" = lport=2869 | protocol=6 | dir=in | app=system | "{A7F124D2-5C9D-4168-B392-6D6A92946B27}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A9DC1C29-9E06-4D61-916D-EBA20CA68E5C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B35C8754-1657-4CD7-9741-D08CA1FBF947}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B68C4B7C-4CF6-44FF-89BD-3D55716B0AC2}" = lport=5432 | protocol=6 | dir=in | name=postgres | "{B9A57943-DA08-44CA-A258-B539DF25A1BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BF61045C-F8BA-45F2-967A-5413C0336888}" = rport=138 | protocol=17 | dir=out | app=system | "{BFDD84BF-0A2B-4A4C-8982-049A936CE8F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CEA33D91-E38B-4B3A-8E75-52789DFBA08B}" = lport=10243 | protocol=6 | dir=in | app=system | "{D9024943-EA54-4A02-8452-5B1C658668C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DCF743F4-37F7-49C3-9BBF-824F34BA1B8D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{E88A80C0-0803-47A6-BCF2-2D895A0B6758}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EB854A2F-3689-4917-9BDF-4ADB36B2BB41}" = lport=137 | protocol=17 | dir=in | app=system | "{F065A37C-7B45-4DDF-BFE1-D729E8E1687D}" = rport=10243 | protocol=6 | dir=out | app=system | "{F1908198-1EF2-467A-B970-16BF32FD65D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F2C32ED6-D9F9-4480-A274-D03CAE45427B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F9355D75-6FDA-41CB-86EF-8B5275DAECF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D12519D-AEB8-4E0A-99FF-530EB0B7AF3E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{0F028E0E-07FF-4C07-BD0F-6F178178194A}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{0F923008-7AFF-451E-90FE-4821A2766D00}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{19E5FAD5-61AD-46E1-822E-CCC67EA7AC9A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{21230C08-8608-42FC-B485-434AE4B377A9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{2A0638A6-64F0-469B-A08E-F3038DB144FD}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | "{2CCE2888-2234-4CF2-A75F-F4134445CC57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{39DA5A54-297A-40B8-A83B-C84BF199BBEA}" = protocol=6 | dir=in | app=c:\program files (x86)\pivcake\pokerclient.exe | "{3B389782-11FB-45AC-AAD1-8AFD6B323C39}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{3B7B7022-357D-47C0-994F-8D5D24F69AF3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4AA1E57A-5348-45C4-89AD-731967C15A9C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{4E6E582D-12A8-4D5D-AE64-97CD528E98E6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{4F34504F-278F-40A9-A68D-AA4390FEC56B}" = protocol=6 | dir=out | app=system | "{53920B08-77F0-4E5C-9733-9519485D1DFD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{557056A3-8DFE-49B3-AC2C-15A5468A6115}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5661C852-50F6-4066-833A-28B9F837FB6A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{61236DB2-3E5A-4FA9-942C-9E7A7BB070A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{68D90DF0-A48F-488A-AE3B-F62574907F20}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{69DE971F-0C21-42C6-A430-B7CFFCEBF428}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6C72E7D2-9AC0-4E23-951E-78578E8B90E0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{75FDD1C0-556E-4307-AB8D-A1DCFDABEDBE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{761499BD-53D1-4CDB-AD74-6C6478AF0917}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7CACBADD-BBD5-48B8-9A94-EC1AE72800C9}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | "{7FF321FC-D061-4373-A93B-C0EA3DAB1BDE}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{8295C9E7-3299-4FFE-BA97-13663DB2371F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{82A9F249-522A-49D2-B152-F2BB679CF6BD}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | "{86CA7580-E349-42BA-80FF-07F0816A3DD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8E7D5830-9C90-4EF9-8495-111D54C615D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{973BABF3-F785-4482-9AB4-123AF015A503}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{9938DC1E-A40F-430D-99C5-AAF7CB229035}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{9BB21040-EB21-4171-B236-6D2EA86260B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9EF6766D-D60A-4C97-A14C-666ABFED031B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{AC5100AC-27E1-4F38-AED4-0A823B42A4A3}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{AECC592C-5F61-4BB7-B634-3425197EDA06}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B05C3B18-91ED-40DD-A41F-F389DFB5022F}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{B61A9D8F-4073-421E-BC18-AD47FC126C00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BA425591-5323-4868-AE81-A4A2D50DF1E0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{BC6BD544-7857-45D3-8F03-14CF6F725563}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{CD840D82-4A40-46F1-A67C-5873AB2E28A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D36287E0-8978-4BB3-A73A-26D88E5FFD23}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D549BF00-5645-4C8F-8ED1-34820096732A}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{E1F8D276-789B-49C9-A72C-0DAD48EB1AAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E5DA8F9F-A614-43B0-9DDF-A40B9AD684B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F518E1C9-0E28-4D0D-9547-6FDFACD3423D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F6C2772E-9CB4-4DF2-8D97-937662B7BFBF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F8D89918-B2A6-4153-A51B-357EAD0874D1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{FB60BE00-3573-4C22-85FD-45E8C7A5BA34}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FC0F9507-F22F-455C-B605-2D4AC3294413}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FCB82FF8-27B0-4A22-9C91-3FE9DC8EBF46}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FD6C7A38-9972-4CEB-93AB-EC280904FDDD}" = protocol=17 | dir=in | app=c:\program files (x86)\pivcake\pokerclient.exe | "{FE09656A-397C-4ED7-8151-29DCB3D59EA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{06E5DE35-F006-4A36-8160-8BCFDA12C6B3}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{31C5A768-958C-4B0A-B640-A4A5A63215D2}C:\program files (x86)\simpletv\tv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\simpletv\tv.exe | "TCP Query User{38B1DD00-6B39-4A8F-9C6B-8D8552F63476}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | "TCP Query User{4CF2C00E-0250-48EE-8246-ECBCCF0805B0}C:\users\***\desktop\dein zeugs\aoe2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\katarina danzl\desktop\dein zeugs\aoe2\age2_x1.exe | "TCP Query User{54FEB82D-0F82-4075-B69B-3133ED1F4DB6}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{5F7A16A2-BF80-4BB1-8AA5-92F611F874F1}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{62597305-4511-4122-B2EC-15D91112C5CA}C:\users\***\desktop\aoe2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\aoe2\age2_x1.exe | "TCP Query User{729A5A2B-E346-4F0A-9AA0-3D629FBD86EA}C:\users\***\desktop\aoe2\empires2.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\aoe2\empires2.exe | "TCP Query User{797A8E92-8B05-4D49-BBB3-8805B932A329}C:\program files (x86)\piventr\pokerclient\piventr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\piventr\pokerclient\piventr.exe | "TCP Query User{801F5B70-13D3-4516-857C-F4CA0E963348}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | "TCP Query User{922CE243-FBC9-47D3-B01D-724DC522EF4D}C:\users\***\desktop\blobby\volley.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\blobby\volley.exe | "TCP Query User{A014FD58-35EE-462B-B1B7-03472F3FBE56}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{A543A469-7786-4A90-BAD4-BBFD0A01E4F3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "TCP Query User{BEF33199-A102-4F20-93B8-554EE7EF9C49}C:\users\***\desktop\dein zeugs\aoe2-the conquers\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\dein zeugs\aoe2-the conquers\age2_x1.exe | "TCP Query User{F05C1FD6-408E-4C67-845B-E9E490A4B076}C:\users\***\desktop\dein zeugs\aoe2\aoc.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\dein zeugs\aoe2\aoc.exe | "UDP Query User{17E3B0A7-1F13-43E5-922C-85E70C4E1E92}C:\program files (x86)\piventr\pokerclient\piventr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\piventr\pokerclient\piventr.exe | "UDP Query User{1B3A9F1D-B530-452E-8B44-7E165E79B6F1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "UDP Query User{1F26F8DB-F12E-4725-86BC-3B1750296282}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | "UDP Query User{22513F61-23F3-4B03-AC0F-3643FE0F43FA}C:\users\***\desktop\dein zeugs\aoe2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\dein zeugs\aoe2\age2_x1.exe | "UDP Query User{261092F6-80E8-4178-8EEC-D31F379050AB}C:\users\***\desktop\aoe2\empires2.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\aoe2\empires2.exe | "UDP Query User{30E14875-289C-4B75-909C-A263811480F0}C:\program files (x86)\simpletv\tv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\simpletv\tv.exe | "UDP Query User{311226CA-C3A6-4524-B0D6-C08296AEB613}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | "UDP Query User{3F709602-6D0D-4E7D-AFB1-83F6866E5E2A}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{4B30718B-D38C-493A-A752-2E63CE704329}C:\users\***\desktop\dein zeugs\aoe2\aoc.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\dein zeugs\aoe2\aoc.exe | "UDP Query User{5A89B675-0EF9-47DF-8D15-9DFFA5519107}C:\users\***\desktop\aoe2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\aoe2\age2_x1.exe | "UDP Query User{736426FC-991D-4A50-8A58-3E631AC2311C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{CA56622B-CA33-4F07-A9FD-DCDA4ACB0A26}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{E390931F-9469-4AC8-B4DA-A9260876C20E}C:\users\***\desktop\dein zeugs\aoe2-the conquers\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\dein zeugs\aoe2-the conquers\age2_x1.exe | "UDP Query User{E58EF513-1E26-4636-935C-33F2B7BE776C}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{FEA28888-F9D2-4157-AF79-6B5C22030031}C:\users\***\desktop\blobby\volley.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\blobby\volley.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{ED7FE81C-378C-411D-B5B4-509B978BA204}" = UltraMon "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "PotPlayer64" = Daum PotPlayer 1.5.34665 x64 Edition [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{290A2821-B1F8-4566-B49A-25F349A5B5CB}_is1" = SimpleTV 0.4.7 b2 "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{60A86035-3EAD-401C-8C8F-5CB46977320F}" = QuickSnooker "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "1180-6883-2514-0226-pokerinvenice-PROD" = PivEntr "5513-1208-7298-9440" = JDownloader 0.9 "888poker" = 888poker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "avast" = avast! Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Debut" = Debut Video Capture Software "GraphPad Prism_is1" = GraphPad Prism 4 "HoldemManager2" = Holdem Manager 2 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nokia Suite" = Nokia Suite "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "PIVCAKE" = PIVCAKE "PokerStars" = PokerStars "PostgreSQL 8.4" = PostgreSQL 8.4 "PowerISO" = PowerISO "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper "TeamViewer 7" = TeamViewer 7 "Titan Poker" = Titan Poker "Tunngle beta_is1" = Tunngle beta "uTorrent" = µTorrent "VideoPad" = VideoPad Video Editor "VLC media player" = VLC media player 1.1.4 "Winamp" = Winamp "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Bulldog777 Poker" = Bulldog777 Poker "d114aea568955389" = Muchos App "Dropbox" = Dropbox "MuchosPokerCustomAvatars_298_12" = MuchosPoker CustomAvatars "PivMerge" = PivMerge "Spotify" = Spotify "XBMC" = XBMC ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.12.2012 05:03:01 | Computer Name = *** | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 23.12.2012 05:03:01 | Computer Name = *** | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15105015 Error - 23.12.2012 05:03:01 | Computer Name = *** | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15105015 Error - 23.12.2012 05:03:02 | Computer Name = *** | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 23.12.2012 05:03:02 | Computer Name = *** | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15106029 Error - 23.12.2012 05:03:02 | Computer Name = *** | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15106029 Error - 23.12.2012 05:03:03 | Computer Name = *** | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 23.12.2012 05:03:03 | Computer Name = *** | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15107028 Error - 23.12.2012 05:03:03 | Computer Name = *** | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15107028 Error - 23.12.2012 05:17:58 | Computer Name = *** | Source = PostgreSQL | ID = 0 Description = 2012-12-23 10:17:58 CETFATAL: the database system is starting up Error - 01.01.2013 10:42:16 | Computer Name = *** | Source = PostgreSQL | ID = 0 Description = 2013-01-01 15:42:16 CETFATAL: the database system is starting up [ System Events ] Error - 22.12.2012 16:48:25 | Computer Name = *** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 22.12.2012 16:48:25 | Computer Name = *** | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 22.12.2012 16:52:09 | Computer Name = *** | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 22.12.2012 16:52:09 | Computer Name = *** | Source = atikmdag | ID = 43029 Description = Display is not active Error - 23.12.2012 00:51:03 | Computer Name = *** | Source = atikmdag | ID = 43029 Description = Display is not active Error - 23.12.2012 05:02:55 | Computer Name = *** | Source = atikmdag | ID = 43029 Description = Display is not active Error - 23.12.2012 05:17:14 | Computer Name = *** | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 23.12.2012 05:17:14 | Computer Name = *** | Source = atikmdag | ID = 43029 Description = Display is not active Error - 01.01.2013 10:41:39 | Computer Name = *** | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 01.01.2013 10:41:39 | Computer Name = *** | Source = atikmdag | ID = 43029 Description = Display is not active < End of report > Anti-Malewarebytes Logfile: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.22.06 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] Schutz: Aktiviert 22.12.2012 22:01:21 mbam-log-2012-12-23 (10-04-42).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 500033 Laufzeit: 1 Stunde(n), 38 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\recovery2\IMG_5798.JPG (Extension.Mismatch) -> Keine Aktion durchgeführt. C:\recovery2\IMG_6518.JPG (Extension.Mismatch) -> Keine Aktion durchgeführt. C:\Users\***\0.561871096702322.exe (Trojan.Ransom) -> Keine Aktion durchgeführt. C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-5cbbde60 (Trojan.Reveton) -> Keine Aktion durchgeführt. C:\Users\***\Desktop\dein zeugs\aoe2\age2_x1.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt. C:\Users\***\Desktop\dein zeugs\Aoe2-The Conquers\age2_x1.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt. C:\Users\***\Desktop\PhotoshopPortable\App\PhotoshopCS6\amtlib.dll (PUP.RiskwareTool.CK) -> Keine Aktion durchgeführt. C:\Users\***\Downloads\download.exe (Adware.Dropper) -> Keine Aktion durchgeführt. C:\Users\***\Downloads\Keygen\Keygen\keygen.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. (Ende) Danke für eure Hilfe! g simonwent |
01.01.2013, 18:26 | #2 | ||
/// TB-Ausbilder | Polizei-Trojaner Win7 x64Zitat:
Supportstopp: Cracks oder Keygens Damit ist das Thema beendet.
__________________ |
Themen zu Polizei-Trojaner Win7 x64 |
7-zip, adobe, adware.dropper, antivirus, autorun, error, exploit.drop.gsa, extension.mismatch, flash player, format, install.exe, jdownloader, loswerden, malware.packer.gen, mozilla, photoshop, plug-in, poweriso, pup.riskwaretool.ck, registry, rundll, security, senden, software, spotify web helper, starten, trojan.fakems, trojan.ransom, trojan.reveton, udp, windows |