Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Polizei-Trojaner Win7 x64

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.01.2013, 18:02   #1
simonwent
 
Polizei-Trojaner Win7 x64 - Standard

Polizei-Trojaner Win7 x64



Hallo,

am 21.12.12 habe ich eine file gedownloaded als keygen. Nach dem Öffnen erschien der bereits bekannte Polizei-Trojaner. Ich hatte keine Möglichkeit zu agieren außer Ein und Ausschalten des Notebooks. Nach Starten im Abgesicherten Modus war es mir möglich zu agieren, habe ich den Malewarebytes scan laut Anleitung zum Loswerden des Verschlüsselungstrojaners durchgeführt. Weiters habe ich bemerkt, das einige Datei auf meinem Desktop andere Symbole als vor dem Auftauchen des Trojaners tragen und nach Anklicken den Trojaner starten. Ich habe weiters die Schritte zum Scan meines Systems (OTL, etc.) durchgeführt.

Hier meine Logfiles von OTL und Extra:

Code:
ATTFilter
OTL logfile created on: 01.01.2013 16:15:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: *** | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,63% Memory free
5,99 Gb Paging File | 4,66 Gb Available in Paging File | 77,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,95 Gb Total Space | 152,15 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,11 Gb Free Space | 51,08% Space Free | Partition Type: NTFS
Drive F: | 346,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: *** | User Name: ***  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.01 16:01:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.10.28 11:51:19 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.10.11 08:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.10.11 08:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.10.03 14:51:04 | 000,725,400 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.10.03 14:50:46 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.31 15:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.01.28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\pg_ctl.exe
PRC - [2011.01.28 06:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\postgres.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.15 11:37:54 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\ad81026776fce15ca95b5d24700f588f\System.ServiceProcess.ni.dll
MOD - [2012.11.15 11:37:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65cbb9191c505c1a4543971d8d9a29ef\System.Runtime.Remoting.ni.dll
MOD - [2012.11.15 03:43:22 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2b693062263360f48e7f9a5307bdd49e\System.Xaml.ni.dll
MOD - [2012.11.15 03:25:24 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1283c31016c55e1417bea5be8a5aa6b7\PresentationFramework.ni.dll
MOD - [2012.11.15 03:25:02 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ef471959d0869308ddeb5899c30753c5\PresentationCore.ni.dll
MOD - [2012.11.15 03:24:45 | 003,880,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f2b33a0cacee1a8b16a1cb75e6b48ae3\WindowsBase.ni.dll
MOD - [2012.11.15 03:18:51 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ff7d2ccac9623b009cf0b310f44c14b3\System.Configuration.ni.dll
MOD - [2012.11.15 03:18:41 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3aa55846424ac3562c9c4719e356d5c2\System.Xml.ni.dll
MOD - [2012.11.15 03:18:26 | 007,053,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\984dd13b0ef822c9c79271b5c309b7a1\System.Core.ni.dll
MOD - [2012.11.15 03:18:15 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\551ff4adc88e19e4ff78ecdb39c4230b\System.ni.dll
MOD - [2012.11.15 03:18:07 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\031abbfbd476fdc0c392160b67f2c662\mscorlib.ni.dll
MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.12 17:34:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.05 21:18:27 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.03 14:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.31 15:02:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.01.28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- c:\postgreSQL\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.08.21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.08.21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.08.21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.08.21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.08.21 10:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.08.21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.06.27 14:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.15 09:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.07 23:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006.11.18 12:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2006.11.17 16:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D B5 A2 07 C2 44 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: fbp%40fbpurity.com:8.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.10.14 11:48:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 21:18:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.08 21:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2012.12.14 14:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4y4aa8yq.default\extensions
[2012.12.14 14:07:12 | 000,062,582 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4y4aa8yq.default\extensions\fbp@fbpurity.com.xpi
[2012.12.05 21:18:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.05 21:18:29 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.01 17:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 09:31:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.01 17:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 17:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 17:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 17:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.10.26 15:10:30 | 000,000,861 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [CPN Notifier] C:\Program Files (x86)\PIVCAKE\PokerNotifier.exe File not found
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [Softonic for Windows] C:\Users\***\AppData\Local\Softonic\Softonic.exe (Softonic)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C1245CC-BE44-4F8B-830F-327533698757}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E2DB968-2B98-4109-886E-96BDCDE040F6}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93230C87-ACF9-4489-A867-05A9D4C7D219}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = "H:\Adobe CS5\Set-up.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.01 16:01:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.12.22 21:58:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.12.22 21:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.22 21:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.22 21:57:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.22 21:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.20 17:16:28 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop\desk
[2012.12.14 14:33:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bulldog777 Poker
[2012.12.14 14:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bulldog777
[2012.12.14 14:23:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Muchos Poker
[2012.12.14 14:22:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps
[2012.12.14 14:22:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Deployment
[2012.12.07 02:08:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SimpleTV V03
[2012.12.07 02:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimpleTV
[2012.12.07 02:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SimpleTV
[2012.12.06 02:18:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\XBMC
[2012.12.06 02:16:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
[2012.12.06 02:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBMC
[2012.12.06 01:18:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PotPlayerMini64
[2012.12.06 01:18:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Daum
[2012.12.06 01:18:16 | 000,000,000 | ---D | C] -- C:\Directx
[2012.12.06 01:09:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
[2012.12.06 01:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[2012.12.06 01:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\DAUM
[2012.12.05 21:56:56 | 000,000,000 | ---D | C] -- C:\Users\***\Sleepy Hollow.1999.HDRip.x264.AAC[5.1]-VLiS
[2012.12.05 21:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.04 14:03:56 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\VideoPad Projects
[2012.12.04 13:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012.12.04 13:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012.12.04 13:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012.12.04 13:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2012.12.04 13:00:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NCH Software
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.01 16:01:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.01 16:00:51 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.01 15:56:53 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.01 15:47:25 | 000,001,063 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.01 15:46:52 | 000,001,049 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2013.01.01 15:42:37 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.01 15:41:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.01 15:41:33 | 2414,325,760 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.23 10:24:09 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 10:24:09 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.23 10:18:16 | 004,973,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.23 10:03:20 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.23 10:03:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.22 21:57:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 21:53:02 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.12.22 21:52:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.12.18 02:33:39 | 000,026,672 | ---- | M] () -- C:\Users\***\Desktop\michael-appelt_ich.jpg
[2012.12.17 23:39:24 | 000,022,642 | ---- | M] () -- C:\Users\***\Desktop\kata.jpg
[2012.12.17 23:25:30 | 000,078,842 | ---- | M] () -- C:\Users\***\Desktop\christmas.jpg
[2012.12.17 23:14:14 | 003,964,928 | ---- | M] () -- C:\Users\***\Desktop\Halloween Graz 31.10.2010  (29).JPG
[2012.12.17 23:14:01 | 004,030,464 | ---- | M] () -- C:\Users\***\Desktop\Immanuel Wohnung Simons Graz besuch 06.12.2010 (1).JPG
[2012.12.17 22:59:21 | 000,200,477 | ---- | M] () -- C:\Users\***\Desktop\pic.jpg
[2012.12.17 22:56:54 | 000,645,806 | ---- | M] () -- C:\Users\***\Desktop\IMG_20121212_174415.jpg
[2012.12.17 22:56:54 | 000,268,301 | ---- | M] () -- C:\Users\***\Desktop\IMG_20121217_225343.jpg
[2012.12.17 22:56:17 | 000,914,173 | ---- | M] () -- C:\Users\***\Desktop\anhaenge.zip
[2012.12.17 08:40:44 | 000,131,226 | ---- | M] () -- C:\Users\***\Desktop\bescheid stipendium phd.pdf
[2012.12.14 14:33:37 | 000,001,895 | ---- | M] () -- C:\Users\***\Desktop\Bulldog777 Poker.lnk
[2012.12.14 14:23:42 | 000,000,330 | ---- | M] () -- C:\Users\***\Desktop\Muchos App.appref-ms
[2012.12.13 16:23:25 | 002,344,501 | ---- | M] () -- C:\Users\***\Desktop\20121213_162303.jpg
[2012.12.11 22:26:19 | 000,248,813 | ---- | M] () -- C:\Users\***\Desktop\huntington.pdf
[2012.12.09 18:13:16 | 000,189,474 | ---- | M] () -- C:\Users\***\Desktop\OBL_Miet-Wohnung Jahnstraße IBK.pdf
[2012.12.08 01:04:31 | 000,001,037 | ---- | M] () -- C:\Users\***\Desktop\PotPlayer x64.lnk
[2012.12.07 02:08:20 | 000,000,971 | ---- | M] () -- C:\Users\***\Desktop\SimpleTV.lnk
[2012.12.06 13:24:56 | 000,004,934 | ---- | M] () -- C:\Users\***\Desktop\Studienblatt *** 2224 16.03.1987.pdf
[2012.12.06 03:25:07 | 000,000,248 | ---- | M] () -- C:\Users\***\.swfinfo
[2012.12.05 22:38:50 | 1311,572,829 | ---- | M] () -- C:\Users\***\Desktop\Sleepy Hollow.1999.HDRip.x264.AAC[5.1]-VLiS.mkv
[2012.12.05 03:32:23 | 002,322,432 | ---- | M] () -- C:\Users\***\Desktop\fm4_ombudsmann_121123_215445.mp3
[2012.12.04 13:04:30 | 000,001,134 | ---- | M] () -- C:\Users\***\Desktop\VideoPad Video Editor.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.01 16:00:51 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.01 15:56:51 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.12.22 21:57:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 21:53:02 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.12.18 02:33:35 | 000,026,672 | ---- | C] () -- C:\Users\***\Desktop\michael-appelt_ich.jpg
[2012.12.17 23:39:18 | 000,022,642 | ---- | C] () -- C:\Users\***\Desktop\kata.jpg
[2012.12.17 23:25:27 | 000,078,842 | ---- | C] () -- C:\Users\***\Desktop\christmas.jpg
[2012.12.17 23:12:34 | 003,964,928 | ---- | C] () -- C:\Users\***\Desktop\Halloween Graz 31.10.2010  (29).JPG
[2012.12.17 23:12:30 | 004,030,464 | ---- | C] () -- C:\Users\***\Desktop\Immanuel Wohnung Simons Graz besuch 06.12.2010 (1).JPG
[2012.12.17 22:59:18 | 000,200,477 | ---- | C] () -- C:\Users\***\Desktop\pic.jpg
[2012.12.17 22:56:38 | 000,268,301 | ---- | C] () -- C:\Users\***\Desktop\IMG_20121217_225343.jpg
[2012.12.17 22:56:35 | 000,645,806 | ---- | C] () -- C:\Users\***\Desktop\IMG_20121212_174415.jpg
[2012.12.17 22:56:12 | 000,914,173 | ---- | C] () -- C:\Users\***\Desktop\anhaenge.zip
[2012.12.17 08:40:44 | 000,131,226 | ---- | C] () -- C:\Users\***\Desktop\bescheid stipendium phd.pdf
[2012.12.14 14:33:37 | 000,001,895 | ---- | C] () -- C:\Users\***\Desktop\Bulldog777 Poker.lnk
[2012.12.14 14:23:42 | 000,000,330 | ---- | C] () -- C:\Users\***\Desktop\Muchos App.appref-ms
[2012.12.13 16:22:45 | 002,344,501 | ---- | C] () -- C:\Users\***\Desktop\20121213_162303.jpg
[2012.12.11 22:26:19 | 000,248,813 | ---- | C] () -- C:\Users\***\Desktop\huntington.pdf
[2012.12.09 18:13:16 | 000,189,474 | ---- | C] () -- C:\Users\***\Desktop\OBL_Miet-Wohnung Jahnstraße IBK.pdf
[2012.12.07 02:08:20 | 000,000,971 | ---- | C] () -- C:\Users\***\Desktop\SimpleTV.lnk
[2012.12.06 13:24:56 | 000,004,934 | ---- | C] () -- C:\Users\***\Desktop\Studienblatt *** 2224 16.03.1987.pdf
[2012.12.06 03:25:06 | 000,000,248 | ---- | C] () -- C:\Users\***\.swfinfo
[2012.12.06 01:09:10 | 000,001,037 | ---- | C] () -- C:\Users\***\Desktop\PotPlayer x64.lnk
[2012.12.05 21:56:56 | 1311,572,829 | ---- | C] () -- C:\Users\***\Desktop\Sleepy Hollow.1999.HDRip.x264.AAC[5.1]-VLiS.mkv
[2012.12.05 03:32:18 | 002,322,432 | ---- | C] () -- C:\Users\***\Desktop\fm4_ombudsmann_121123_215445.mp3
[2012.12.04 13:04:30 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
[2012.12.04 13:04:30 | 000,001,134 | ---- | C] () -- C:\Users\***\Desktop\VideoPad Video Editor.lnk
[2012.12.04 13:03:51 | 000,001,122 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
[2012.11.14 01:59:48 | 740,300,690 | ---- | C] () -- C:\Users\***\One Day in September (1999)[DVDRip (Xvid)] - LikeHerod
[2012.10.31 12:58:41 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.20 19:56:17 | 000,143,664 | ---- | C] () -- C:\Users\***\Faust.2011.DVDRip.AC3.HORiZON-ArtSubs.idx
[2012.10.20 19:55:12 | 013,398,016 | ---- | C] () -- C:\Users\***\Faust.2011.DVDRip.AC3.HORiZON-ArtSubs.sub
[2012.10.10 15:57:05 | 098,005,738 | ---- | C] () -- C:\Users\***\Photoshop_Portable_13.0.1_Multilingual.exe
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.30 00:24:16 | 000,007,632 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.06.28 14:13:20 | 001,642,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.07 15:26:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.27 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Awesomium
[2013.01.01 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.06.13 22:11:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EndNote
[2012.10.26 15:33:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Guitar Pro 6
[2012.06.29 10:09:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEM Data
[2012.12.20 12:18:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HoldemManager
[2012.07.27 17:04:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MuchosPoker
[2012.07.27 13:29:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MuchosPoker CustomAvatars
[2012.06.28 22:52:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2012.07.27 17:42:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PacificPoker
[2012.10.23 18:48:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.12.06 01:18:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PotPlayerMini64
[2012.12.05 02:14:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\qs
[2012.10.19 18:58:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.12.09 13:33:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SimpleTV V03
[2012.12.19 21:11:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2012.09.04 17:31:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.06.11 13:15:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thinstall
[2012.12.04 23:53:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle
[2013.01.01 15:43:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2012.12.09 13:51:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XBMC
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\PIVCAKE:MID
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:DBC416F8

< End of report >
         


Code:
ATTFilter
OTL Extras logfile created on: 01.01.2013 16:15:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,63% Memory free
5,99 Gb Paging File | 4,66 Gb Available in Paging File | 77,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,95 Gb Total Space | 152,15 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,11 Gb Free Space | 51,08% Space Free | Partition Type: NTFS
Drive F: | 346,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: KATARINADANZL | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E9A549-9DBB-4221-8567-6DBB4D3CDB2C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{08B60C1A-C420-49F4-B18B-D3DA61583749}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0EE239A5-501D-4176-B89D-BFD946D184E3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1F80C0EE-84F8-41E7-919B-5479327C243F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2CA756A2-2ACC-4FC3-BD0A-2054B7B301BF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{327441CD-3A2D-40A8-869E-F0CFFC323A0B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{524E56C4-E657-4BC6-A2BA-DE41D8B76C5E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{556817AD-2472-4D1A-A6E8-8BD2D43088D1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{597E3C2A-188B-4032-A31D-90F226F240B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{67D33803-4F48-4827-922F-2395991AA98E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6DABB089-8DD3-4FDD-8A09-F7BA66F9D505}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6DCE0757-676D-4395-8BDE-B950F1E0DF14}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{71C235AB-1B96-4856-A37B-87586234C184}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7E948BA9-593C-4F4E-A16E-50AFC68496F8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{86873774-AE6F-4706-BF19-76D0AADE03D2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A159E066-C4E7-473E-BFA4-DFE3CB77F980}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A7F124D2-5C9D-4168-B392-6D6A92946B27}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A9DC1C29-9E06-4D61-916D-EBA20CA68E5C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B35C8754-1657-4CD7-9741-D08CA1FBF947}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B68C4B7C-4CF6-44FF-89BD-3D55716B0AC2}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{B9A57943-DA08-44CA-A258-B539DF25A1BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BF61045C-F8BA-45F2-967A-5413C0336888}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BFDD84BF-0A2B-4A4C-8982-049A936CE8F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEA33D91-E38B-4B3A-8E75-52789DFBA08B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D9024943-EA54-4A02-8452-5B1C658668C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DCF743F4-37F7-49C3-9BBF-824F34BA1B8D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{E88A80C0-0803-47A6-BCF2-2D895A0B6758}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EB854A2F-3689-4917-9BDF-4ADB36B2BB41}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F065A37C-7B45-4DDF-BFE1-D729E8E1687D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F1908198-1EF2-467A-B970-16BF32FD65D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F2C32ED6-D9F9-4480-A274-D03CAE45427B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F9355D75-6FDA-41CB-86EF-8B5275DAECF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D12519D-AEB8-4E0A-99FF-530EB0B7AF3E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{0F028E0E-07FF-4C07-BD0F-6F178178194A}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{0F923008-7AFF-451E-90FE-4821A2766D00}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{19E5FAD5-61AD-46E1-822E-CCC67EA7AC9A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{21230C08-8608-42FC-B485-434AE4B377A9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{2A0638A6-64F0-469B-A08E-F3038DB144FD}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"{2CCE2888-2234-4CF2-A75F-F4134445CC57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{39DA5A54-297A-40B8-A83B-C84BF199BBEA}" = protocol=6 | dir=in | app=c:\program files (x86)\pivcake\pokerclient.exe | 
"{3B389782-11FB-45AC-AAD1-8AFD6B323C39}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3B7B7022-357D-47C0-994F-8D5D24F69AF3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4AA1E57A-5348-45C4-89AD-731967C15A9C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{4E6E582D-12A8-4D5D-AE64-97CD528E98E6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{4F34504F-278F-40A9-A68D-AA4390FEC56B}" = protocol=6 | dir=out | app=system | 
"{53920B08-77F0-4E5C-9733-9519485D1DFD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{557056A3-8DFE-49B3-AC2C-15A5468A6115}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5661C852-50F6-4066-833A-28B9F837FB6A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{61236DB2-3E5A-4FA9-942C-9E7A7BB070A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{68D90DF0-A48F-488A-AE3B-F62574907F20}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{69DE971F-0C21-42C6-A430-B7CFFCEBF428}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6C72E7D2-9AC0-4E23-951E-78578E8B90E0}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{75FDD1C0-556E-4307-AB8D-A1DCFDABEDBE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{761499BD-53D1-4CDB-AD74-6C6478AF0917}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7CACBADD-BBD5-48B8-9A94-EC1AE72800C9}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"{7FF321FC-D061-4373-A93B-C0EA3DAB1BDE}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{8295C9E7-3299-4FFE-BA97-13663DB2371F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{82A9F249-522A-49D2-B152-F2BB679CF6BD}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{86CA7580-E349-42BA-80FF-07F0816A3DD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E7D5830-9C90-4EF9-8495-111D54C615D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{973BABF3-F785-4482-9AB4-123AF015A503}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{9938DC1E-A40F-430D-99C5-AAF7CB229035}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{9BB21040-EB21-4171-B236-6D2EA86260B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9EF6766D-D60A-4C97-A14C-666ABFED031B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AC5100AC-27E1-4F38-AED4-0A823B42A4A3}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{AECC592C-5F61-4BB7-B634-3425197EDA06}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B05C3B18-91ED-40DD-A41F-F389DFB5022F}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{B61A9D8F-4073-421E-BC18-AD47FC126C00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BA425591-5323-4868-AE81-A4A2D50DF1E0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{BC6BD544-7857-45D3-8F03-14CF6F725563}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{CD840D82-4A40-46F1-A67C-5873AB2E28A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D36287E0-8978-4BB3-A73A-26D88E5FFD23}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D549BF00-5645-4C8F-8ED1-34820096732A}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{E1F8D276-789B-49C9-A72C-0DAD48EB1AAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E5DA8F9F-A614-43B0-9DDF-A40B9AD684B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F518E1C9-0E28-4D0D-9547-6FDFACD3423D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F6C2772E-9CB4-4DF2-8D97-937662B7BFBF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F8D89918-B2A6-4153-A51B-357EAD0874D1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{FB60BE00-3573-4C22-85FD-45E8C7A5BA34}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FC0F9507-F22F-455C-B605-2D4AC3294413}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FCB82FF8-27B0-4A22-9C91-3FE9DC8EBF46}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FD6C7A38-9972-4CEB-93AB-EC280904FDDD}" = protocol=17 | dir=in | app=c:\program files (x86)\pivcake\pokerclient.exe | 
"{FE09656A-397C-4ED7-8151-29DCB3D59EA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{06E5DE35-F006-4A36-8160-8BCFDA12C6B3}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{31C5A768-958C-4B0A-B640-A4A5A63215D2}C:\program files (x86)\simpletv\tv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\simpletv\tv.exe | 
"TCP Query User{38B1DD00-6B39-4A8F-9C6B-8D8552F63476}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{4CF2C00E-0250-48EE-8246-ECBCCF0805B0}C:\users\***\desktop\dein zeugs\aoe2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\katarina danzl\desktop\dein zeugs\aoe2\age2_x1.exe | 
"TCP Query User{54FEB82D-0F82-4075-B69B-3133ED1F4DB6}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{5F7A16A2-BF80-4BB1-8AA5-92F611F874F1}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{62597305-4511-4122-B2EC-15D91112C5CA}C:\users\***\desktop\aoe2\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\aoe2\age2_x1.exe | 
"TCP Query User{729A5A2B-E346-4F0A-9AA0-3D629FBD86EA}C:\users\***\desktop\aoe2\empires2.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\aoe2\empires2.exe | 
"TCP Query User{797A8E92-8B05-4D49-BBB3-8805B932A329}C:\program files (x86)\piventr\pokerclient\piventr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\piventr\pokerclient\piventr.exe | 
"TCP Query User{801F5B70-13D3-4516-857C-F4CA0E963348}C:\program files (x86)\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"TCP Query User{922CE243-FBC9-47D3-B01D-724DC522EF4D}C:\users\***\desktop\blobby\volley.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\blobby\volley.exe | 
"TCP Query User{A014FD58-35EE-462B-B1B7-03472F3FBE56}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{A543A469-7786-4A90-BAD4-BBFD0A01E4F3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{BEF33199-A102-4F20-93B8-554EE7EF9C49}C:\users\***\desktop\dein zeugs\aoe2-the conquers\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\dein zeugs\aoe2-the conquers\age2_x1.exe | 
"TCP Query User{F05C1FD6-408E-4C67-845B-E9E490A4B076}C:\users\***\desktop\dein zeugs\aoe2\aoc.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\dein zeugs\aoe2\aoc.exe | 
"UDP Query User{17E3B0A7-1F13-43E5-922C-85E70C4E1E92}C:\program files (x86)\piventr\pokerclient\piventr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\piventr\pokerclient\piventr.exe | 
"UDP Query User{1B3A9F1D-B530-452E-8B44-7E165E79B6F1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{1F26F8DB-F12E-4725-86BC-3B1750296282}C:\program files (x86)\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xbmc\xbmc.exe | 
"UDP Query User{22513F61-23F3-4B03-AC0F-3643FE0F43FA}C:\users\***\desktop\dein zeugs\aoe2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\dein zeugs\aoe2\age2_x1.exe | 
"UDP Query User{261092F6-80E8-4178-8EEC-D31F379050AB}C:\users\***\desktop\aoe2\empires2.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\aoe2\empires2.exe | 
"UDP Query User{30E14875-289C-4B75-909C-A263811480F0}C:\program files (x86)\simpletv\tv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\simpletv\tv.exe | 
"UDP Query User{311226CA-C3A6-4524-B0D6-C08296AEB613}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{3F709602-6D0D-4E7D-AFB1-83F6866E5E2A}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{4B30718B-D38C-493A-A752-2E63CE704329}C:\users\***\desktop\dein zeugs\aoe2\aoc.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\dein zeugs\aoe2\aoc.exe | 
"UDP Query User{5A89B675-0EF9-47DF-8D15-9DFFA5519107}C:\users\***\desktop\aoe2\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\aoe2\age2_x1.exe | 
"UDP Query User{736426FC-991D-4A50-8A58-3E631AC2311C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{CA56622B-CA33-4F07-A9FD-DCDA4ACB0A26}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{E390931F-9469-4AC8-B4DA-A9260876C20E}C:\users\***\desktop\dein zeugs\aoe2-the conquers\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\dein zeugs\aoe2-the conquers\age2_x1.exe | 
"UDP Query User{E58EF513-1E26-4636-935C-33F2B7BE776C}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{FEA28888-F9D2-4157-AF79-6B5C22030031}C:\users\***\desktop\blobby\volley.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\blobby\volley.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{ED7FE81C-378C-411D-B5B4-509B978BA204}" = UltraMon
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PotPlayer64" = Daum PotPlayer 1.5.34665 x64 Edition
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{290A2821-B1F8-4566-B49A-25F349A5B5CB}_is1" = SimpleTV 0.4.7 b2
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{60A86035-3EAD-401C-8C8F-5CB46977320F}" = QuickSnooker
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"1180-6883-2514-0226-pokerinvenice-PROD" = PivEntr
"5513-1208-7298-9440" = JDownloader 0.9
"888poker" = 888poker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Debut" = Debut Video Capture Software
"GraphPad Prism_is1" = GraphPad Prism 4
"HoldemManager2" = Holdem Manager 2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PIVCAKE" = PIVCAKE
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"PowerISO" = PowerISO
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"TeamViewer 7" = TeamViewer 7
"Titan Poker" = Titan Poker
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bulldog777 Poker" = Bulldog777 Poker
"d114aea568955389" = Muchos App
"Dropbox" = Dropbox
"MuchosPokerCustomAvatars_298_12" = MuchosPoker CustomAvatars
"PivMerge" = PivMerge
"Spotify" = Spotify
"XBMC" = XBMC
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.12.2012 05:03:01 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.12.2012 05:03:01 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15105015
 
Error - 23.12.2012 05:03:01 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15105015
 
Error - 23.12.2012 05:03:02 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.12.2012 05:03:02 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15106029
 
Error - 23.12.2012 05:03:02 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15106029
 
Error - 23.12.2012 05:03:03 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.12.2012 05:03:03 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15107028
 
Error - 23.12.2012 05:03:03 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15107028
 
Error - 23.12.2012 05:17:58 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description = 2012-12-23 10:17:58 CETFATAL:  the database system is starting up 
 
Error - 01.01.2013 10:42:16 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description = 2013-01-01 15:42:16 CETFATAL:  the database system is starting up 
 
[ System Events ]
Error - 22.12.2012 16:48:25 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.12.2012 16:48:25 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.12.2012 16:52:09 | Computer Name = *** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 22.12.2012 16:52:09 | Computer Name = *** | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 23.12.2012 00:51:03 | Computer Name = *** | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 23.12.2012 05:02:55 | Computer Name = *** | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 23.12.2012 05:17:14 | Computer Name = *** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 23.12.2012 05:17:14 | Computer Name = *** | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 01.01.2013 10:41:39 | Computer Name = *** | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 01.01.2013 10:41:39 | Computer Name = *** | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         

Anti-Malewarebytes Logfile:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.22.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

Schutz: Aktiviert

22.12.2012 22:01:21
mbam-log-2012-12-23 (10-04-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 500033
Laufzeit: 1 Stunde(n), 38 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 10
C:\recovery2\IMG_5798.JPG (Extension.Mismatch) -> Keine Aktion durchgeführt.
C:\recovery2\IMG_6518.JPG (Extension.Mismatch) -> Keine Aktion durchgeführt.
C:\Users\***\0.561871096702322.exe (Trojan.Ransom) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-5cbbde60 (Trojan.Reveton) -> Keine Aktion durchgeführt.
C:\Users\***\Desktop\dein zeugs\aoe2\age2_x1.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\***\Desktop\dein zeugs\Aoe2-The Conquers\age2_x1.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\***\Desktop\PhotoshopPortable\App\PhotoshopCS6\amtlib.dll (PUP.RiskwareTool.CK) -> Keine Aktion durchgeführt.
C:\Users\***\Downloads\download.exe (Adware.Dropper) -> Keine Aktion durchgeführt.
C:\Users\***\Downloads\Keygen\Keygen\keygen.exe (Malware.Packer.Gen) -> Keine Aktion durchgeführt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.

(Ende)
         


Danke für eure Hilfe!

g simonwent

Alt 01.01.2013, 18:26   #2
ryder
/// TB-Ausbilder
 
Polizei-Trojaner Win7 x64 - Standard

Polizei-Trojaner Win7 x64



Zitat:
eine file gedownloaded als keygen.
Und genau deswegen sollte man sowas nicht machen und schon gar nicht ausführen.


Supportstopp: Cracks oder Keygens
Zitat:
Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du Cracks oder Keygeneratoren einsetzt oder den Kopierschutz von installierten Programmen umgehst. Bitte habe Verständnis dafür, dass wir dies nicht unterstützen können und dürfen. Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne.
Damit ist das Thema beendet.
__________________

__________________

Antwort

Themen zu Polizei-Trojaner Win7 x64
7-zip, adobe, adware.dropper, antivirus, autorun, error, exploit.drop.gsa, extension.mismatch, flash player, format, install.exe, jdownloader, loswerden, malware.packer.gen, mozilla, photoshop, plug-in, poweriso, pup.riskwaretool.ck, registry, rundll, security, senden, software, spotify web helper, starten, trojan.fakems, trojan.ransom, trojan.reveton, udp, windows



Ähnliche Themen: Polizei-Trojaner Win7 x64


  1. Polizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.04.2014 (25)
  2. Polizei Trojaner GVU
    Log-Analyse und Auswertung - 30.09.2013 (6)
  3. Zuerst Polizei-Virus,jetzt nur noch Weißer Bildschirm nach Anmeldung,Win7
    Log-Analyse und Auswertung - 05.07.2013 (15)
  4. Generics.bex Win7 - abgesicherter Modus nicht möglich - verm. Polizei Trojaner (Österreich)
    Log-Analyse und Auswertung - 01.07.2013 (13)
  5. Win7 64bit Polizei sperrbildschirm
    Plagegeister aller Art und deren Bekämpfung - 24.05.2013 (9)
  6. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  7. Polizei Trojaner
    Log-Analyse und Auswertung - 26.03.2013 (11)
  8. Polizei-Trojaner, ist er weg?
    Plagegeister aller Art und deren Bekämpfung - 04.02.2013 (1)
  9. Cyber Polizei Österreich auf WIN7 bei anderem Account, OLT schon gelaufen
    Log-Analyse und Auswertung - 27.10.2012 (2)
  10. "Öst. Polizei-Virus bzw. Trojaner" auf meinem WIN7 Rechner
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (14)
  11. Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (9)
  12. Polizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (6)
  13. !Hilfe! hab mir Trojaner Polizei Österreich eingefangen!Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (2)
  14. Polizei Virus Östrreich mit webcam, Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (10)
  15. Polizei 5.2 Trojaner auf Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (9)
  16. Polizei Trojaner Win7
    Log-Analyse und Auswertung - 01.09.2012 (3)
  17. (2x) Polizei/Gema/Ukash Trojaner auf Netbook win7 32 bit
    Mülltonne - 31.08.2012 (2)

Zum Thema Polizei-Trojaner Win7 x64 - Hallo, am 21.12.12 habe ich eine file gedownloaded als keygen. Nach dem Öffnen erschien der bereits bekannte Polizei-Trojaner. Ich hatte keine Möglichkeit zu agieren außer Ein und Ausschalten des Notebooks. - Polizei-Trojaner Win7 x64...
Archiv
Du betrachtest: Polizei-Trojaner Win7 x64 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.