| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Österreichische Version vom Polizei TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.05.2013, 11:53
| #1 |
| |  Österreichische Version vom Polizei Trojaner Hallo Trojaner-Board-Team, wir haben uns gestern den Polizei Trojaner eingefangen. Ich habe das System mit einer Wiederherstellung zum laufen gebracht. Ich habe auch ( hoffentlich kein Fehler) bereits Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org laufen lassen Log File: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.24.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Daniel :: DANIEL-PC [Administrator] 24.05.2013 19:49:29 mbam-log-2013-05-24 (19-49-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214324 Laufzeit: 14 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Daniel\AppData\Roaming\skype.dat (Trojan.FakeAlert.RGenX) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Daniel\AppData\Local\Temp\jmciion (Trojan.FakeAlert.RGenX) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) www.malwarebytes.org log File: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.24.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Daniel :: DANIEL-PC [administrator]
24.05.2013 21:20:31
mbar-log-2013-05-24 (21-20-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29667
Time elapsed: 45 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|JAVA (Backdoor.Bot) -> Data: C:\Windows\java.vbs -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Windows\java.vbs (Backdoor.Bot) -> Delete on reboot.
(end)
OTL.txt: Code:
ATTFilter OTL logfile created on: 5/25/2013 10:43:02 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 74.07% Memory free 8.00 Gb Paging File | 6.81 Gb Available in Paging File | 85.14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1366.17 Gb Total Space | 1250.44 Gb Free Space | 91.53% Space Free | Partition Type: NTFS Drive D: | 30.00 Gb Total Space | 10.34 Gb Free Space | 34.46% Space Free | Partition Type: NTFS Drive I: | 7.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/25 10:23:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe PRC - [2013/04/18 15:56:10 | 000,563,224 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2013/03/07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011/12/15 19:53:12 | 000,426,328 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate) SRV:64bit: - [2010/11/11 04:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/09/14 15:28:14 | 000,233,864 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy) SRV:64bit: - [2010/08/19 12:49:56 | 000,157,576 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe -- (BgRaSvc) SRV:64bit: - [2010/08/19 12:49:50 | 000,339,848 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner) SRV:64bit: - [2010/08/19 12:49:50 | 000,243,592 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain) SRV:64bit: - [2010/08/19 12:49:48 | 000,353,160 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan) SRV:64bit: - [2010/08/19 12:49:48 | 000,073,096 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/05/24 20:05:43 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/04/19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/04/18 15:56:22 | 001,227,800 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2013/04/18 15:56:14 | 000,659,992 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/04/18 15:55:50 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI) DRV:64bit: - [2013/03/07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013/03/07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013/03/07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013/03/07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013/03/07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013/03/07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013/03/07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013/03/07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/19 20:34:00 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/11/19 20:34:00 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/11/11 06:23:44 | 008,123,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/11/11 04:16:24 | 000,288,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/10/12 12:05:16 | 000,061,520 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy) DRV:64bit: - [2010/09/24 14:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/06/17 11:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010/06/14 11:41:10 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010/05/15 00:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010/05/15 00:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0F5883D0-AF72-4C43-976D-3C162BE559AC} IE - HKCU\..\SearchScopes\{0F5883D0-AF72-4C43-976D-3C162BE559AC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393AT427 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2010/12/03 22:21:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter [2010/12/03 22:21:33 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll (BullGuard Ltd.) O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FC4AE18-1088-4A4E-A5C3-01A88EF86339}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/02/03 00:07:14 | 000,000,058 | -H-- | M] () - I:\autorun.inf -- [ UDF ] O33 - MountPoints2\{24574977-5ce1-11e0-b47b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{24574977-5ce1-11e0-b47b-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\Diablo III Setup.exe" O33 - MountPoints2\{323a901a-a436-11e2-9872-6c626db75cd7}\Shell - "" = AutoRun O33 - MountPoints2\{323a901a-a436-11e2-9872-6c626db75cd7}\Shell\AutoRun\command - "" = E:\OpenFiles.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\OpenFiles.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/25 10:23:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2013/05/24 23:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/05/24 23:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013/05/24 23:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013/05/24 23:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013/05/24 22:56:05 | 001,398,856 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Daniel\Desktop\mbar.exe [2013/05/24 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\WindowsUpdate [2013/05/24 22:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/05/24 22:22:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013/05/24 22:21:59 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013/05/24 22:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013/05/24 20:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/05/24 20:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/05/24 20:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013/05/24 19:48:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes [2013/05/24 19:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/05/24 19:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/05/24 19:46:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/05/24 19:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/05/24 19:42:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Secunia PSI [2013/05/24 19:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013/05/24 19:24:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Programs [2013/05/24 18:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013/05/24 17:56:36 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013/05/24 17:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/05/24 17:56:35 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013/05/24 17:56:33 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013/05/24 17:56:33 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013/05/24 17:56:32 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013/05/24 17:56:27 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013/05/24 17:56:27 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013/05/24 17:55:14 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013/05/24 17:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/05/24 17:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/25 10:41:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/25 10:40:32 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/25 10:39:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/25 10:39:11 | 3220,664,320 | -HS- | M] () -- C:\hiberfil.sys [2013/05/25 10:37:22 | 000,000,000 | ---- | M] () -- C:\Users\Daniel\defogger_reenable [2013/05/25 10:23:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2013/05/25 10:21:48 | 000,050,477 | ---- | M] () -- C:\Users\Daniel\Desktop\Defogger.exe [2013/05/25 10:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/25 09:52:15 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/25 09:52:15 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/24 22:22:12 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/05/24 21:19:47 | 000,632,031 | ---- | M] () -- C:\Users\Daniel\Desktop\adwcleaner.exe [2013/05/24 20:47:44 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/05/24 20:33:22 | 001,398,856 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Daniel\Desktop\mbar.exe [2013/05/24 20:15:41 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/05/24 20:15:41 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/24 20:15:41 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/05/24 20:15:41 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/24 20:15:40 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/24 19:47:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/05/24 19:41:27 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/05/24 18:49:10 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013/05/24 17:56:36 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/05/24 17:56:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013/05/17 08:38:06 | 000,279,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/07 20:24:40 | 000,087,306 | ---- | M] () -- C:\Users\Daniel\Desktop\Reisepass_***_Daniel_Christoph.pdf [2013/05/07 20:23:50 | 000,110,767 | ---- | M] () -- C:\Users\Daniel\Desktop\Reisepass_***_Maria_Christine.pdf [2013/05/07 19:16:09 | 000,199,366 | ---- | M] () -- C:\Users\Daniel\Desktop\hotel_london.xps [2013/05/06 21:42:03 | 000,405,186 | ---- | M] () -- C:\Users\Daniel\Desktop\flug.xps [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/25 10:37:22 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\defogger_reenable [2013/05/25 10:21:48 | 000,050,477 | ---- | C] () -- C:\Users\Daniel\Desktop\Defogger.exe [2013/05/24 22:22:12 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013/05/24 21:21:24 | 000,632,031 | ---- | C] () -- C:\Users\Daniel\Desktop\adwcleaner.exe [2013/05/24 20:47:43 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/05/24 19:53:28 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/24 19:47:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/05/24 19:41:27 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/05/24 19:41:27 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013/05/24 17:56:36 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/05/24 17:56:32 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013/05/24 17:56:31 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013/05/24 17:56:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013/05/07 20:24:40 | 000,087,306 | ---- | C] () -- C:\Users\Daniel\Desktop\Reisepass_***_Daniel_Christoph.pdf [2013/05/07 20:23:50 | 000,110,767 | ---- | C] () -- C:\Users\Daniel\Desktop\Reisepass_***_Maria_Christine.pdf [2013/05/07 19:16:08 | 000,199,366 | ---- | C] () -- C:\Users\Daniel\Desktop\hotel_london.xps [2013/05/06 21:42:01 | 000,405,186 | ---- | C] () -- C:\Users\Daniel\Desktop\flug.xps [2012/08/01 08:07:04 | 000,116,016 | ---- | C] () -- C:\Users\Daniel\jticket.pl [2012/07/08 18:28:51 | 000,656,031 | ---- | C] () -- C:\Users\Daniel\1105.5251v1.pdf [2012/06/01 21:31:04 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\d3-0-9858-Win-final.MPQ.lock [2012/05/30 09:28:13 | 003,912,006 | ---- | C] () -- C:\Users\Daniel\d3-0-9749-Win-final.MPQ [2011/10/18 00:38:11 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\AppData\Local\{DA0B2F29-951B-40C3-81C5-B748C1AC0D93} [2011/08/04 10:21:18 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\AppData\Local\{4DD2FF30-C246-4890-B025-21F33BB432DE} [2011/07/10 20:15:38 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\AppData\Local\{8B31EA9A-5CB6-4508-8FE4-B7C1633C80DE} ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/04/01 21:39:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BullGuard [2012/06/27 18:42:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 5/25/2013 10:43:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 74.07% Memory free
8.00 Gb Paging File | 6.81 Gb Available in Paging File | 85.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1366.17 Gb Total Space | 1250.44 Gb Free Space | 91.53% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.34 Gb Free Space | 34.46% Space Free | Partition Type: NTFS
Drive I: | 7.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009B2D30-1430-47A5-97EE-81D9F50EE8BE}" = rport=445 | protocol=6 | dir=out | app=system |
"{093F15EA-3F01-4271-95AF-0CE3F49307B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0945B96D-BAF5-4BAC-99E7-CFB7A32A2E97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0E72F403-F93A-4832-99FD-4964F801F699}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1730560A-E247-4CFA-B416-BE55100F1F9B}" = lport=139 | protocol=6 | dir=in | app=system |
"{1A417FE0-98F8-4A1D-B5CA-88E09A1E5E19}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2DCB16DB-613D-4E43-8260-C9BC13621CBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{394C2637-B5A2-44C5-A7F7-AEEF56376944}" = lport=445 | protocol=6 | dir=in | app=system |
"{3B619D04-5C1F-4DB4-9302-0216D4945162}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{655741A4-24A2-46C1-BB41-B64390791A28}" = lport=2869 | protocol=6 | dir=in | app=system |
"{66AFBC5C-1425-4B07-8190-EF1E44FD2DB7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6753F817-EF63-4328-B904-D297542D3C50}" = lport=137 | protocol=17 | dir=in | app=system |
"{68673CC7-9B0B-42BA-96C2-721C420073FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{921C383E-B096-4726-ADB6-F3BE57CDD6F0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B92E5D15-E5DE-469F-A4A5-83D1DE92403C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0BA4763-B85A-43D5-8157-BDB8BE9B7EF2}" = rport=139 | protocol=6 | dir=out | app=system |
"{C47E15BE-BB76-48A6-8320-B3AF0E06F685}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1C56E5A-147B-49DE-A12A-01CB7F46CC8D}" = rport=138 | protocol=17 | dir=out | app=system |
"{DE2692A3-9066-4ABA-8502-682350A863D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EB020DB7-17F6-420A-9958-E75CA207A8CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB6712E1-3CA9-4ABE-8047-3AAE8D649035}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA27EBC4-D751-4E93-AD35-38465FAC3527}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FE5378A9-96A1-4A8C-93DC-2599FDC322A1}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13149270-227A-4615-A9BC-2EBDBF0A4D43}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{14975509-0EA5-4F31-B4EF-2590A632BB43}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{17585E5B-AC3C-46BA-A9DF-E98063540EEE}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{2462A265-31A4-45D4-AE73-91E2BB3881AE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{26C162A9-095E-4283-9420-8437FD74ADB9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{2B5DB32D-D9A9-40DB-86E1-5A2CAFDDED92}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{317B69E0-5423-4969-8F7F-C2AE6E127C91}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{34897889-AC78-4266-85F2-CF674245E622}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3642FE38-F173-42EA-B018-A87B9C470552}" = protocol=6 | dir=out | app=system |
"{3CA7924E-5FD4-40E9-893B-51317C3E39CE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{3EF00EB3-E859-47F8-8D66-FBDF373365F3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{40F94204-992A-4950-A683-8828347351C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{47B5C6AD-6388-45F9-8955-2694D97D41A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4BEC41C9-7A7A-4722-88E6-377CFF9860E5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{57A1596A-52F7-4AC6-B45D-8B0F675310EA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{59325048-4910-4EC8-A7EB-C1EAF19E534C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{62CBB8F1-B7CA-45ED-94AF-8AC84E15EA94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63DFAE9B-69C4-45C5-A2E6-0626D2C899F0}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{64DC3066-273B-474D-BE1B-B5B828A9AC4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{66440E76-7BBE-430A-9E95-71D3E2CC416B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{6DDD9D1A-9EA8-4AAB-9685-04DB6CBC287A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{70BA8D82-2554-4356-BFED-95286B31A177}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{726B0CB7-543F-4C5F-AEDC-213528F61A9C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7C22EBDB-02C9-4762-BD52-F6CC2771544C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7FB70FBC-195B-4EB2-BA05-36D3C2A5D568}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{8FCDCAAE-6062-49B3-BF82-84A4CE334E62}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{9B0EBDA5-5446-4E58-AA4F-7DAD1E4F802A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C9E757D-BB22-4D9B-9034-166D7EADE876}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3BE6285-90A2-4215-9E8F-50F86EB97701}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B90E04BA-717D-40E1-AC91-277A630BC46B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BDDE69D7-2AED-42A8-BABC-3EEF3EBBC86C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C3966ADF-7CB3-4C77-9141-C4E10A2F2A3E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C65DC336-FBF4-4E0F-8D24-546AAAEA352C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB0A3114-CACE-4C80-8E07-F1F2A78E21C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E0550641-4C37-4A88-B271-099708E1CF29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E269D9DD-3929-4CB0-AE0C-670EC1704178}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{E7CFDCEF-71E6-4802-8522-D3CDE7079605}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA63862D-702F-4CD1-BD0D-5E0A9C6E9EF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EA6C50DC-5A5A-46D6-88B3-9B9110A1B6A8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F9A3C441-2875-4479-96D5-4250D15638C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FAF6F61C-42C2-4777-8820-2898EC970C17}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"TCP Query User{0E5F5EE6-17C7-4EDA-B099-35C177127B45}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{35D287FA-0187-40EE-AF0F-BD750CCF4ED4}C:\users\daniel\desktop\skype.exe" = protocol=6 | dir=in | app=c:\users\daniel\desktop\skype.exe |
"TCP Query User{3CCDED82-1053-4B6B-A804-D5BAE18149B4}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{455863B2-1EA3-489E-9ED0-E857A67A4A69}C:\users\daniel\desktop\skype.exe" = protocol=6 | dir=in | app=c:\users\daniel\desktop\skype.exe |
"TCP Query User{4A868702-0F43-4728-8FFF-2FE3F8BD6BDD}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{6CF48F80-5B8C-42BA-B3DC-BE062F90CACE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{8E35A632-8C7A-427F-9856-7A1A4C5C5E3C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{C2BF652F-32C2-493F-9962-28E4DECA335C}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{D6CD4253-5637-421F-A4F4-D21D9CE5FDDA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{EECF58C8-7738-4D24-BDB5-9A4B6E7B2C0F}C:\users\daniel\appdata\local\temp\pyl7c73.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\local\temp\pyl7c73.tmp\pyrun.exe |
"UDP Query User{13688A1D-3ADC-4303-8C23-C27C676143CF}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{174024CA-72DA-46AC-A7B1-497A851A6EB1}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{4DC4C813-FA92-4F29-ABA8-10B23F69509C}C:\users\daniel\desktop\skype.exe" = protocol=17 | dir=in | app=c:\users\daniel\desktop\skype.exe |
"UDP Query User{552E83C0-2305-449A-BD35-5273E485A08D}C:\users\daniel\appdata\local\temp\pyl7c73.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\local\temp\pyl7c73.tmp\pyrun.exe |
"UDP Query User{7BAC0BE0-F8D7-4D70-8029-55C821DB0340}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{A3FCB606-5EAB-43B0-AA0A-99CBE0099127}C:\users\daniel\desktop\skype.exe" = protocol=17 | dir=in | app=c:\users\daniel\desktop\skype.exe |
"UDP Query User{CA779502-6CA9-4E71-8272-008A5E029AEA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{EB7DA628-2DE7-4A8C-B1AE-557A923EDF81}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{F96DEDDC-B2C4-4777-8361-3E6A3C40DE30}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{FAFF54FA-5F16-403D-889B-C6E4DBDB12FA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{122C8DA5-1978-7BB6-6179-BE41806E8086}" = ccc-utility64
"{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5479F9EC-5D71-CB4F-7091-3BF696F82035}" = ATI Catalyst Install Manager
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"BullGuard" = BullGuard
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0482617D-DDC3-D703-2572-7D1E55FA24CB}" = Catalyst Control Center Graphics Previews Vista
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216BE2D3-5317-10C1-6F02-C4665CFB4507}" = CCC Help Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{256C2385-7E7D-8809-9D8C-020FC726A0CB}" = Catalyst Control Center InstallProxy
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{26E276AC-F6C2-883E-E665-E97C735AA0AA}" = CCC Help French
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{31760C30-2C21-75D1-675E-3388AAC04068}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5380E159-9445-C146-ECBC-5DF6E97FAB85}" = CCC Help Swedish
"{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54F89819-7AF7-9A0A-1F45-2E19F0CA18A8}" = CCC Help Finnish
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{59F324A2-667C-EA14-0A8D-DC3794330056}" = CCC Help Danish
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B0A2ECE-E4C6-4BA3-AE9D-8B827F03B992}" = Windows Live UX Platform Language Pack
"{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C1EAF33-82AD-4A63-B56D-4739172714DF}" = Lords of the Realm III
"{7D14B7C4-10DA-173B-D073-DED305D55099}" = Catalyst Control Center Localization All
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{934331FE-E81E-B486-A049-382715BE7416}" = CCC Help German
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A850B824-9CE5-EEDE-D762-3C9518ABAC98}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA0F476C-CA5F-F382-67B2-F0085C1EBC6E}" = CCC Help Norwegian
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B765F43A-6189-61F7-5D8A-0B9E8A851193}" = CCC Help English
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE2A3E12-3592-1A8B-D3B3-60E2C07C52C2}" = CCC Help Italian
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F354B79F-C895-AC25-EC8F-72DAFF960B83}" = CCC Help Spanish
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"avast" = avast! Free Antivirus
"Diablo III" = Diablo III
"HP-LaserJet 1020 series" = LaserJet 1020 series
"Indeo® software" = Indeo® software
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"pball6" = 3D Ultra Pinball Thrillride
"Secunia PSI" = Secunia PSI (3.0.0.7009)
"Warcraft III" = Warcraft III
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Wubi" = Ubuntu
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/24/2013 12:56:46 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16576,
Zeitstempel: 0x515e30fe Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc00000fd Fehleroffset: 0x0003a6c7 ID des fehlerhaften
Prozesses: 0x15b8 Startzeit der fehlerhaften Anwendung: 0x01ce589fabc6b8d0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: eac2e5b7-c492-11e2-868e-6c626db75cd7
Error - 5/24/2013 12:56:52 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16576,
Zeitstempel: 0x515e30fe Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002dede ID des fehlerhaften
Prozesses: 0xe38 Startzeit der fehlerhaften Anwendung: 0x01ce589fae65fcdd Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: ee54f61f-c492-11e2-868e-6c626db75cd7
Error - 5/24/2013 12:56:59 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16576,
Zeitstempel: 0x515e30fe Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002e04e ID des fehlerhaften
Prozesses: 0xe24 Startzeit der fehlerhaften Anwendung: 0x01ce589fb22eccec Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: f26c5397-c492-11e2-868e-6c626db75cd7
Error - 5/24/2013 4:29:17 PM | Computer Name = Daniel-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 5/24/2013 4:29:30 PM | Computer Name = Daniel-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 5/24/2013 4:44:05 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16576,
Zeitstempel: 0x515e30fe Name des fehlerhaften Moduls: AcroIEHelper.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x518a21c1 Ausnahmecode: 0xc0000005 Fehleroffset:
0x7244556c ID des fehlerhaften Prozesses: 0x1588 Startzeit der fehlerhaften Anwendung:
0x01ce58b8a2eabd07 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Pfad des fehlerhaften Moduls: AcroIEHelper.dll Berichtskennung:
ac4a2afb-c4b2-11e2-9d6c-6c626db75cd7
Error - 5/24/2013 5:21:15 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 7.0.210.11, Zeitstempel:
0x515d999d Name des fehlerhaften Moduls: deploy.dll, Version: 10.21.2.11, Zeitstempel:
0x515da3dd Ausnahmecode: 0xc0000409 Fehleroffset: 0x00000000000306b6 ID des fehlerhaften
Prozesses: 0x140c Startzeit der fehlerhaften Anwendung: 0x01ce58c476aacde4 Pfad der
fehlerhaften Anwendung: C:\Program Files\Java\jre7\bin\javaw.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Java\jre7\bin\deploy.dll Berichtskennung: dd8069e9-c4b7-11e2-9d6c-6c626db75cd7
Error - 5/24/2013 5:23:06 PM | Computer Name = Daniel-PC | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16576 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 169c Startzeit: 01ce58c2e4e0c237 Endzeit: 15 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID:
Error - 5/24/2013 5:52:15 PM | Computer Name = Daniel-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 5/24/2013 5:54:36 PM | Computer Name = Daniel-PC | Source = MsiInstaller | ID = 11609
Description =
[ System Events ]
Error - 5/24/2013 4:02:17 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
Error - 5/24/2013 4:13:14 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
Error - 5/24/2013 4:56:39 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Silverlight (KB2814124)
Error - 5/24/2013 5:07:11 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
Error - 5/24/2013 5:09:45 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
Error - 5/24/2013 5:22:50 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
Error - 5/24/2013 5:25:08 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
Error - 5/24/2013 5:45:34 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
Error - 5/24/2013 6:36:11 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
Error - 5/24/2013 7:29:04 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
< End of report >
Beim scan mit GMER hat sich der Computer aufgehängt. Vielen Dank im Voraus und liebe Grüße, RuKe |
|
25.05.2013, 14:08
| #2 |
| /// Helfer-Team  | Österreichische Version vom Polizei Trojaner Scan mit Combofix
__________________ |
|
25.05.2013, 14:37
| #3 |
| | Österreichische Version vom Polizei Trojaner Hallo t'john,
__________________erstmal vielen Dank für die Antwort! combofix ist durchgelaufen, hier ist das log file: Code:
ATTFilter ComboFix 13-05-25.02 - Daniel 25.05.2013 15:15:19.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4095.2586 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Ir50_qc.1
c:\windows\SysWow64\Ir50_qcx.1
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-25 bis 2013-05-25 ))))))))))))))))))))))))))))))
.
.
2013-05-25 13:20 . 2013-05-25 13:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-25 10:33 . 2013-05-25 10:34 -------- d-----w- c:\users\dcl
2013-05-24 22:22 . 2012-08-23 15:09 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-05-24 22:22 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-05-24 22:22 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-05-24 22:22 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-05-24 22:22 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-05-24 22:22 . 2012-08-23 14:07 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-05-24 22:17 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-05-24 22:17 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-05-24 22:17 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-05-24 22:17 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-05-24 22:17 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-05-24 22:17 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-05-24 22:17 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-05-24 22:16 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-05-24 22:16 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-05-24 21:28 . 2013-05-24 21:28 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-24 21:27 . 2013-05-24 21:26 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-24 21:07 . 2013-05-24 21:07 -------- d-----w- c:\program files\Microsoft Silverlight
2013-05-24 21:07 . 2013-05-24 21:07 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-05-24 20:57 . 2013-05-24 20:55 311200 ----a-w- c:\windows\system32\javaws.exe
2013-05-24 20:57 . 2013-05-24 20:56 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-05-24 20:57 . 2013-05-24 20:55 188832 ----a-w- c:\windows\system32\javaw.exe
2013-05-24 20:57 . 2013-05-24 20:55 188320 ----a-w- c:\windows\system32\java.exe
2013-05-24 20:34 . 2013-05-24 20:34 -------- d-----w- c:\users\Daniel\AppData\Local\WindowsUpdate
2013-05-24 20:22 . 2013-05-24 20:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-24 20:21 . 2013-05-24 20:22 -------- d-----r- c:\program files (x86)\Skype
2013-05-24 20:21 . 2013-05-24 21:59 -------- d-----w- c:\programdata\Skype
2013-05-24 18:47 . 2013-05-24 18:47 -------- d-----w- c:\program files\CCleaner
2013-05-24 18:24 . 2013-05-24 20:55 1092512 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-24 18:24 . 2013-05-24 21:34 -------- d-----w- c:\program files\Java
2013-05-24 18:05 . 2013-05-24 18:05 17613192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-24 17:53 . 2013-05-24 18:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-24 17:48 . 2013-05-24 17:48 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes
2013-05-24 17:47 . 2013-05-24 17:47 -------- d-----w- c:\programdata\Malwarebytes
2013-05-24 17:46 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-24 17:46 . 2013-05-24 17:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-24 17:42 . 2013-05-24 17:42 -------- d-----w- c:\users\Daniel\AppData\Local\Secunia PSI
2013-05-24 17:41 . 2013-05-24 17:41 -------- d-----w- c:\program files (x86)\Secunia
2013-05-24 17:24 . 2013-05-24 17:24 -------- d-----w- c:\users\Daniel\AppData\Local\Programs
2013-05-24 16:54 . 2013-05-24 21:25 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-05-24 16:53 . 2013-05-24 21:43 -------- d-----w- c:\program files (x86)\Java
2013-05-24 16:33 . 2013-05-13 23:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{505820C0-9681-4433-95A8-66B4A6A5EAFA}\mpengine.dll
2013-05-24 15:56 . 2013-03-06 22:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-24 15:56 . 2013-03-06 22:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-24 15:56 . 2013-03-06 22:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-24 15:56 . 2013-03-06 22:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-24 15:56 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-24 15:56 . 2013-03-06 22:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-24 15:56 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-24 15:56 . 2013-03-06 22:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-24 15:56 . 2013-03-06 22:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-24 15:55 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-05-24 15:54 . 2013-05-24 15:54 -------- d-----w- c:\program files\AVAST Software
2013-05-24 15:53 . 2013-05-24 15:54 -------- d-----w- c:\programdata\AVAST Software
2013-05-15 19:32 . 2013-04-05 06:50 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-05-05 07:13 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-24 21:25 . 2010-07-07 16:34 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-24 20:55 . 2010-07-07 16:34 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-24 18:05 . 2011-12-29 19:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-17 06:38 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-03 14:15 . 2010-07-07 15:49 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 00:06 . 2010-07-07 15:48 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 13:55 . 2013-04-18 13:55 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys
2013-04-13 05:49 . 2013-05-15 17:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 17:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 17:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 17:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 17:02 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 17:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-21 14:15 . 2013-03-21 14:15 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-21 14:15 . 2013-03-21 14:15 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-21 14:15 . 2013-03-21 14:15 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-21 14:15 . 2013-03-21 14:15 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-21 14:15 . 2013-03-21 14:15 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-21 14:15 . 2013-03-21 14:15 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-21 14:15 . 2013-03-21 14:15 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-21 14:15 . 2013-03-21 14:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-21 14:15 . 2013-03-21 14:15 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-21 14:15 . 2013-03-21 14:15 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-21 14:15 . 2013-03-21 14:15 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-21 14:15 . 2013-03-21 14:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-21 14:15 . 2013-03-21 14:15 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-21 14:15 . 2013-03-21 14:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-21 14:15 . 2013-03-21 14:15 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-21 14:15 . 2013-03-21 14:15 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-21 14:15 . 2013-03-21 14:15 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-21 14:15 . 2013-03-21 14:15 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-21 14:15 . 2013-03-21 14:15 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-21 14:15 . 2013-03-21 14:15 441856 ----a-w- c:\windows\system32\html.iec
2013-03-21 14:15 . 2013-03-21 14:15 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-21 14:15 . 2013-03-21 14:15 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-21 14:15 . 2013-03-21 14:15 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-21 14:15 . 2013-03-21 14:15 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-21 14:15 . 2013-03-21 14:15 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-21 14:15 . 2013-03-21 14:15 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-21 14:15 . 2013-03-21 14:15 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-21 14:15 . 2013-03-21 14:15 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-21 14:15 . 2013-03-21 14:15 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-21 14:15 . 2013-03-21 14:15 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-21 14:15 . 2013-03-21 14:15 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-21 14:15 . 2013-03-21 14:15 235008 ----a-w- c:\windows\system32\url.dll
2013-03-21 14:15 . 2013-03-21 14:15 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-21 14:15 . 2013-03-21 14:15 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-21 14:15 . 2013-03-21 14:15 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-21 14:15 . 2013-03-21 14:15 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-21 14:15 . 2013-03-21 14:15 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-21 14:15 . 2013-03-21 14:15 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-21 14:15 . 2013-03-21 14:15 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-21 14:15 . 2013-03-21 14:15 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-21 14:15 . 2013-03-21 14:15 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-21 14:15 . 2013-03-21 14:15 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-21 14:15 . 2013-03-21 14:15 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-21 14:15 . 2013-03-21 14:15 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-21 14:15 . 2013-03-21 14:15 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-21 14:15 . 2013-03-21 14:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-21 14:15 . 2013-03-21 14:15 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-21 14:15 . 2013-03-21 14:15 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-21 14:15 . 2013-03-21 14:15 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-21 14:13 . 2013-03-21 14:13 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-21 14:13 . 2013-03-21 14:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-03-21 14:13 . 2013-03-21 14:13 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-03-21 14:13 . 2013-03-21 14:13 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-21 14:13 . 2013-03-21 14:13 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-21 14:13 . 2013-03-21 14:13 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-21 14:13 . 2013-03-21 14:13 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-21 14:13 . 2013-03-21 14:13 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-03-21 14:13 . 2013-03-21 14:13 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-21 14:13 . 2013-03-21 14:13 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-21 14:13 . 2013-03-21 14:13 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-21 14:13 . 2013-03-21 14:13 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-03-21 14:13 . 2013-03-21 14:13 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-21 14:13 . 2013-03-21 14:13 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-03-21 14:13 . 2013-03-21 14:13 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-03-21 14:13 . 2013-03-21 14:13 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-03-21 14:13 . 2013-03-21 14:13 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-03-21 14:13 . 2013-03-21 14:13 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-03-21 14:13 . 2013-03-21 14:13 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-21 14:13 . 2013-03-21 14:13 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-14 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-04-19 161384]
R3 aswVmm;aswVmm; [x]
R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [2010-08-19 157576]
R3 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
R3 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
R3 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
R3 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
R3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2010-08-19 339848]
R3 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2011-12-15 426328]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys [2013-04-18 18456]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-10 1255736]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2013-04-18 1227800]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2013-04-18 659992]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2010-10-12 61520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-11 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-06-14 38528]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-24 18:05]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 19:34]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 19:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-22 11490408]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aldi.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Sidebar - c:\program files\Windows Sidebar\sidebar.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-pball6 - c:\sierra\Thrillride\Uninst.isu
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-25 15:22:18
ComboFix-quarantined-files.txt 2013-05-25 13:22
.
Vor Suchlauf: 7 Verzeichnis(se), 1.340.597.153.792 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 1.341.005.070.336 Bytes frei
.
- - End Of File - - 8DB05684CF3EC3000A30D6DE591F0035
lg, RuKe |
|
25.05.2013, 18:08
| #4 |
| /// Helfer-Team | Österreichische Version vom Polizei Trojaner Nach einem neustart solle es wieder gehen. Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
25.05.2013, 20:55
| #5 |
| | Österreichische Version vom Polizei Trojaner Halo, alle Programme sind durchgelaufen, hier sind die log files: aswmbr: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-25 19:16:57
-----------------------------
19:16:57.839 OS Version: Windows x64 6.1.7601 Service Pack 1
19:16:57.839 Number of processors: 4 586 0x503
19:16:57.839 ComputerName: DANIEL-PC UserName: Daniel
19:17:00.210 Initialize success
19:17:00.273 AVAST engine defs: 13052500
19:17:15.467 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
19:17:15.483 Disk 0 Vendor: ST315005 CC34 Size: 1430799MB BusType: 11
19:17:15.545 Disk 0 MBR read successfully
19:17:15.561 Disk 0 MBR scan
19:17:15.561 Disk 0 unknown MBR code
19:17:15.576 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:17:15.592 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1398953 MB offset 206848
19:17:15.608 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 2865262592
19:17:15.623 Disk 0 Partition 4 00 12 Compaq diag NTFS 1024 MB offset 2928177152
19:17:15.639 Disk 0 scanning C:\Windows\system32\drivers
19:17:25.436 Service scanning
19:17:38.711 Modules scanning
19:17:38.727 Disk 0 trace - called modules:
19:17:38.758 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
19:17:38.758 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800461b790]
19:17:38.758 3 CLASSPNP.SYS[fffff8800191c43f] -> nt!IofCallDriver -> [0xfffffa80044b3b80]
19:17:38.758 5 amd_xata.sys[fffff880010fa7a8] -> nt!IofCallDriver -> \Device\00000054[0xfffffa80044af9c0]
19:17:40.443 AVAST engine scan C:\Windows
19:17:44.717 AVAST engine scan C:\Windows\system32
19:19:59.018 AVAST engine scan C:\Windows\system32\drivers
19:20:10.624 AVAST engine scan C:\Users\Daniel
19:27:00.219 AVAST engine scan C:\ProgramData
19:29:41.304 Scan finished successfully
19:30:48.369 Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
19:30:48.369 The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=45e56ddd758f8a46a9311c2bcb01c336
# engine=13913
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-25 07:18:37
# local_time=2013-05-25 09:18:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 98539 146222989 0 0
# compatibility_mode=4609 16776574 40 50 45537924 102399225 0 0
# compatibility_mode=5893 16776574 100 94 38831 121139367 0 0
# scanned=166743
# found=0
# cleaned=0
# scan_time=5493
Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus BullGuard Antivirus Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.7009) Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Adobe Flash Player 11.7.700.202 Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` lg, RuKe |
|
26.05.2013, 15:02
| #6 |
| /// Helfer-Team | Österreichische Version vom Polizei Trojaner Aktualisiere:
Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck Windows Repair Tool (AIO)
__________________ --> Österreichische Version vom Polizei Trojaner |
|
26.05.2013, 16:11
| #7 |
| | Österreichische Version vom Polizei Trojaner Hallo t'john, aufgrund DER Probleme mit meinem Explorer wars mir momentan nicht möglich den Adobe Reader herunterzuladen. Auch nach dem Windows repair tool läuft der Explorer noch nicht richtig. Hier ist der Plugincheck nach der Aktualisierung von Java: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Browser nicht erkannt Flash (11,7,700,202) ist aktuell. Java (1,7,0,21) ist aktuell. Adobe Reader ist nicht installiert oder aktiviert. Zurück und hier nach der Deaktivierung: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Browser nicht erkannt Flash (11,7,700,202) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader ist nicht installiert oder aktiviert. lg, RuKe edit: Ich habe es geschafft firefox herunterzuladen wegen der Probleme mit dem IE. hier ist der neue plugin check: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 21.0 ist aktuell Flash (11,7,700,202) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 11,0,3,37 ist aktuell. Geändert von RuKe (26.05.2013 um 16:28 Uhr) |
|
26.05.2013, 16:31
| #8 |
| /// Helfer-Team | Österreichische Version vom Polizei Trojaner Bitte mal ausfuehren: http://www.trojaner-board.de/72874-s...eparieren.html Danach: - neustarten - berichten |
|
26.05.2013, 17:14
| #9 |
| | Österreichische Version vom Polizei Trojaner Windows Systemintegritätsüberprüfung ist durchgelaufen und hat keine Integritätsverletzung gefunden. Das log file ist zu groß zum ahängen falls es benötigt wird. lg RuKe |
|
26.05.2013, 17:34
| #10 |
| /// Helfer-Team | Österreichische Version vom Polizei Trojaner Versuche mal Internet Explorer 10 zu installieren. |
|
26.05.2013, 18:28
| #11 |
| | Österreichische Version vom Polizei Trojaner Hallo, Der Internet Explorer funktioniert wieder einwandfrei! lg RuKe |
|
26.05.2013, 18:29
| #12 |
| /// Helfer-Team | Österreichische Version vom Polizei Trojaner Sehr gut! damit bist Du sauber und entlassen!  Tool-Bereinigung Die Reihenfolge ist hier entscheidend.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
26.05.2013, 19:00
| #13 |
| | Österreichische Version vom Polizei Trojaner Hallo t'john, vielen Dank für die Hilfe!!! Finde echt super was ihr hier macht. lg RuKe |
|
27.05.2013, 09:13
| #14 |
| /// Helfer-Team | Österreichische Version vom Polizei Trojaner wuensche eine virenfreie Zeit  |
|
| Themen zu Österreichische Version vom Polizei Trojaner |
| adobe, antivirus, aswrvrt.sys, battle.net, bho, defender, error, fehler, firefox, flash player, format, helper, home, homepage, iexplore.exe, install.exe, logfile, msiinstaller, ntdll.dll, plug-in, programm, realtek, registry, rundll, secunia psi, security, software, svchost.exe, system, teamspeak, trojan.fakealert.rgenx, trojaner, udp |
WARNUNG an die MITLESER: 
Linear-Darstellung
