| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei Trojaner: Systemwiederherstellung durchgeführtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.09.2012, 21:31
| #31 |
 |  Bundespolizei Trojaner: Systemwiederherstellung durchgeführt nachdem ich in OTL den CleanUp Button gedrückt habe und ein Neustart durchgeführt habe wird mein Desktophintergrund nicht mehr angezeigt und keine Bilder werden mehr in der Vorschau gezeigt... Ich hab absolut keine Ahnung welche einstellung hier geändert wurde und ob diese Änderungen die Einzigen waren. Hier ein Screen, in dem Ordner polyball müssten Vorschauen von Bilder zu sehen sein:  Ich habe vorgängig noch ein update von itunes und iCloud gemacht falls das einen Einfluss haben könnte. Geändert von Schwizer (19.09.2012 um 21:42 Uhr) |
|
20.09.2012, 06:53
| #32 |
| /// the machine /// TB-Ausbilder    | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Starte nochmal neu. Immer noch?
__________________
__________________ |
|
20.09.2012, 09:35
| #33 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Auch nach dem neustarten.
__________________Ich hatte solche Freude, dass der Rechner vor dem letzten Schritt viel schneller war. So war auch die Aufstarten Phase viel kürzer. Jetzt ist er wieder recht langsam  Da ich Apple aktualisiert hatte, habe ich mal alle Programme von Apple deinstalliert, aber auch das hat nichts gebracht |
|
20.09.2012, 09:42
| #34 |
| /// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Lade OTl bitte neu und lass es laufen, poste die Logfiles.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.09.2012, 09:55
| #35 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.09.2012 10:44:34 - Run 1 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\bouni\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 49.11% Memory free 6.19 Gb Paging File | 4.68 Gb Available in Paging File | 75.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286.54 Gb Total Space | 66.48 Gb Free Space | 23.20% Space Free | Partition Type: NTFS Drive D: | 11.54 Gb Total Space | 1.27 Gb Free Space | 11.04% Space Free | Partition Type: NTFS Computer Name: BOUNIS_SKLAVE | User Name: bouni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.20 10:43:53 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe PRC - [2012.09.10 10:46:33 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.02.17 10:37:46 | 015,963,936 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\TV\TVAgent.exe PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.12.16 17:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe PRC - [2008.10.26 22:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008.07.14 19:15:10 | 000,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpAgent.exe PRC - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe PRC - [2008.06.19 13:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.06.19 13:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2001.12.29 09:10:00 | 000,106,561 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.) -- C:\Programme\WinZip\WZQKPICK.EXE ========== Modules (No Company Name) ========== MOD - [2012.09.10 10:46:02 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.14 03:44:08 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll MOD - [2012.06.14 03:40:36 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 03:40:28 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.14 03:40:13 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.14 03:39:16 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.05.12 18:29:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.11 15:13:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.11 15:12:28 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll MOD - [2012.05.11 15:12:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 15:11:43 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.05.11 15:11:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.11 15:10:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.10.17 20:35:51 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.12.21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2009.04.22 22:52:56 | 000,066,856 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.30 06:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2008.09.25 18:42:26 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.06.30 01:10:18 | 000,028,672 | ---- | M] () -- C:\Programme\CyberLink\Shared files\richvideops.dll MOD - [2008.06.19 13:10:46 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll ========== Services (SafeList) ========== SRV - [2012.09.10 10:46:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) SRV - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe -- (STacSV) SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe -- (AESTFilters) SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\netaapl.sys -- (Netaapl) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.03.23 15:15:57 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.10.26 22:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008.09.19 22:21:00 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.09.16 10:33:38 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.09.04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.08.07 19:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.08.06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = hxxp://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*hxxp://www.yahoo.com/ext/search/search.html IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{7E82651D-3339-4882-9925-8DEA2110B4C1}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms} IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.uzh.ch:3128 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://www.google.ch/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.ftp: "proxy.uzh.ch" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "proxy.uzh.ch" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.ssl: "proxy.uzh.ch" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\bouni\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\bouni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.04.15 17:30:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.07.31 21:30:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.19 22:46:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.19 22:46:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009.04.15 17:30:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.19 22:46:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.19 22:46:09 | 000,000,000 | ---D | M] [2011.08.06 18:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions [2009.07.05 01:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.09.19 20:26:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions [2012.08.24 11:53:52 | 000,005,143 | ---- | M] () (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\extensions\50374ef51ab48@50374ef51ab81.info.xpi [2012.09.10 09:09:33 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-1.xml [2010.06.24 11:16:05 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-10.xml [2010.06.30 22:21:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-11.xml [2010.07.23 14:49:29 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-12.xml [2010.07.31 12:55:31 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-13.xml [2010.09.14 23:23:27 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-14.xml [2010.09.15 00:34:48 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-15.xml [2010.10.19 00:14:40 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-16.xml [2010.10.26 20:41:07 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-17.xml [2010.11.03 15:44:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-18.xml [2009.10.27 02:04:43 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-2.xml [2009.10.31 14:52:58 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-3.xml [2009.10.31 20:24:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-4.xml [2009.12.17 15:08:15 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-5.xml [2010.01.09 03:13:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-6.xml [2010.02.22 13:36:01 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-7.xml [2010.02.22 23:09:26 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-8.xml [2010.04.08 16:29:00 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-9.xml [2009.09.17 14:30:04 | 000,000,944 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin.xml [2012.09.10 10:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.10 10:45:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.09.04 20:24:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.09.10 10:46:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.19 18:57:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 00:29:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.19 18:57:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.19 18:57:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.19 18:57:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.19 18:57:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.09.18 16:14:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\bouni\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe File not found O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\bouni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61ABEAFE-2C63-4028-92C1-6054469D099F}: DhcpNameServer = 138.188.101.189 138.188.101.186 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A6DB7DB-9D69-4D6A-A380-042076FFC470}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17B5496-B4DD-41C3-A52E-F53B3BB08079}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\bouni\Pictures\001\DSC_0014.JPG O24 - Desktop BackupWallPaper: C:\Users\bouni\Pictures\001\DSC_0014.JPG O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.20 10:43:50 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe [2012.09.19 22:15:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.09.19 22:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.09.19 22:04:43 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012.09.19 12:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.18 19:21:00 | 000,000,000 | ---D | C] -- C:\Users\bouni\Documents\EatNow [2012.09.18 16:38:19 | 000,000,000 | ---D | C] -- C:\Windows\TEMP [2012.09.18 16:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.09.18 15:56:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.09.17 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C5821B4A-8511-43AF-8B5D-D622502EA73D} [2012.09.16 16:22:17 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D4EBCAA6-9A2B-4F22-8A2C-651284825738} [2012.09.16 04:22:06 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{982B131E-8B81-4992-80C4-77705240AED3} [2012.09.15 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{21A47432-A0FA-46DF-96EC-2CDCDAE1DCAF} [2012.09.14 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{7ACA0C7A-A3DA-44B7-A39F-83D1DA402BE5} [2012.09.13 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Roaming\Malwarebytes [2012.09.13 16:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.13 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.13 15:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.13 15:35:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.13 15:20:16 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{B242B18C-13B2-4445-AE10-1685CD71D494} [2012.09.13 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{3C6572FF-8669-4D7C-8878-FA857A234A4D} [2012.09.13 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{34F32623-48EC-4FDE-9673-A5A86DF55E4E} [2012.09.10 10:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.10 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{E333967A-E26F-44A0-B0B8-A84E8F11372F} [2012.09.06 14:38:45 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{447CA8C4-7195-4BE3-8BFB-0A3106B47C84} [2012.09.02 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{9950D904-A89D-423F-9DE3-50A1440FDED9} [2012.08.31 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C6F2F373-AB5A-42F5-BF33-5F2F682F2F17} [2012.08.31 03:50:59 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{0B8D096C-0518-4611-AF41-2DFDF839DC5C} [2012.08.28 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{63A539B6-E17F-46D6-9F3B-D50591AEAD24} [2012.08.26 11:54:13 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C36316A7-629D-4B67-88B1-F48A1F8A2A80} [2012.08.24 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3} ========== Files - Modified Within 30 Days ========== [2012.09.20 10:48:22 | 000,000,441 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.09.20 10:43:53 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe [2012.09.20 10:28:57 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.09.20 10:26:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.20 10:26:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.20 10:26:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.20 10:26:07 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys [2012.09.20 03:17:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.09.20 02:49:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job [2012.09.19 23:49:04 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job [2012.09.19 23:27:41 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Port Royale 3.lnk [2012.09.19 22:49:05 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.09.19 22:40:50 | 000,088,994 | ---- | M] () -- C:\Users\bouni\Desktop\Desktop.JPG [2012.09.19 22:25:38 | 000,007,592 | ---- | M] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat [2012.09.19 22:15:30 | 000,392,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.18 22:06:48 | 335,088,670 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.09.18 17:32:31 | 000,149,504 | ---- | M] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.18 16:34:44 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.09.18 16:34:26 | 000,673,660 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2012.09.18 16:34:26 | 000,667,136 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2012.09.18 16:34:26 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.18 16:34:26 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.18 16:34:26 | 000,128,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.18 16:34:26 | 000,127,890 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2012.09.18 16:34:26 | 000,124,732 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2012.09.18 16:34:26 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.18 16:14:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.09.17 16:00:25 | 000,000,176 | ---- | M] () -- C:\Users\bouni\defogger_reenable [2012.09.15 16:23:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job [2012.09.13 15:35:57 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2012.09.19 22:28:08 | 000,088,994 | ---- | C] () -- C:\Users\bouni\Desktop\Desktop.JPG [2012.09.18 21:46:20 | 3218,284,544 | -HS- | C] () -- C:\hiberfil.sys [2012.09.18 16:34:35 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.09.17 15:59:59 | 000,000,176 | ---- | C] () -- C:\Users\bouni\defogger_reenable [2012.09.15 15:35:35 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job [2012.09.13 15:35:57 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.05.03 16:28:48 | 000,000,043 | ---- | C] () -- C:\Users\bouni\gsview32.ini [2010.05.10 14:58:09 | 003,649,774 | ---- | C] () -- C:\Users\bouni\AppData\Local\tmp031.JPG [2010.03.15 22:28:33 | 000,023,552 | ---- | C] () -- C:\Users\bouni\AppData\Local\WebpageIcons.db [2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips [2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Chorus [2010.03.01 20:10:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT [2010.03.01 20:10:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Horn Section [2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa [2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Classic Thick [2010.03.01 20:10:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Basic [2010.03.01 20:07:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tribal Masks [2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Trance Pad [2010.03.01 19:56:24 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Treble Reduction [2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Themes [2010.03.01 19:53:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009.10.09 07:13:49 | 000,000,331 | ---- | C] () -- C:\Users\bouni\Zuletzt besuchte Orte - Verknüpfung.lnk [2009.05.24 23:57:44 | 000,007,592 | ---- | C] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat [2009.04.19 20:06:29 | 000,149,504 | ---- | C] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.15 17:34:37 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.04.15 17:31:02 | 000,000,020 | ---- | C] () -- C:\Users\bouni\ho.dir [2009.04.15 17:21:04 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2011.03.23 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DAEMON Tools Lite [2009.04.15 16:57:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DigitalPersona [2012.09.20 10:29:18 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Dropbox [2011.05.11 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\ICAClient [2012.05.15 23:23:51 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Kalypso Media [2011.05.01 21:23:27 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\LimeWire [2009.11.08 22:16:14 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\My Games [2010.03.01 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Nikon [2011.07.31 22:15:35 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Swiss Academic Software [2011.07.17 14:40:03 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\xm1 ========== Purity Check ========== < End of report > und hier noch das OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.09.2012 10:44:34 - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\bouni\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 49.11% Memory free
6.19 Gb Paging File | 4.68 Gb Available in Paging File | 75.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.54 Gb Total Space | 66.48 Gb Free Space | 23.20% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.27 Gb Free Space | 11.04% Space Free | Partition Type: NTFS
Computer Name: BOUNIS_SKLAVE | User Name: bouni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C15A9D-8F55-49A1-8763-DD50C067A94B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{506F0F08-0F4A-417C-AC33-0CFFDC45F7F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51FBABD3-2757-44DE-88F8-CC556AD92690}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{547CBC1A-EF2A-4975-AAFB-6A0E3A815B93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{715FD81B-5F45-443A-A6E5-41EE0B1D85CC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{762A524A-8AEF-4767-AB16-8FDCC086BDC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80EA4B6C-5CD2-497C-9C74-C25E78F1C30E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8EFC4CA0-57B0-41B6-A0EE-F287EE4EA02F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9674282F-4D31-48E8-9F9E-AA5E2ED9B752}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB6F3520-CF03-4121-8A90-E526DF999B42}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA9746FC-D17E-47EF-BDF9-AA83FA7F68DD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7BCEB60-DCC1-4B67-AD62-A85DF42EEBA3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D0FE787D-B517-4903-814C-E04D3FD03F48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D7EA3DFF-1484-4DE9-8502-02D02BCDD2F5}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0689D1BD-190C-48BA-8818-659ADBB5DE5E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0E882CE3-23E6-4880-BD0B-3E55455BA302}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{138F4406-DF95-43AD-B520-1919FD1CE20A}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{17497125-D3C7-4D65-B315-42E286E623AD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1D2F3453-279B-4AA0-AB8B-3B00ADD4428C}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{22DCCE25-CF44-4010-B834-0F5EBF9213A5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{22E84526-AE50-4F76-A9C3-3196CAF62C53}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{26644CD7-4016-48DC-9CC1-C32572ED3BBE}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{28704DA9-3D49-40C5-BECF-56802EFADF12}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CFCA520-1D60-4FDB-AF74-E33017B2E28F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E8A590F-EBE2-4F55-A3FE-8F038365C13C}" = protocol=6 | dir=out | app=system |
"{33CFCE48-31A2-4A0A-9776-663C459C76CF}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{3C844911-F7B8-419E-B29B-A61BC08C8F02}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{3CD7B5C5-8AC0-4FA1-BAAE-B34DF8F4DD69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49D55AD7-2B95-45FB-BA4D-B182694E5EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CFBC55D-A2CD-4C50-9933-F36CAAEAAE72}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe |
"{50ACE72B-861C-454C-B6FE-ECD1CC5AC237}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50B8C698-1ACD-41AC-9553-FAB5C7B3F1C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53B8021C-42CB-4AFF-A375-A9D52AFA7A1C}" = dir=in | app=c:\program files\kalypso media\port royale 3\portroyale3.exe |
"{543CE704-9646-420F-B697-40EF0B103ECF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5C04EC6D-F925-478E-83B0-7F7C20AAAF0B}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{5EB804B6-655E-4FEF-BE7F-B66725AE2DDF}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{6B212D2C-3C7A-40F6-B848-F279DC8A8D53}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6B984457-3D28-45EC-9212-520BAB72FB4F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6BBD79D0-6D84-4E2D-B5EA-C93464ADECB1}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{71E421CE-F2A6-4DD4-B601-B7C4F1C73340}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{7342C563-DD90-4F93-A04A-FD0DD7ED4110}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{76D12B88-59B8-432A-8F28-14EEDC3BD373}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{77BECCEE-A24E-4200-B546-DBD733BFA569}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7863272F-64FD-43C5-B063-CA5EFC280C25}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{7EAB05BE-FFB6-4EAE-BCA2-F8F21CEC45B4}" = protocol=17 | dir=in | app=c:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe |
"{85303843-6E31-4C30-8549-16BB9F809A17}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{8BADCF3B-C598-4450-85BE-6D8A380F2414}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{8F0D8D8B-7CD1-4954-AD8B-BEC45EBA483D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{8F774128-195B-4BB8-AF9D-985C8B9A6CF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9100115F-A614-4492-B8C7-FEC46CA34A28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A69D0920-2D52-4F43-9725-FAACE08065E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE0A7592-F696-4683-B06D-D009D3160A63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2565B7E-4BCC-479C-B1DD-DA9B396B478E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8D0447C-8B97-419F-856F-50B7A256710B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{C9353610-CEE5-45A2-9A84-3CEB45811AA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA4C2122-C4E5-4862-A17E-8C889FA29D2A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D104514C-DE9E-4F4D-BA22-233B45D5FC29}" = protocol=6 | dir=in | app=c:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe |
"{D6065407-3A05-4C28-93FD-533B6A257209}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{E35DE446-F2FE-49AC-AC31-97A7AD40B366}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{E574B0BD-86AE-4CD4-B6D6-9464035DD8DF}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{E6286C4F-B940-42D1-A2AD-F21C3AE3A866}" = dir=in | app=c:\users\bouni\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{E668F6D6-1443-4B4F-9ACD-0E9EF9D3FE3C}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{E6E88113-6D14-4502-A515-78F451F75294}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F15547BB-B0F2-4426-8B73-3B747C9DFFFC}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{F3661BE2-7586-4E62-89FC-0DF2612FEFD2}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe |
"{F416409C-FC9F-4E89-BE9B-9FAAB150B8E2}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{FDBF19C9-478A-4584-BACA-F9AD44A6DECE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{00EFC803-14AC-43FF-9992-C6477574F743}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{0E23DE26-0094-4453-B2A9-6401ECF5D130}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{131F49DE-6640-42BA-9FBA-BE940D0EF453}C:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{5D3C0669-82BB-4D82-A814-FD45E2610311}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{6AB99FC3-B327-44E4-BB7A-7D853DCF2ED3}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{86C5B1EC-9A81-4274-BEF1-2646168111F7}C:\program files\steam\steamapps\exclusive_thinking\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\exclusive_thinking\condition zero\hl.exe |
"TCP Query User{CEA16382-8A3B-49D3-A692-39FC308A41BE}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{EE621271-9E06-4800-88C6-D31C81428A93}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{632A013D-6197-4ABD-9480-79F59B6FB191}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{86F5DBFA-B2B3-4E8B-95C6-A3392310637C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{8C80409F-D84B-4BCB-9762-3B2E74EA2EB9}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{9865C006-DABE-4801-A1E6-113DE73B629D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B5568C0B-C816-4C80-9B45-AF85EEF21C17}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C8DC7BCB-D439-4034-8996-2514D1217E9C}C:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{CB0CBA55-945C-4BEE-AD3E-B111BB3DD955}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{E18A687C-C184-4EAF-B2EB-B8493B2E5FFA}C:\program files\steam\steamapps\exclusive_thinking\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\exclusive_thinking\condition zero\hl.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011F0}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63C2981B-6E59-4514-8FC8-3C7A6368D0AE}" = HP User Guides 0126
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E6C0842-AD82-40A3-A9EE-30BE62877379}" = Brother HL-3070CW
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CB775ADB-847D-41AD-9CB8-D691FA013F40}" = BibTexMng
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D865F5F2-3C79-4C3C-888A-485AF486E782}" = DigitalPersona Personal 3.1.0
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B7F5C5-D10D-458E-B02C-DA70320A00CC}" = Opexar
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ESET Online Scanner" = ESET Online Scanner v3
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GSview 4.9" = GSview 4.9
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"MatlabR2010a" = MATLAB R2010a
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"R for Windows 2.9.2_is1" = R for Windows 2.9.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 0.9.9
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.05.2011 08:03:21 | Computer Name = bounis_sklave | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.05.2011 08:03:58 | Computer Name = bounis_sklave | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.05.2011 08:08:27 | Computer Name = bounis_sklave | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.05.2011 08:24:50 | Computer Name = bounis_sklave | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.05.2011 11:53:19 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description =
Error - 16.05.2011 13:09:58 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description =
Error - 16.05.2011 13:09:58 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description =
Error - 16.05.2011 13:09:59 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description =
Error - 16.05.2011 13:10:02 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description =
Error - 16.05.2011 13:10:02 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7411 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5559 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5274
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::Notify File: .\MainThread.cpp Line: 6000 Invoked
Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:30:02 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 13.09.2012 08:55:19 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 13.09.2012 11:26:35 | Computer Name = BOUNIS_SKLAVE | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
[ DigitalPersona Pro Events ]
Error - 07.10.2009 06:48:20 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 07.10.2009 06:48:21 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 02.11.2010 15:42:24 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 02.11.2010 15:42:31 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 02.11.2010 15:42:34 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 28.11.2011 18:47:17 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
[ System Events ]
Error - 19.09.2012 17:09:30 | Computer Name = bounis_sklave | Source = DCOM | ID = 10016
Description =
Error - 19.09.2012 17:12:01 | Computer Name = bounis_sklave | Source = Service Control Manager | ID = 7011
Description =
Error - 19.09.2012 17:12:30 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 19.09.2012 17:27:07 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =
Error - 19.09.2012 17:27:10 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =
Error - 20.09.2012 04:27:36 | Computer Name = bounis_sklave | Source = DCOM | ID = 10016
Description =
Error - 20.09.2012 04:27:43 | Computer Name = bounis_sklave | Source = Service Control Manager | ID = 7000
Description =
Error - 20.09.2012 04:34:13 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 20.09.2012 04:43:03 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =
Error - 20.09.2012 04:43:21 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =
< End of report >
|
|
20.09.2012, 10:06
| #36 |
| /// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Geiler Name fürn PC  Schau mal bitte in diesen Ordner und sag mir was drin is C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3}
__________________ --> Bundespolizei Trojaner: Systemwiederherstellung durchgeführt |
|
20.09.2012, 10:24
| #37 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Besten Dank, wollte mit dem Namen nur die Machtverhältnisse sicher stellen Folgende Files sind da drin:  Wobei gestern um die kritische Zeit zwei Files kreiert wurden (die beiden DAT-Dateien):  sowie der Ordner 0C1522E5-74DE-4DDC-9F01-5FA63D501219.aplzod Der von dir gewünschte ordner {57378D17-DAB5-4F69-B2D9-2622717B26B3} ist leer. |
|
20.09.2012, 11:14
| #38 |
| /// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Hi, Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe File not found
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
[2012.09.17 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C5821B4A-8511-43AF-8B5D-D622502EA73D}
[2012.09.16 16:22:17 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D4EBCAA6-9A2B-4F22-8A2C-651284825738}
[2012.09.16 04:22:06 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{982B131E-8B81-4992-80C4-77705240AED3}
[2012.09.15 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{21A47432-A0FA-46DF-96EC-2CDCDAE1DCAF}
[2012.09.14 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{7ACA0C7A-A3DA-44B7-A39F-83D1DA402BE5}
[2012.09.13 15:20:16 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{B242B18C-13B2-4445-AE10-1685CD71D494}
[2012.09.13 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{3C6572FF-8669-4D7C-8878-FA857A234A4D}
[2012.09.13 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{34F32623-48EC-4FDE-9673-A5A86DF55E4E}
[2012.09.10 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{E333967A-E26F-44A0-B0B8-A84E8F11372F}
[2012.09.06 14:38:45 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{447CA8C4-7195-4BE3-8BFB-0A3106B47C84}
[2012.09.02 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{9950D904-A89D-423F-9DE3-50A1440FDED9}
[2012.08.31 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C6F2F373-AB5A-42F5-BF33-5F2F682F2F17}
[2012.08.31 03:50:59 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{0B8D096C-0518-4611-AF41-2DFDF839DC5C}
[2012.08.28 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{63A539B6-E17F-46D6-9F3B-D50591AEAD24}
[2012.08.26 11:54:13 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C36316A7-629D-4B67-88B1-F48A1F8A2A80}
[2012.08.24 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3}
[2012.09.20 10:26:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 10:26:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
 [*] Schließe alle Programme.[*] Klicke auf den Fix Button.[*] Klick auf  .[*] OTL verlangt einen Neustart. Bitte zulassen.[*] Nach dem Neustart findest Du ein Textdokument.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.09.2012, 11:33
| #39 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Mein Sklave ist beim booten zwar immer noch etwa doppelt so langsam wie gestern, aber ist durchaus das Level von vor der Aktion hier... Der Desktop wird wieder angezeigt und die Dokumente in den Foldern auch. An was hats gelegen? An dem Apple Update? Hier noch das txt File: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ApplePhotoStreams deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iCloudServices deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MobileDocuments deleted successfully.
C:\Users\bouni\AppData\Local\{C5821B4A-8511-43AF-8B5D-D622502EA73D} folder moved successfully.
C:\Users\bouni\AppData\Local\{D4EBCAA6-9A2B-4F22-8A2C-651284825738} folder moved successfully.
C:\Users\bouni\AppData\Local\{982B131E-8B81-4992-80C4-77705240AED3} folder moved successfully.
C:\Users\bouni\AppData\Local\{21A47432-A0FA-46DF-96EC-2CDCDAE1DCAF} folder moved successfully.
C:\Users\bouni\AppData\Local\{7ACA0C7A-A3DA-44B7-A39F-83D1DA402BE5} folder moved successfully.
C:\Users\bouni\AppData\Local\{B242B18C-13B2-4445-AE10-1685CD71D494} folder moved successfully.
C:\Users\bouni\AppData\Local\{3C6572FF-8669-4D7C-8878-FA857A234A4D} folder moved successfully.
C:\Users\bouni\AppData\Local\{34F32623-48EC-4FDE-9673-A5A86DF55E4E} folder moved successfully.
C:\Users\bouni\AppData\Local\{E333967A-E26F-44A0-B0B8-A84E8F11372F} folder moved successfully.
C:\Users\bouni\AppData\Local\{447CA8C4-7195-4BE3-8BFB-0A3106B47C84} folder moved successfully.
C:\Users\bouni\AppData\Local\{9950D904-A89D-423F-9DE3-50A1440FDED9} folder moved successfully.
C:\Users\bouni\AppData\Local\{C6F2F373-AB5A-42F5-BF33-5F2F682F2F17} folder moved successfully.
C:\Users\bouni\AppData\Local\{0B8D096C-0518-4611-AF41-2DFDF839DC5C} folder moved successfully.
C:\Users\bouni\AppData\Local\{63A539B6-E17F-46D6-9F3B-D50591AEAD24} folder moved successfully.
C:\Users\bouni\AppData\Local\{C36316A7-629D-4B67-88B1-F48A1F8A2A80} folder moved successfully.
C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3} folder moved successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
OTL by OldTimer - Version 3.2.64.0 log created on 09202012_122514
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
20.09.2012, 11:54
| #40 |
| /// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Joah, soviele Überbleibsel ohne direkte Zugehörigkeit können schonmal Schluckauf bringen  .Cleanup Button in OTL drücken und fertig sind wir .
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.09.2012, 17:27
| #41 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Besten Dank für deine Hilfe. Es funktioniert nun fast alles... Es kommen noch paar solche Fehlermeldungen:  Aber das bekomm ich irgendwie schon noch hin ansonsten haue ich dich nochmals per PN oder so... Wirklich nochmals besten Dank für die kompetente Unterstützung, sehr gute Erklärung/Anweisung und tolle Hilfe!Grüsse Schwizer |
|
20.09.2012, 18:55
| #42 |
| /// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Wann kommt die Meldung?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.09.2012, 19:08
| #43 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt das kommt wenn ich den pc aufstarte oder abmelde und wieder neu anmelde... |
|
20.09.2012, 19:35
| #44 |
| /// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Das gehört zur Cyberlink Power Camera oder ähnlicher Software von Cyberlink. Deinstallieren und Neu installieren sollte helfen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.09.2012, 20:09
| #45 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Den hab ich weg bekommen, aber mein Rechner ist noch immer recht am Limit... so schlimm wars noch nie... Ich stell mal paar Bilder vom Taskmanager rauf... Alleine Dropbox braucht so viel Arbeitsspeicher... kann doch nicht normal sein?     Es werden die ganze Zeit irgendwelche Indexe und Protokolle gesucht... |
|
| Themen zu Bundespolizei Trojaner: Systemwiederherstellung durchgeführt |
| anti-malware, beste, besten, bräuchte, durchgeführt, einfach, eingefangen, entferne, entfernen, gemerkt, gen, google, guten, komplett, komplett entfernen, komplette, laufen, malwarebytes, miteinander, quarantäne, resultate, scan, stelle, systemwiederherstellung, trojaner |
Linear-Darstellung
