Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Österreichische Version vom Polizei Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.05.2013, 11:53   #1
RuKe
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner



Hallo Trojaner-Board-Team,

wir haben uns gestern den Polizei Trojaner eingefangen. Ich habe das System mit einer Wiederherstellung zum laufen gebracht. Ich habe auch ( hoffentlich kein Fehler) bereits Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org laufen lassen

Log File:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Daniel :: DANIEL-PC [Administrator]

24.05.2013 19:49:29
mbam-log-2013-05-24 (19-49-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214324
Laufzeit: 14 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Daniel\AppData\Roaming\skype.dat (Trojan.FakeAlert.RGenX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Daniel\AppData\Local\Temp\jmciion (Trojan.FakeAlert.RGenX) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
sowie Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

log File:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Daniel :: DANIEL-PC [administrator]

24.05.2013 21:20:31
mbar-log-2013-05-24 (21-20-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29667
Time elapsed: 45 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|JAVA (Backdoor.Bot) -> Data: C:\Windows\java.vbs -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Windows\java.vbs (Backdoor.Bot) -> Delete on reboot.

(end)
         
Ich habe den DeFogger laufen lassen und den OTL Scan durchgeführt:

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 5/25/2013 10:43:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 74.07% Memory free
8.00 Gb Paging File | 6.81 Gb Available in Paging File | 85.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1366.17 Gb Total Space | 1250.44 Gb Free Space | 91.53% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.34 Gb Free Space | 34.46% Space Free | Partition Type: NTFS
Drive I: | 7.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/25 10:23:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2013/04/18 15:56:10 | 000,563,224 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2013/03/07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/12/15 19:53:12 | 000,426,328 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV:64bit: - [2010/11/11 04:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/14 15:28:14 | 000,233,864 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV:64bit: - [2010/08/19 12:49:56 | 000,157,576 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe -- (BgRaSvc)
SRV:64bit: - [2010/08/19 12:49:50 | 000,339,848 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV:64bit: - [2010/08/19 12:49:50 | 000,243,592 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV:64bit: - [2010/08/19 12:49:48 | 000,353,160 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV:64bit: - [2010/08/19 12:49:48 | 000,073,096 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/05/24 20:05:43 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/18 15:56:22 | 001,227,800 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2013/04/18 15:56:14 | 000,659,992 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/18 15:55:50 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/03/07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/03/07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/19 20:34:00 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 20:34:00 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/11 06:23:44 | 008,123,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/11 04:16:24 | 000,288,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/10/12 12:05:16 | 000,061,520 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy)
DRV:64bit: - [2010/09/24 14:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/17 11:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/06/14 11:41:10 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/05/15 00:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/15 00:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0F5883D0-AF72-4C43-976D-3C162BE559AC}
IE - HKCU\..\SearchScopes\{0F5883D0-AF72-4C43-976D-3C162BE559AC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393AT427
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2010/12/03 22:21:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter [2010/12/03 22:21:33 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9:64bit: - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FC4AE18-1088-4A4E-A5C3-01A88EF86339}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/03 00:07:14 | 000,000,058 | -H-- | M] () - I:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{24574977-5ce1-11e0-b47b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{24574977-5ce1-11e0-b47b-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\Diablo III Setup.exe"
O33 - MountPoints2\{323a901a-a436-11e2-9872-6c626db75cd7}\Shell - "" = AutoRun
O33 - MountPoints2\{323a901a-a436-11e2-9872-6c626db75cd7}\Shell\AutoRun\command - "" = E:\OpenFiles.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\OpenFiles.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/25 10:23:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2013/05/24 23:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/24 23:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/05/24 23:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/05/24 23:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/05/24 22:56:05 | 001,398,856 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Daniel\Desktop\mbar.exe
[2013/05/24 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\WindowsUpdate
[2013/05/24 22:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/05/24 22:22:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/05/24 22:21:59 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/05/24 22:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/05/24 20:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/05/24 20:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/05/24 20:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/05/24 19:48:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2013/05/24 19:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/24 19:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/24 19:46:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/24 19:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/24 19:42:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Secunia PSI
[2013/05/24 19:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013/05/24 19:24:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Programs
[2013/05/24 18:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/05/24 17:56:36 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/24 17:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/05/24 17:56:35 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/24 17:56:33 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/24 17:56:33 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/24 17:56:32 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/24 17:56:27 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/05/24 17:56:27 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/24 17:55:14 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/24 17:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/05/24 17:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/25 10:41:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/25 10:40:32 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/25 10:39:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/25 10:39:11 | 3220,664,320 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/25 10:37:22 | 000,000,000 | ---- | M] () -- C:\Users\Daniel\defogger_reenable
[2013/05/25 10:23:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2013/05/25 10:21:48 | 000,050,477 | ---- | M] () -- C:\Users\Daniel\Desktop\Defogger.exe
[2013/05/25 10:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/25 09:52:15 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 09:52:15 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/24 22:22:12 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/24 21:19:47 | 000,632,031 | ---- | M] () -- C:\Users\Daniel\Desktop\adwcleaner.exe
[2013/05/24 20:47:44 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/24 20:33:22 | 001,398,856 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Daniel\Desktop\mbar.exe
[2013/05/24 20:15:41 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/05/24 20:15:41 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/24 20:15:41 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/05/24 20:15:41 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/24 20:15:40 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/24 19:47:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/05/24 19:41:27 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/05/24 18:49:10 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/05/24 17:56:36 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/24 17:56:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/05/17 08:38:06 | 000,279,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/07 20:24:40 | 000,087,306 | ---- | M] () -- C:\Users\Daniel\Desktop\Reisepass_***_Daniel_Christoph.pdf
[2013/05/07 20:23:50 | 000,110,767 | ---- | M] () -- C:\Users\Daniel\Desktop\Reisepass_***_Maria_Christine.pdf
[2013/05/07 19:16:09 | 000,199,366 | ---- | M] () -- C:\Users\Daniel\Desktop\hotel_london.xps
[2013/05/06 21:42:03 | 000,405,186 | ---- | M] () -- C:\Users\Daniel\Desktop\flug.xps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/25 10:37:22 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\defogger_reenable
[2013/05/25 10:21:48 | 000,050,477 | ---- | C] () -- C:\Users\Daniel\Desktop\Defogger.exe
[2013/05/24 22:22:12 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/05/24 21:21:24 | 000,632,031 | ---- | C] () -- C:\Users\Daniel\Desktop\adwcleaner.exe
[2013/05/24 20:47:43 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/05/24 19:53:28 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/24 19:47:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/05/24 19:41:27 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013/05/24 19:41:27 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013/05/24 17:56:36 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/24 17:56:32 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/24 17:56:31 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/24 17:56:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/05/07 20:24:40 | 000,087,306 | ---- | C] () -- C:\Users\Daniel\Desktop\Reisepass_***_Daniel_Christoph.pdf
[2013/05/07 20:23:50 | 000,110,767 | ---- | C] () -- C:\Users\Daniel\Desktop\Reisepass_***_Maria_Christine.pdf
[2013/05/07 19:16:08 | 000,199,366 | ---- | C] () -- C:\Users\Daniel\Desktop\hotel_london.xps
[2013/05/06 21:42:01 | 000,405,186 | ---- | C] () -- C:\Users\Daniel\Desktop\flug.xps
[2012/08/01 08:07:04 | 000,116,016 | ---- | C] () -- C:\Users\Daniel\jticket.pl
[2012/07/08 18:28:51 | 000,656,031 | ---- | C] () -- C:\Users\Daniel\1105.5251v1.pdf
[2012/06/01 21:31:04 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\d3-0-9858-Win-final.MPQ.lock
[2012/05/30 09:28:13 | 003,912,006 | ---- | C] () -- C:\Users\Daniel\d3-0-9749-Win-final.MPQ
[2011/10/18 00:38:11 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\AppData\Local\{DA0B2F29-951B-40C3-81C5-B748C1AC0D93}
[2011/08/04 10:21:18 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\AppData\Local\{4DD2FF30-C246-4890-B025-21F33BB432DE}
[2011/07/10 20:15:38 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\AppData\Local\{8B31EA9A-5CB6-4508-8FE4-B7C1633C80DE}
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/04/01 21:39:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BullGuard
[2012/06/27 18:42:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         

Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 5/25/2013 10:43:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 74.07% Memory free
8.00 Gb Paging File | 6.81 Gb Available in Paging File | 85.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1366.17 Gb Total Space | 1250.44 Gb Free Space | 91.53% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.34 Gb Free Space | 34.46% Space Free | Partition Type: NTFS
Drive I: | 7.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009B2D30-1430-47A5-97EE-81D9F50EE8BE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{093F15EA-3F01-4271-95AF-0CE3F49307B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0945B96D-BAF5-4BAC-99E7-CFB7A32A2E97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0E72F403-F93A-4832-99FD-4964F801F699}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1730560A-E247-4CFA-B416-BE55100F1F9B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1A417FE0-98F8-4A1D-B5CA-88E09A1E5E19}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2DCB16DB-613D-4E43-8260-C9BC13621CBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{394C2637-B5A2-44C5-A7F7-AEEF56376944}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3B619D04-5C1F-4DB4-9302-0216D4945162}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{655741A4-24A2-46C1-BB41-B64390791A28}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{66AFBC5C-1425-4B07-8190-EF1E44FD2DB7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6753F817-EF63-4328-B904-D297542D3C50}" = lport=137 | protocol=17 | dir=in | app=system | 
"{68673CC7-9B0B-42BA-96C2-721C420073FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{921C383E-B096-4726-ADB6-F3BE57CDD6F0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B92E5D15-E5DE-469F-A4A5-83D1DE92403C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0BA4763-B85A-43D5-8157-BDB8BE9B7EF2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C47E15BE-BB76-48A6-8320-B3AF0E06F685}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D1C56E5A-147B-49DE-A12A-01CB7F46CC8D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DE2692A3-9066-4ABA-8502-682350A863D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EB020DB7-17F6-420A-9958-E75CA207A8CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EB6712E1-3CA9-4ABE-8047-3AAE8D649035}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FA27EBC4-D751-4E93-AD35-38465FAC3527}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FE5378A9-96A1-4A8C-93DC-2599FDC322A1}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13149270-227A-4615-A9BC-2EBDBF0A4D43}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{14975509-0EA5-4F31-B4EF-2590A632BB43}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{17585E5B-AC3C-46BA-A9DF-E98063540EEE}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{2462A265-31A4-45D4-AE73-91E2BB3881AE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{26C162A9-095E-4283-9420-8437FD74ADB9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{2B5DB32D-D9A9-40DB-86E1-5A2CAFDDED92}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{317B69E0-5423-4969-8F7F-C2AE6E127C91}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{34897889-AC78-4266-85F2-CF674245E622}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3642FE38-F173-42EA-B018-A87B9C470552}" = protocol=6 | dir=out | app=system | 
"{3CA7924E-5FD4-40E9-893B-51317C3E39CE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{3EF00EB3-E859-47F8-8D66-FBDF373365F3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{40F94204-992A-4950-A683-8828347351C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{47B5C6AD-6388-45F9-8955-2694D97D41A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4BEC41C9-7A7A-4722-88E6-377CFF9860E5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{57A1596A-52F7-4AC6-B45D-8B0F675310EA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{59325048-4910-4EC8-A7EB-C1EAF19E534C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{62CBB8F1-B7CA-45ED-94AF-8AC84E15EA94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{63DFAE9B-69C4-45C5-A2E6-0626D2C899F0}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{64DC3066-273B-474D-BE1B-B5B828A9AC4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{66440E76-7BBE-430A-9E95-71D3E2CC416B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{6DDD9D1A-9EA8-4AAB-9685-04DB6CBC287A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{70BA8D82-2554-4356-BFED-95286B31A177}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{726B0CB7-543F-4C5F-AEDC-213528F61A9C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{7C22EBDB-02C9-4762-BD52-F6CC2771544C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7FB70FBC-195B-4EB2-BA05-36D3C2A5D568}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{8FCDCAAE-6062-49B3-BF82-84A4CE334E62}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{9B0EBDA5-5446-4E58-AA4F-7DAD1E4F802A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C9E757D-BB22-4D9B-9034-166D7EADE876}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A3BE6285-90A2-4215-9E8F-50F86EB97701}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B90E04BA-717D-40E1-AC91-277A630BC46B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BDDE69D7-2AED-42A8-BABC-3EEF3EBBC86C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C3966ADF-7CB3-4C77-9141-C4E10A2F2A3E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C65DC336-FBF4-4E0F-8D24-546AAAEA352C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DB0A3114-CACE-4C80-8E07-F1F2A78E21C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E0550641-4C37-4A88-B271-099708E1CF29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E269D9DD-3929-4CB0-AE0C-670EC1704178}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{E7CFDCEF-71E6-4802-8522-D3CDE7079605}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EA63862D-702F-4CD1-BD0D-5E0A9C6E9EF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{EA6C50DC-5A5A-46D6-88B3-9B9110A1B6A8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{F9A3C441-2875-4479-96D5-4250D15638C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FAF6F61C-42C2-4777-8820-2898EC970C17}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"TCP Query User{0E5F5EE6-17C7-4EDA-B099-35C177127B45}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{35D287FA-0187-40EE-AF0F-BD750CCF4ED4}C:\users\daniel\desktop\skype.exe" = protocol=6 | dir=in | app=c:\users\daniel\desktop\skype.exe | 
"TCP Query User{3CCDED82-1053-4B6B-A804-D5BAE18149B4}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{455863B2-1EA3-489E-9ED0-E857A67A4A69}C:\users\daniel\desktop\skype.exe" = protocol=6 | dir=in | app=c:\users\daniel\desktop\skype.exe | 
"TCP Query User{4A868702-0F43-4728-8FFF-2FE3F8BD6BDD}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{6CF48F80-5B8C-42BA-B3DC-BE062F90CACE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{8E35A632-8C7A-427F-9856-7A1A4C5C5E3C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{C2BF652F-32C2-493F-9962-28E4DECA335C}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{D6CD4253-5637-421F-A4F4-D21D9CE5FDDA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{EECF58C8-7738-4D24-BDB5-9A4B6E7B2C0F}C:\users\daniel\appdata\local\temp\pyl7c73.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\local\temp\pyl7c73.tmp\pyrun.exe | 
"UDP Query User{13688A1D-3ADC-4303-8C23-C27C676143CF}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{174024CA-72DA-46AC-A7B1-497A851A6EB1}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{4DC4C813-FA92-4F29-ABA8-10B23F69509C}C:\users\daniel\desktop\skype.exe" = protocol=17 | dir=in | app=c:\users\daniel\desktop\skype.exe | 
"UDP Query User{552E83C0-2305-449A-BD35-5273E485A08D}C:\users\daniel\appdata\local\temp\pyl7c73.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\local\temp\pyl7c73.tmp\pyrun.exe | 
"UDP Query User{7BAC0BE0-F8D7-4D70-8029-55C821DB0340}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{A3FCB606-5EAB-43B0-AA0A-99CBE0099127}C:\users\daniel\desktop\skype.exe" = protocol=17 | dir=in | app=c:\users\daniel\desktop\skype.exe | 
"UDP Query User{CA779502-6CA9-4E71-8272-008A5E029AEA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{EB7DA628-2DE7-4A8C-B1AE-557A923EDF81}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{F96DEDDC-B2C4-4777-8361-3E6A3C40DE30}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{FAFF54FA-5F16-403D-889B-C6E4DBDB12FA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{122C8DA5-1978-7BB6-6179-BE41806E8086}" = ccc-utility64
"{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5479F9EC-5D71-CB4F-7091-3BF696F82035}" = ATI Catalyst Install Manager
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"BullGuard" = BullGuard
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0482617D-DDC3-D703-2572-7D1E55FA24CB}" = Catalyst Control Center Graphics Previews Vista
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216BE2D3-5317-10C1-6F02-C4665CFB4507}" = CCC Help Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{256C2385-7E7D-8809-9D8C-020FC726A0CB}" = Catalyst Control Center InstallProxy
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{26E276AC-F6C2-883E-E665-E97C735AA0AA}" = CCC Help French
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{31760C30-2C21-75D1-675E-3388AAC04068}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5380E159-9445-C146-ECBC-5DF6E97FAB85}" = CCC Help Swedish
"{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54F89819-7AF7-9A0A-1F45-2E19F0CA18A8}" = CCC Help Finnish
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{59F324A2-667C-EA14-0A8D-DC3794330056}" = CCC Help Danish
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B0A2ECE-E4C6-4BA3-AE9D-8B827F03B992}" = Windows Live UX Platform Language Pack
"{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C1EAF33-82AD-4A63-B56D-4739172714DF}" = Lords of the Realm III
"{7D14B7C4-10DA-173B-D073-DED305D55099}" = Catalyst Control Center Localization All
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{934331FE-E81E-B486-A049-382715BE7416}" = CCC Help German
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A850B824-9CE5-EEDE-D762-3C9518ABAC98}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA0F476C-CA5F-F382-67B2-F0085C1EBC6E}" = CCC Help Norwegian
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B765F43A-6189-61F7-5D8A-0B9E8A851193}" = CCC Help English
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE2A3E12-3592-1A8B-D3B3-60E2C07C52C2}" = CCC Help Italian
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F354B79F-C895-AC25-EC8F-72DAFF960B83}" = CCC Help Spanish
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"avast" = avast! Free Antivirus
"Diablo III" = Diablo III
"HP-LaserJet 1020 series" = LaserJet 1020 series
"Indeo® software" = Indeo® software
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"pball6" = 3D Ultra Pinball Thrillride
"Secunia PSI" = Secunia PSI (3.0.0.7009)
"Warcraft III" = Warcraft III
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Wubi" = Ubuntu
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/24/2013 12:56:46 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16576,
 Zeitstempel: 0x515e30fe  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0003a6c7  ID des fehlerhaften
 Prozesses: 0x15b8  Startzeit der fehlerhaften Anwendung: 0x01ce589fabc6b8d0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: eac2e5b7-c492-11e2-868e-6c626db75cd7
 
Error - 5/24/2013 12:56:52 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16576,
 Zeitstempel: 0x515e30fe  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0002dede  ID des fehlerhaften
 Prozesses: 0xe38  Startzeit der fehlerhaften Anwendung: 0x01ce589fae65fcdd  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: ee54f61f-c492-11e2-868e-6c626db75cd7
 
Error - 5/24/2013 12:56:59 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16576,
 Zeitstempel: 0x515e30fe  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0002e04e  ID des fehlerhaften
 Prozesses: 0xe24  Startzeit der fehlerhaften Anwendung: 0x01ce589fb22eccec  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: f26c5397-c492-11e2-868e-6c626db75cd7
 
Error - 5/24/2013 4:29:17 PM | Computer Name = Daniel-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 5/24/2013 4:29:30 PM | Computer Name = Daniel-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 5/24/2013 4:44:05 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16576,
 Zeitstempel: 0x515e30fe  Name des fehlerhaften Moduls: AcroIEHelper.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x518a21c1  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x7244556c  ID des fehlerhaften Prozesses: 0x1588  Startzeit der fehlerhaften Anwendung:
 0x01ce58b8a2eabd07  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet
 Explorer\IEXPLORE.EXE  Pfad des fehlerhaften Moduls: AcroIEHelper.dll  Berichtskennung:
 ac4a2afb-c4b2-11e2-9d6c-6c626db75cd7
 
Error - 5/24/2013 5:21:15 PM | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 7.0.210.11, Zeitstempel:
 0x515d999d  Name des fehlerhaften Moduls: deploy.dll, Version: 10.21.2.11, Zeitstempel:
 0x515da3dd  Ausnahmecode: 0xc0000409  Fehleroffset: 0x00000000000306b6  ID des fehlerhaften
 Prozesses: 0x140c  Startzeit der fehlerhaften Anwendung: 0x01ce58c476aacde4  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Java\jre7\bin\javaw.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Java\jre7\bin\deploy.dll  Berichtskennung: dd8069e9-c4b7-11e2-9d6c-6c626db75cd7
 
Error - 5/24/2013 5:23:06 PM | Computer Name = Daniel-PC | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16576 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 169c    Startzeit: 01ce58c2e4e0c237    Endzeit: 15    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE    Berichts-ID:   
 
Error - 5/24/2013 5:52:15 PM | Computer Name = Daniel-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 5/24/2013 5:54:36 PM | Computer Name = Daniel-PC | Source = MsiInstaller | ID = 11609
Description = 
 
[ System Events ]
Error - 5/24/2013 4:02:17 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
Error - 5/24/2013 4:13:14 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
Error - 5/24/2013 4:56:39 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Silverlight (KB2814124)
 
Error - 5/24/2013 5:07:11 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
Error - 5/24/2013 5:09:45 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
Error - 5/24/2013 5:22:50 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
Error - 5/24/2013 5:25:08 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
Error - 5/24/2013 5:45:34 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
Error - 5/24/2013 6:36:11 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
Error - 5/24/2013 7:29:04 PM | Computer Name = Daniel-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2779562)
 
 
< End of report >
         

Beim scan mit GMER hat sich der Computer aufgehängt.

Vielen Dank im Voraus und liebe Grüße,
RuKe

Alt 25.05.2013, 14:08   #2
t'john
/// Helfer-Team
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 25.05.2013, 14:37   #3
RuKe
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner



Hallo t'john,

erstmal vielen Dank für die Antwort!
combofix ist durchgelaufen, hier ist das log file:
Code:
ATTFilter
ComboFix 13-05-25.02 - Daniel 25.05.2013  15:15:19.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.4095.2586 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Ir50_qc.1
c:\windows\SysWow64\Ir50_qcx.1
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-25 bis 2013-05-25  ))))))))))))))))))))))))))))))
.
.
2013-05-25 13:20 . 2013-05-25 13:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-25 10:33 . 2013-05-25 10:34	--------	d-----w-	c:\users\dcl
2013-05-24 22:22 . 2012-08-23 15:09	3584	----a-w-	c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-05-24 22:22 . 2012-08-23 13:40	13312	----a-w-	c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-05-24 22:22 . 2012-08-23 13:41	13312	----a-w-	c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-05-24 22:22 . 2012-08-23 13:24	15360	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2013-05-24 22:22 . 2012-08-23 14:10	19456	----a-w-	c:\windows\system32\drivers\rdpvideominiport.sys
2013-05-24 22:22 . 2012-08-23 14:07	57856	----a-w-	c:\windows\system32\drivers\TsUsbFlt.sys
2013-05-24 22:17 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-05-24 22:17 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-05-24 22:17 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-05-24 22:17 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-05-24 22:17 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-05-24 22:17 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-05-24 22:17 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-05-24 22:16 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2013-05-24 22:16 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2013-05-24 21:28 . 2013-05-24 21:28	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-05-24 21:27 . 2013-05-24 21:26	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-24 21:07 . 2013-05-24 21:07	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-05-24 21:07 . 2013-05-24 21:07	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-05-24 20:57 . 2013-05-24 20:55	311200	----a-w-	c:\windows\system32\javaws.exe
2013-05-24 20:57 . 2013-05-24 20:56	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-05-24 20:57 . 2013-05-24 20:55	188832	----a-w-	c:\windows\system32\javaw.exe
2013-05-24 20:57 . 2013-05-24 20:55	188320	----a-w-	c:\windows\system32\java.exe
2013-05-24 20:34 . 2013-05-24 20:34	--------	d-----w-	c:\users\Daniel\AppData\Local\WindowsUpdate
2013-05-24 20:22 . 2013-05-24 20:22	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-05-24 20:21 . 2013-05-24 20:22	--------	d-----r-	c:\program files (x86)\Skype
2013-05-24 20:21 . 2013-05-24 21:59	--------	d-----w-	c:\programdata\Skype
2013-05-24 18:47 . 2013-05-24 18:47	--------	d-----w-	c:\program files\CCleaner
2013-05-24 18:24 . 2013-05-24 20:55	1092512	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-05-24 18:24 . 2013-05-24 21:34	--------	d-----w-	c:\program files\Java
2013-05-24 18:05 . 2013-05-24 18:05	17613192	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-24 17:53 . 2013-05-24 18:05	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-24 17:48 . 2013-05-24 17:48	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Malwarebytes
2013-05-24 17:47 . 2013-05-24 17:47	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-24 17:46 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-24 17:46 . 2013-05-24 17:47	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-24 17:42 . 2013-05-24 17:42	--------	d-----w-	c:\users\Daniel\AppData\Local\Secunia PSI
2013-05-24 17:41 . 2013-05-24 17:41	--------	d-----w-	c:\program files (x86)\Secunia
2013-05-24 17:24 . 2013-05-24 17:24	--------	d-----w-	c:\users\Daniel\AppData\Local\Programs
2013-05-24 16:54 . 2013-05-24 21:25	866720	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-05-24 16:53 . 2013-05-24 21:43	--------	d-----w-	c:\program files (x86)\Java
2013-05-24 16:33 . 2013-05-13 23:48	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{505820C0-9681-4433-95A8-66B4A6A5EAFA}\mpengine.dll
2013-05-24 15:56 . 2013-03-06 22:33	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-24 15:56 . 2013-03-06 22:33	377920	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-05-24 15:56 . 2013-03-06 22:33	70992	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-05-24 15:56 . 2013-03-06 22:33	68920	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-24 15:56 . 2013-03-06 22:33	178624	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-05-24 15:56 . 2013-03-06 22:33	1025808	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-05-24 15:56 . 2013-03-06 22:33	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-24 15:56 . 2013-03-06 22:33	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-24 15:56 . 2013-03-06 22:32	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-24 15:55 . 2013-03-06 22:32	41664	----a-w-	c:\windows\avastSS.scr
2013-05-24 15:54 . 2013-05-24 15:54	--------	d-----w-	c:\program files\AVAST Software
2013-05-24 15:53 . 2013-05-24 15:54	--------	d-----w-	c:\programdata\AVAST Software
2013-05-15 19:32 . 2013-04-05 06:50	15404032	----a-w-	c:\windows\system32\ieframe.dll
2013-05-05 07:13 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-24 21:25 . 2010-07-07 16:34	788896	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-05-24 20:55 . 2010-07-07 16:34	971680	----a-w-	c:\windows\system32\deployJava1.dll
2013-05-24 18:05 . 2011-12-29 19:20	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-17 06:38 . 2010-06-24 18:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-03 14:15 . 2010-07-07 15:49	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-02 00:06 . 2010-07-07 15:48	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-18 13:55 . 2013-04-18 13:55	18456	----a-w-	c:\windows\system32\drivers\psi_mf_amd64.sys
2013-04-13 05:49 . 2013-05-15 17:02	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 17:02	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 17:02	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 17:02	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 17:02	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 17:02	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-03-21 14:15 . 2013-03-21 14:15	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-21 14:15 . 2013-03-21 14:15	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-21 14:15 . 2013-03-21 14:15	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-21 14:15 . 2013-03-21 14:15	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-21 14:15 . 2013-03-21 14:15	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-21 14:15 . 2013-03-21 14:15	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-21 14:15 . 2013-03-21 14:15	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-21 14:15 . 2013-03-21 14:15	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-21 14:15 . 2013-03-21 14:15	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-21 14:15 . 2013-03-21 14:15	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-21 14:15 . 2013-03-21 14:15	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-21 14:15 . 2013-03-21 14:15	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-21 14:15 . 2013-03-21 14:15	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-21 14:15 . 2013-03-21 14:15	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-21 14:15 . 2013-03-21 14:15	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-21 14:15 . 2013-03-21 14:15	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-21 14:15 . 2013-03-21 14:15	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-21 14:15 . 2013-03-21 14:15	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-21 14:15 . 2013-03-21 14:15	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-21 14:15 . 2013-03-21 14:15	441856	----a-w-	c:\windows\system32\html.iec
2013-03-21 14:15 . 2013-03-21 14:15	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-21 14:15 . 2013-03-21 14:15	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-21 14:15 . 2013-03-21 14:15	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-21 14:15 . 2013-03-21 14:15	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-21 14:15 . 2013-03-21 14:15	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-21 14:15 . 2013-03-21 14:15	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-21 14:15 . 2013-03-21 14:15	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-21 14:15 . 2013-03-21 14:15	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-21 14:15 . 2013-03-21 14:15	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-21 14:15 . 2013-03-21 14:15	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-21 14:15 . 2013-03-21 14:15	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-21 14:15 . 2013-03-21 14:15	235008	----a-w-	c:\windows\system32\url.dll
2013-03-21 14:15 . 2013-03-21 14:15	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-21 14:15 . 2013-03-21 14:15	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-21 14:15 . 2013-03-21 14:15	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-21 14:15 . 2013-03-21 14:15	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-21 14:15 . 2013-03-21 14:15	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-21 14:15 . 2013-03-21 14:15	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-21 14:15 . 2013-03-21 14:15	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-21 14:15 . 2013-03-21 14:15	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-21 14:15 . 2013-03-21 14:15	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-21 14:15 . 2013-03-21 14:15	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-21 14:15 . 2013-03-21 14:15	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-21 14:15 . 2013-03-21 14:15	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-21 14:15 . 2013-03-21 14:15	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-21 14:15 . 2013-03-21 14:15	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-21 14:15 . 2013-03-21 14:15	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-21 14:15 . 2013-03-21 14:15	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-21 14:15 . 2013-03-21 14:15	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-21 14:13 . 2013-03-21 14:13	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-21 14:13 . 2013-03-21 14:13	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-03-21 14:13 . 2013-03-21 14:13	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-03-21 14:13 . 2013-03-21 14:13	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-21 14:13 . 2013-03-21 14:13	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-03-21 14:13 . 2013-03-21 14:13	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-03-21 14:13 . 2013-03-21 14:13	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-03-21 14:13 . 2013-03-21 14:13	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-03-21 14:13 . 2013-03-21 14:13	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-03-21 14:13 . 2013-03-21 14:13	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-21 14:13 . 2013-03-21 14:13	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-03-21 14:13 . 2013-03-21 14:13	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-03-21 14:13 . 2013-03-21 14:13	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-03-21 14:13 . 2013-03-21 14:13	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-03-21 14:13 . 2013-03-21 14:13	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-03-21 14:13 . 2013-03-21 14:13	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-03-21 14:13 . 2013-03-21 14:13	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-03-21 14:13 . 2013-03-21 14:13	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-03-21 14:13 . 2013-03-21 14:13	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-03-21 14:13 . 2013-03-21 14:13	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-03-21 14:13 . 2013-03-21 14:13	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-14 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-4-18 563224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-04-19 161384]
R3 aswVmm;aswVmm; [x]
R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [2010-08-19 157576]
R3 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
R3 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
R3 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
R3 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
R3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2010-08-19 339848]
R3 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2011-12-15 426328]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys [2013-04-18 18456]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-10 1255736]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2013-04-18 1227800]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2013-04-18 659992]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-14 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-14 28800]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2010-10-12 61520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-11 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-06-14 38528]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-24 18:05]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 19:34]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 19:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-22 11490408]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aldi.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Sidebar - c:\program files\Windows Sidebar\sidebar.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-pball6 - c:\sierra\Thrillride\Uninst.isu
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-25  15:22:18
ComboFix-quarantined-files.txt  2013-05-25 13:22
.
Vor Suchlauf: 7 Verzeichnis(se), 1.340.597.153.792 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 1.341.005.070.336 Bytes frei
.
- - End Of File - - 8DB05684CF3EC3000A30D6DE591F0035
         
Der Internet Explorer scheint momentan nicht richtig zu arbeiten, wenn ich eine Adresse eingebe passiert nichts ( ich bin über den Verlauf über eine neue Registerkarte hierher gekommen), aber wahrscheinlich muss ich nur den Computer rebooten.

lg, RuKe
__________________

Alt 25.05.2013, 18:08   #4
t'john
/// Helfer-Team
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner



Nach einem neustart solle es wieder gehen.


Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.05.2013, 20:55   #5
RuKe
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner



Halo,

alle Programme sind durchgelaufen, hier sind die log files:

aswmbr:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-25 19:16:57
-----------------------------
19:16:57.839    OS Version: Windows x64 6.1.7601 Service Pack 1
19:16:57.839    Number of processors: 4 586 0x503
19:16:57.839    ComputerName: DANIEL-PC  UserName: Daniel
19:17:00.210    Initialize success
19:17:00.273    AVAST engine defs: 13052500
19:17:15.467    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
19:17:15.483    Disk 0 Vendor: ST315005 CC34 Size: 1430799MB BusType: 11
19:17:15.545    Disk 0 MBR read successfully
19:17:15.561    Disk 0 MBR scan
19:17:15.561    Disk 0 unknown MBR code
19:17:15.576    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:17:15.592    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1398953 MB offset 206848
19:17:15.608    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        30720 MB offset 2865262592
19:17:15.623    Disk 0 Partition 4 00     12  Compaq diag NTFS         1024 MB offset 2928177152
19:17:15.639    Disk 0 scanning C:\Windows\system32\drivers
19:17:25.436    Service scanning
19:17:38.711    Modules scanning
19:17:38.727    Disk 0 trace - called modules:
19:17:38.758    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
19:17:38.758    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800461b790]
19:17:38.758    3 CLASSPNP.SYS[fffff8800191c43f] -> nt!IofCallDriver -> [0xfffffa80044b3b80]
19:17:38.758    5 amd_xata.sys[fffff880010fa7a8] -> nt!IofCallDriver -> \Device\00000054[0xfffffa80044af9c0]
19:17:40.443    AVAST engine scan C:\Windows
19:17:44.717    AVAST engine scan C:\Windows\system32
19:19:59.018    AVAST engine scan C:\Windows\system32\drivers
19:20:10.624    AVAST engine scan C:\Users\Daniel
19:27:00.219    AVAST engine scan C:\ProgramData
19:29:41.304    Scan finished successfully
19:30:48.369    Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
19:30:48.369    The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"
         
eset:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=45e56ddd758f8a46a9311c2bcb01c336
# engine=13913
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-25 07:18:37
# local_time=2013-05-25 09:18:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 98539 146222989 0 0
# compatibility_mode=4609 16776574 40 50 45537924 102399225 0 0
# compatibility_mode=5893 16776574 100 94 38831 121139367 0 0
# scanned=166743
# found=0
# cleaned=0
# scan_time=5493
         
und security check:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus      
BullGuard Antivirus   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.7009)   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 9 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Der I)nternet Explorer funktioniert noch immer nicht richtig. Da werde ich mich am Ende darum kümmern.

lg,
RuKe


Alt 26.05.2013, 15:02   #6
t'john
/// Helfer-Team
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner



Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die .exe-Datei
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 21 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck




Windows Repair Tool (AIO)

  • Downloade Windows repair tool
  • Entpacke das Zip und starte Repair_Windows.exe
  • Klicke auf Start repairs Tab dann: Start

    folgende Punkte auswählen

    Register System Files
    Repair WMI
    Repair Windows Firewall
    Repair Internet Explorer
    Remove Policies Set By Infections
    Repair Windows Updates
    Repair Important Windows Services
    Set Windows Services To Default Startup


    Auswählen: Restart System When Finished
    Dann Start Button klicken.
__________________
--> Österreichische Version vom Polizei Trojaner

Alt 26.05.2013, 16:11   #7
RuKe
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner



Hallo t'john,

aufgrund DER Probleme mit meinem Explorer wars mir momentan nicht möglich den Adobe Reader herunterzuladen. Auch nach dem Windows repair tool läuft der Explorer noch nicht richtig.

Hier ist der Plugincheck nach der Aktualisierung von Java:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.



Browser nicht erkannt

Flash (11,7,700,202) ist aktuell.
Java (1,7,0,21) ist aktuell.

Adobe Reader ist nicht installiert oder aktiviert.



Zurück

und hier nach der Deaktivierung:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.



Browser nicht erkannt

Flash (11,7,700,202) ist aktuell.
Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader ist nicht installiert oder aktiviert.


lg,
RuKe

edit:

Ich habe es geschafft firefox herunterzuladen wegen der Probleme mit dem IE.

hier ist der neue plugin check:

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 21.0 ist aktuell

Flash (11,7,700,202) ist aktuell.

Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader 11,0,3,37 ist aktuell.

Geändert von RuKe (26.05.2013 um 16:28 Uhr)

Alt 26.05.2013, 16:31   #8
t'john
/// Helfer-Team
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner



Bitte mal ausfuehren:
http://www.trojaner-board.de/72874-s...eparieren.html

Danach:
- neustarten
- berichten
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.05.2013, 17:14   #9
RuKe
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner



Windows Systemintegritätsüberprüfung ist durchgelaufen und hat keine Integritätsverletzung gefunden. Das log file ist zu groß zum ahängen falls es benötigt wird.

lg RuKe

Alt 26.05.2013, 17:34   #10
t'john
/// Helfer-Team
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner



Versuche mal Internet Explorer 10 zu installieren.
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.05.2013, 18:28   #11
RuKe
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner



Hallo,

Der Internet Explorer funktioniert wieder einwandfrei!

lg RuKe

Alt 26.05.2013, 18:29   #12
t'john
/// Helfer-Team
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner



Sehr gut!

damit bist Du sauber und entlassen!




Tool-Bereinigung
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.




Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 26.05.2013, 19:00   #13
RuKe
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner



Hallo t'john,

vielen Dank für die Hilfe!!! Finde echt super was ihr hier macht.

lg RuKe

Alt 27.05.2013, 09:13   #14
t'john
/// Helfer-Team
 
Österreichische Version vom Polizei Trojaner - Standard

Österreichische Version vom Polizei Trojaner



wuensche eine virenfreie Zeit
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Österreichische Version vom Polizei Trojaner
adobe, antivirus, aswrvrt.sys, battle.net, bho, defender, error, fehler, firefox, flash player, format, helper, home, homepage, iexplore.exe, install.exe, logfile, msiinstaller, ntdll.dll, programm, realtek, registry, rundll, secunia psi, security, software, svchost.exe, system, teamspeak, trojan.fakealert.rgenx, trojaner, udp



Ähnliche Themen: Österreichische Version vom Polizei Trojaner


  1. Polizeitrojaner österreichische Version :)
    Log-Analyse und Auswertung - 23.11.2013 (14)
  2. Österreichische Version BKA-Trojaner
    Log-Analyse und Auswertung - 03.03.2013 (4)
  3. Polizeivirus Österreichische Version
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (8)
  4. BKA Virus österreichische Version Otl Log Extras defogger vorhanden !!!
    Log-Analyse und Auswertung - 11.11.2012 (2)
  5. GVU Trojaner - Österreichische Version eingefangen
    Log-Analyse und Auswertung - 07.11.2012 (14)
  6. Befall mit Polizei-Trojaner (Österreich-Version, mit Webcam-Aktivierung)
    Plagegeister aller Art und deren Bekämpfung - 04.11.2012 (9)
  7. bundestrojaner eingefangen - österreichische version
    Log-Analyse und Auswertung - 29.09.2012 (6)
  8. Polizei-Virus Österreich-Version
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (9)
  9. Polizei-Virus österreichische Version
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (13)
  10. Ukash Österreichische Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (13)
  11. Österreichische Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (1)
  12. Polizei Trojaner mit Webcam (österreichische Version)
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (8)
  13. polizeivirus österreichische Version
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (24)
  14. Bundespolizei-Trojaner Österreichische Version!
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (14)
  15. Polizei Trojaner - AT Version mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (13)
  16. Habe mir Österreich-Version des Polizei-Trojaners eingefangen
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (20)
  17. Polizei Trojaner (Österreich Version)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)

Zum Thema Österreichische Version vom Polizei Trojaner - Hallo Trojaner-Board-Team, wir haben uns gestern den Polizei Trojaner eingefangen. Ich habe das System mit einer Wiederherstellung zum laufen gebracht. Ich habe auch ( hoffentlich kein Fehler) bereits Malwarebytes Anti-Malware - Österreichische Version vom Polizei Trojaner...
Archiv
Du betrachtest: Österreichische Version vom Polizei Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.