| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner eingefangen...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.05.2013, 22:43
| #1 |
 |  GVU Trojaner eingefangen... Hallo, leider habe ich mir einen GVU-Trojaner eingefangen und werde aufgefordert meinen PC gegen Geld freischalten zu lassen. Abgesicherter Modus funktioniert. Habe OLT Gelände und ausgeführt. Die Files kann ich Posten, wenn GMER durch ist (beide Programme habe ich aus Einträgen in diesem Forum). Benötige Hilfe! Gruß, S2k13 |
|
14.05.2013, 22:47
| #4 |
| /// Malware-holic   | GVU Trojaner eingefangen... ist ok, poste das otl log
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.05.2013, 22:56
| #5 |
| | GVU Trojaner eingefangen... Hallo. OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/14/2013 10:56:54 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2.86 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 81.75% Memory free 5.72 Gb Paging File | 5.24 Gb Available in Paging File | 91.47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 223.93 Gb Free Space | 75.12% Space Free | Partition Type: NTFS Computer Name: CE05278 | User Name: ****** | NOT logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/14 22:56:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe PRC - [2011/08/03 11:57:20 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2011/08/03 11:57:18 | 001,846,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/14 03:14:21 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe ========== Modules (No Company Name) ========== MOD - [2011/03/24 03:48:00 | 000,043,520 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL ========== Services (SafeList) ========== SRV - [2013/04/20 18:17:11 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/10/03 16:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012/05/17 19:43:42 | 006,775,632 | ---- | M] (Autonomy Corporation plc) [Auto | Stopped] -- C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe -- (AgentService) SRV - [2012/01/13 10:17:42 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2011/10/18 19:24:32 | 000,355,496 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender) SRV - [2011/08/03 11:57:20 | 000,357,808 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC) SRV - [2011/08/03 11:57:20 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2011/08/03 11:57:20 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2011/08/03 11:57:18 | 001,897,960 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2011/08/03 11:57:18 | 001,846,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2011/06/20 10:33:30 | 000,129,904 | ---- | M] (SAP AG) [Auto | Stopped] -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe -- (NWSAPAutoWorkstationUpdateSvc) SRV - [2011/05/13 10:05:12 | 001,589,760 | ---- | M] (SAP, Walldorf) [Auto | Stopped] -- C:\Program Files\SAP\SAPSPrint\sapsprint.exe -- (SAPSprint) SRV - [2011/03/24 03:48:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc) SRV - [2011/03/24 03:48:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2011/02/18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2011/02/07 18:40:08 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2010/12/03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2010/12/02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010/11/24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2010/04/20 13:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2010/04/20 13:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2010/04/07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009/09/29 17:25:38 | 000,099,768 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec) SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr) SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/04/29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2013/01/16 11:00:00 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130513.004\NAVEX15.SYS -- (NAVEX15) DRV - [2013/01/16 11:00:00 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130513.004\NAVENG.SYS -- (NAVENG) DRV - [2012/08/09 10:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/08/09 10:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220) DRV - [2012/06/27 16:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012/05/21 06:53:28 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012/05/17 19:43:42 | 000,045,384 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV_Tracker.sys -- (LV_Tracker) DRV - [2012/01/13 10:08:24 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2012/01/13 10:07:32 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock) DRV - [2011/08/03 11:57:20 | 000,321,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2011/08/03 11:57:20 | 000,287,352 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2011/08/03 11:57:20 | 000,043,768 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2011/03/24 03:48:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD) DRV - [2011/03/24 03:48:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF) DRV - [2011/01/13 14:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf) DRV - [2011/01/13 14:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2010/08/30 20:15:54 | 000,247,808 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010/08/24 15:31:07 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI) DRV - [2010/08/24 15:31:06 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2010/08/24 15:31:06 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2010/08/02 16:42:44 | 000,111,192 | ---- | M] (Deterministic Networks, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dnelwf.sys -- (DNE) DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010/02/27 08:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/01/21 06:14:48 | 000,485,944 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009/12/10 02:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) DRV - [2009/11/02 18:43:16 | 000,129,304 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vna.sys -- (VNA) DRV - [2009/10/27 01:53:16 | 000,126,080 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\5U877.sys -- (5U877) DRV - [2009/10/26 07:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci) DRV - [2009/10/05 06:05:56 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009/09/28 07:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie) DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2009/09/17 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009/07/14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2009/04/29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2007/02/19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://sso.******.com/authent/authent_form.asp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC DE 47 C0 15 47 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{B32C20FF-2324-4BCC-B0C3-56B5EA1A7212}: "URL" = hxxp://www.google.de/search?q= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_197.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\******\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\******\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/20 18:17:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/20 18:17:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/20 23:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions [2013/03/22 16:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\ffld4oo5.default\extensions [2013/04/20 18:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/04/20 18:17:12 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/04/20 18:17:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/04/20 18:17:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/04/20 18:17:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/04/20 18:17:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/04/20 18:17:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/04/20 18:17:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.startfenster.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\******\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\******\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Capexpenses\jre\jre6_14-b08\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe (Autonomy Corporation plc) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [ctfmon.exe] C:\ProgramData\0jmlje.dat (Microsoft Corporation) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk = C:\Program Files\Yammer\Yammer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: bcdtravel-portal.net ([www] https in Trusted sites) O15 - HKLM\..Trusted Domains: ******.com ([]* in Local intranet) O15 - HKLM\..Trusted Domains: ******.de ([]* in Local intranet) O15 - HKLM\..Trusted Domains: sdm.de ([]* in Local intranet) O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Local intranet) O15 - HKLM\..Trusted Domains: skillwsa.com ([cgcontent] https in Local intranet) O15 - HKLM\..Trusted Domains: sumtotalsystems.com ([******] https in Local intranet) O15 - HKCU\..Trusted Domains: libri.biz ([mayersche] * in Trusted sites) O15 - HKCU\..Trusted Domains: mercateo.com ([www] * in Trusted sites) O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://sslgw1.beiersdorfgroup.com/CSHELL/extender.cab (SlimClient Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP7-15458/webex/ieatgpc1.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.150.97 194.145.226.26 10.44.24.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.******.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66DE07F5-59E8-4DAB-AE13-3F68856E3D1E}: DhcpNameServer = 217.237.150.97 194.145.226.26 10.44.24.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB412C7A-0B3D-4464-BB51-5C2564CA9CF8}: DhcpNameServer = 205.223.229.84 205.223.229.9 O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{52585696-3f2c-11e2-bf01-cc52af4d54db}\Shell - "" = AutoRun O33 - MountPoints2\{52585696-3f2c-11e2-bf01-cc52af4d54db}\Shell\AutoRun\command - "" = F:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/14 22:56:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe [2013/05/14 22:16:12 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\0jmlje.dat [2013/05/14 22:16:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013/05/14 22:16:10 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Users\******\1508452.dll [2013/04/20 18:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/14 22:56:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe [2013/05/14 22:54:01 | 000,050,477 | ---- | M] () -- C:\Users\******\Desktop\Defogger.exe [2013/05/14 22:50:15 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/05/14 22:50:14 | 2305,560,576 | -HS- | M] () -- C:\hiberfil.sys [2013/05/14 22:48:56 | 000,012,400 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/14 22:48:56 | 000,012,400 | -H-- | M] () -- C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/14 22:46:33 | 000,000,463 | ---- | M] () -- C:\WINDOWS\SMSCFG.INI [2013/05/14 22:44:14 | 095,023,320 | ---- | M] () -- C:\ProgramData\ejlmj0.pad [2013/05/14 22:44:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/05/14 22:42:25 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2013/05/14 22:16:18 | 000,001,039 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013/05/14 21:55:58 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1531082355-734649621-3782574898-1190727UA.job [2013/05/14 21:55:58 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/05/14 18:10:28 | 000,003,134 | RHS- | M] () -- C:\Users\******\ntuser.pol [2013/05/14 18:10:18 | 000,065,871 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013/05/14 16:43:00 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1531082355-734649621-3782574898-1190727Core.job [2013/05/13 14:31:56 | 000,001,832 | ---- | M] () -- C:\Users\******\AppData\Local\SLC_******.prx [2013/05/09 11:53:51 | 000,000,939 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk [2013/05/08 08:30:45 | 000,620,584 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/05/08 08:30:45 | 000,109,014 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/04/24 09:24:20 | 000,087,975 | ---- | M] () -- C:\Users\******\Desktop\Bestätigung Bären Zarten.pdf [2013/04/18 15:12:22 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Connected BackupPC.lnk [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/14 22:53:59 | 000,050,477 | ---- | C] () -- C:\Users\******\Desktop\Defogger.exe [2013/05/14 22:42:25 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2013/05/14 22:16:18 | 000,001,039 | ---- | C] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk [2013/05/14 22:16:15 | 095,023,320 | ---- | C] () -- C:\ProgramData\ejlmj0.pad [2013/04/24 09:24:19 | 000,087,975 | ---- | C] () -- C:\Users\******\Desktop\Bestätigung Bären Zarten.pdf [2013/04/05 17:20:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\BSD [2013/04/05 17:20:45 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Audio Units [2013/04/05 17:20:45 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Calibrators [2013/04/05 17:19:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\AccountTypes [2013/03/09 17:05:13 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Automatic Filter [2013/03/09 17:05:13 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Audio [2013/03/09 17:05:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2013/03/09 17:05:13 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bundle [2013/03/09 17:04:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Automator [2013/03/09 17:04:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Authentication [2013/03/09 17:04:20 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Audio Unit Effect [2013/03/09 17:04:20 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Applications [2013/03/09 17:04:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2013/03/09 17:04:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2013/03/09 17:04:20 | 000,000,012 | RH-- | C] () -- C:\ProgramData\CMMs [2013/03/09 17:02:51 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeu.DAT [2013/03/09 17:01:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Brother [2013/03/09 17:01:55 | 000,000,268 | RH-- | C] () -- C:\Users\******\AppData\Roaming\Bass Reduction [2013/03/09 17:01:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT [2013/03/09 17:01:55 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions [2013/02/07 17:28:06 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2012/11/02 10:36:35 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini [2012/05/26 09:34:10 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\PrintBrmUi.exe [2011/12/24 22:15:00 | 008,414,449 | ---- | C] () -- C:\Users\******\Kalimba.mp3 [2011/11/04 14:03:26 | 000,038,274 | ---- | C] () -- C:\Users\******\AppData\Roaming\Microsoft Access 97-2003.ADR [2011/10/20 21:46:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2011/10/20 21:46:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2011/10/19 20:33:09 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll [2011/10/19 20:33:09 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll [2011/10/19 20:33:09 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll [2011/10/19 20:33:09 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll [2011/10/19 20:33:08 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll [2011/10/12 08:40:06 | 000,001,832 | ---- | C] () -- C:\Users\******\AppData\Local\SLC_******.prx [2011/10/09 16:06:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll [2011/09/27 10:16:57 | 000,003,134 | RHS- | C] () -- C:\Users\******\ntuser.pol [2011/09/19 11:46:33 | 000,065,871 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/09/19 11:09:05 | 000,000,463 | ---- | C] () -- C:\WINDOWS\SMSCFG.INI [2011/09/19 11:01:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\iglhsip32.dll [2011/09/19 11:01:42 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\iglhcp32.dll [2011/09/19 11:01:41 | 000,870,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin [2011/09/19 11:01:39 | 000,104,796 | ---- | C] () -- C:\WINDOWS\System32\igfcg575m.bin [2011/09/19 11:01:39 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll [2011/09/19 11:01:33 | 000,127,868 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin [2011/09/19 11:01:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config [2011/09/19 10:58:02 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/11/08 20:03:36 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Audacity [2011/12/31 07:22:26 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FreeCommander [2012/04/21 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia [2012/04/21 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Nokia Suite [2012/04/21 15:17:00 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PC Suite [2011/09/19 11:16:42 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\PwrMgr [2011/11/14 06:27:46 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Research In Motion [2013/05/13 14:32:10 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\SAP [2012/12/07 11:04:33 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\webex [2011/11/09 12:46:03 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Yammer ========== Purity Check ========== < End of report > Hallo nochmal... hier auch die Datei Extras.txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 5/14/2013 10:56:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\******\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
2.86 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 81.75% Memory free
5.72 Gb Paging File | 5.24 Gb Available in Paging File | 91.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 223.93 Gb Free Space | 75.12% Space Free | Partition Type: NTFS
Computer Name: CE05278 | User Name: ****** | NOT logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DefaultInboundAction" = 1
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"WMI-ASYNC-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-WINMGMT-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|
"WMI-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|
"FPS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP6-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-ICMP4-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Name-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-SMB-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|
"FPS-NB_Session-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|
"{09F5B492-B063-4B93-8EBD-38D4743435FD}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2701|LPort=2702|LPort=135|Name=SCCM Remote Tools Ports: 2701, 2702, 135 TCP|
"{B483CEAD-A6E5-42B0-A8D4-D802CCA932EA}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=2701|LPort=2702|Name=SCCM Remote Tools Ports: 2701, 2702 UDP|
"{01E18610-24E5-40A6-9703-35F80723C770}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=80|Name=HTTP Port 80 TCP|
"{8AF05D1E-3B7A-422B-9C20-21510E74B651}" = v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=443|Name=HTTPS Port 443 TCP|
"RemoteSvcAdmin-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|
"RemoteSvcAdmin-NP-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|
"RemoteSvcAdmin-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|
"{51B4D0A8-126E-45B8-9C80-3E6B40E1C1F4}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2701|LPort=2702|Name=ITICS - Configuration Manager Remote Control (TCP-In)|
"{D56B5CE0-9E71-45DA-8863-6529B1062D42}" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=2701|LPort=2702|Name=ITICS - Configuration Manager Remote Control (UDP-In)|
"RemoteDesktop-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"EnableFirewall" = 1
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"EnableFirewall" = 1
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032EA77E-FDD3-4D99-912D-E668F84D5ED7}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{0400E566-AEDD-42A8-B9AB-B560AC5458BC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0B0AB6DD-6214-4853-B739-9B176C3992C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12163AB1-1042-41F0-9F50-A7F53348234B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{36007D0F-F750-4FDC-AB7C-7B093B6317CB}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{44F0B3BE-3799-4D83-B546-924A80758F71}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{487FB238-C88D-400F-98C1-E133160F8A0D}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{629D089E-403C-47CC-9A15-11C8B556548C}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{658A0A81-960D-48F8-845A-78481E021A99}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{70D5CA81-12D7-49D7-BA24-5F41A58AB3BD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{87AD4968-D917-4AC6-ACA9-C014D88D83BE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8A356BD9-9115-4DDF-AEC1-2546C3F18D60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{91D5D309-D666-463F-B0E5-B0A9D8B859C7}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{93C47987-99F2-4293-A19D-F514E6340D72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A50E08C3-D14B-4B7C-AD56-B9462D2BEA5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE750F66-85C9-496A-BB76-235E602E0666}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E49BD542-BA91-492F-878D-DC1EC697445C}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{E5A6B54D-5E5C-424C-9858-18B59F1B872D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F565E8DB-8CDE-4352-AEA4-E6D377EDAAB6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09EC91EF-05C1-429D-9E0F-5BDE74EF97A1}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{0B9884B8-74AA-4C4D-9E9C-1083C6D487C2}" = protocol=17 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{167FBD7F-E857-4015-900D-0C4BF8E788BA}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{1F82AD68-3493-42A0-B7EC-91A62816D049}" = protocol=17 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{2F6BE8DF-FBEA-47EE-9F48-0777A5E32E42}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{36E53F1F-51D4-4ED2-9071-CF5D41B74D26}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3908232F-E3B5-424B-8013-60AD2BEA1147}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{3F013A5D-1C5A-41F0-86A1-4F2083DD4CA1}" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{45031986-F702-46E1-A447-6F9FDC144042}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4AA06FE1-ABA1-4555-8503-4B260ABEABFF}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{4CC5BE61-2949-469F-9518-CADE18B2B377}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{57D6E9CD-ABE5-4EA5-9993-4711B546B665}" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{5B3FE120-F8DE-4EF9-A9D7-D825416890C2}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{5BC87ADC-0488-4E6B-BF61-E0797F731C82}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5C3588C1-ABA1-4481-969D-59ED66D98D3C}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{5D566964-0A4B-4889-BAA9-4B41505E021D}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{5D8613BD-DE97-4C09-BE41-317610338DFE}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{5EFAE97E-C7B8-4645-B6E5-F3C44CD81BCD}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{5FA72524-9CAD-4C1F-8B21-C3F92DB5D680}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{630D2D0A-EDCB-4C64-975B-182BE686226E}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{64C04D5D-D0EE-4E4B-A373-9CEA85BC3BC6}" = protocol=6 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{6DE140B1-313C-4E92-B5E4-35E5B036FF7E}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{6F16A36F-0321-4A5F-B3B2-41996C208225}" = dir=in | app=c:\program files\checkpoint\ssl network extender\slimsvc.exe |
"{75A64427-DBD7-4C00-8D5D-4DEAC027AA57}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{80F8F348-A87A-468B-AD18-1447AD44D545}" = protocol=6 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{8671EA06-1CF3-4F03-B3DB-5BCECC316D26}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{86DE013C-8E54-4D7E-9D71-BD1F15FB7931}" = protocol=17 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{8D68A0DE-40AD-44BC-8325-77149FFE783B}" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{94AB952C-5831-4D60-A7DF-E26C8B88FE68}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{A403430A-4A7E-4CC1-AD84-46559E77600E}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{A8D3E784-0264-472D-9232-E3DE9EB151B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"{B0C5ABE8-578C-4820-B126-15A0D07D8938}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{B1D83057-C77C-408C-8DDB-A320719B1013}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{BE71E780-EB36-49C7-A30D-23E5300F2A9B}" = protocol=6 | dir=in | app=c:\program files\iron mountain\connected backuppc\agent.exe |
"{BFED75E7-14DF-4108-B887-B73591119EEE}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{C1659CB1-073A-40AD-B12C-1BCEF8561680}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C3D1BF0E-7AC3-4B52-918E-1120C91B228B}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{C6CF85A0-0690-45D8-8E65-2891EE9F0F7D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{DEF5A49A-69AF-4C41-ABE5-18280DCB2070}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{E38DFBC9-FB14-47F5-8987-6F22FC9384CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{F24D8945-BC9F-43CA-BBD4-536D15795174}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{F581CF35-A36A-4B2A-8542-7D1EDC219F67}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{52C96806-0824-4597-82BA-FC62F80E83C8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{600AD822-5E9A-4FB2-977A-B55BE8625E43}C:\program files\microsoft office communicator\communicator.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"TCP Query User{75F833AC-F0D2-4BD4-8BB9-CAB003022839}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BE0FD395-2829-446C-9163-DA390A75E979}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DB92465B-D35D-4198-BE0E-62846CEE4153}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"TCP Query User{ED2C8A29-45CB-4638-90EF-34D4B9636703}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"UDP Query User{483A06B3-0473-493B-B8D3-0401F26910C3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{54A371FB-5213-4780-95F1-AC0D27B59804}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5DFA13BF-BF26-4856-B0AB-EB977414FF25}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"UDP Query User{990334A0-611E-4544-9786-4513D211F481}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"UDP Query User{D779D4E2-20DB-4DAB-975A-19B74C990D7F}C:\program files\microsoft office communicator\communicator.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |
"UDP Query User{D7E3C2B8-2DA2-4E71-8F34-62B1A182DABD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U]_AVS_IE_Add-on" = [verify-U]_AVS_IE_Add-on
"{0009FEDA-0005-0409-0000-1111CAB70015}" = CE Templates & Tools 7.5.2
"{0009FEDA-0007-0409-0000-1111CAB70015}" = CE Templates & Tools
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2
"{10114C8C-0409-0001-2011-CABE8BEFC0FE}" = Capexpenses_Core_V1.0
"{1011ABB1-0409-0005-2012-CABE8BEFABB1}" = Capexpenses Classic 2.0
"{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express
"{13BEAC7C-69C1-4A9E-89A3-D5F311DE2B69}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{17FA7788-DA17-41EB-912C-FEB4FE0221E9}_is1" = ******** Maps Template for PowerPoint 2007 7.03
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F5436B3-188E-4C95-9ECF-3AF1D6488657}" = Ghostscript
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{393E4C89-67E9-43BF-AD29-94D19F7624F7}" = Connected Backup/PC Agent
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5192F4D1-5173-4450-84AD-EAF6C695A86A}" = Internet Explorer
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5E2E4797-502A-4FFD-81EC-F9BA8BF0C581}" = Symantec Endpoint Protection
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78401D0D-DD35-46F1-9539-E44566DDACBF}" = DNE Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}" = BlackBerry Desktop Software 7.1
"{85BE320B-A37D-42DA-B9BE-20A40B6A05E3}" = Cisco AnyConnect Secure Mobility Client
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BA33573-9E98-4971-84E9-BC9AA2EB0600}_is1" = ******** Flags Template for PowerPoint 2007 7.03
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_Access_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90a40bf2-b776-4d93-9ef4-7b6ec74ba072}" = Check Point SSL Network Extender
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{972E6F25-7FFF-454A-B320-AD3579E00E53}" = CGShortcuts
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{A81EB5BC-F764-308A-B979-0F8F078DAB29}" = Yammer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B2817391-97C2-4A88-A952-14920594BD62}" = Short Movie Creator
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BB26BFF5-5BB1-43D1-8D04-83A536D2EDD9}" = ExplorerSettings
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"7-Zip" = 7-Zip 4.65
"Access" = Microsoft Office Access 2007
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"FreeCommander_is1" = FreeCommander 2009.02b
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"internal_ss-1280x1024-sta_loc_pla" = internal_ss-1280x1024-sta_loc_pla Screen Saver
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAP_JNet" = SAP JNet
"SAP_NwBC" = SAP Netweaver Business Client 3.0
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPBI" = SAP Business Explorer
"SAPConsole" = SAP Console 7.10
"SAPGUI710" = SAP GUI for Windows 7.20
"SAPPdfPrint" = SAP PDFPRINT
"SAPSPrint" = SAP Print Service
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 2.0.5
"Yammer" = Yammer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ARIS Express 2.3" = ARIS Express 2.3
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.05.2013 16:36:21 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.05.2013 16:36:21 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9484
Error - 14.05.2013 16:36:21 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9484
Error - 14.05.2013 16:36:22 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.05.2013 16:36:22 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10764
Error - 14.05.2013 16:36:22 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10764
Error - 14.05.2013 16:36:23 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.05.2013 16:36:23 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11856
Error - 14.05.2013 16:36:23 | Computer Name = CE05278.corp.********.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11856
Error - 14.05.2013 16:46:21 | Computer Name = CE05278.corp.********.com | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Malscript in File: C:\ProgramData\ejlmj0.js
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file
was deleted successfully.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 03.05.2013 08:38:23 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 03.05.2013 08:38:23 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: An existing
connection was forcibly closed by the remote host.
Error - 03.05.2013 08:38:23 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CCvcConfig::CCvcConfig File: .\vpnconfig.cpp Line: 553 Invoked
Function: CCvcConfig::readConfigParamFromFile Return Code: -33030135 (0xFE080009)
Description:
CVCCONFIG_ERROR_UNEXPECTED
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::connectTransport File: .\IPC\SocketTransport.cpp
Line:
732 Invoked Function: ::WSAConnect Return Code: 10051 (0x00002743) Description: A
socket operation was attempted to an unreachable network.
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::performDNSRequest File: .\IP\DNSRequest.cpp Line:
395 Invoked Function: CUdpTransport::connectTransport Return Code: -31522804 (0xFE1F000C)
Description:
SOCKETTRANSPORT_ERROR_CONNECT
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::Query File: .\IP\DNSRequest.cpp Line: 306 Invoked
Function: CDNSRequest::performDNSRequest Return Code: -31522804 (0xFE1F000C) Description:
SOCKETTRANSPORT_ERROR_CONNECT
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
801 Invoked Function: DNSRequest::Query Return Code: -31522804 (0xFE1F000C) Description:
SOCKETTRANSPORT_ERROR_CONNECT
Error - 03.05.2013 13:38:33 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
193 Invoked Function: CNetEnvironment::testNetwork Return Code: -31522804 (0xFE1F000C)
Description:
SOCKETTRANSPORT_ERROR_CONNECT
Error - 03.05.2013 13:38:44 | Computer Name = CE05278.corp.********.com | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)
Description:
DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 53.254.11.194.in-addr.arpa via DNS
server 192.168.0.1
[ Media Center Events ]
Error - 18.03.2013 05:36:03 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 10:35:42 - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)
Error - 18.03.2013 05:36:27 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 10:36:24 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)
Error - 27.03.2013 06:19:12 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:19:12 - Failed to retrieve Directory (Error: Unable to connect
to the remote server)
Error - 27.03.2013 06:20:15 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:19:54 - Failed to retrieve MCESpotlight (Error: Unable to connect
to the remote server)
Error - 27.03.2013 06:20:57 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:20:36 - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)
Error - 27.03.2013 06:21:22 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:21:18 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)
Error - 02.04.2013 05:40:36 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:40:35 - Failed to retrieve Directory (Error: Unable to connect
to the remote server)
Error - 02.04.2013 05:41:39 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:41:18 - Failed to retrieve MCESpotlight (Error: Unable to connect
to the remote server)
Error - 02.04.2013 05:42:21 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:42:00 - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)
Error - 02.04.2013 05:42:49 | Computer Name = CE05278.corp.********.com | Source = MCUpdate | ID = 0
Description = 11:42:42 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)
[ OSession Events ]
Error - 02.05.2012 05:52:33 | Computer Name = CE05278.corp.********.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1685 seconds with 720 seconds of active time. This session ended with a
crash.
Error - 27.06.2012 10:17:54 | Computer Name = CE05278.corp.********.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7225
seconds with 360 seconds of active time. This session ended with a crash.
Error - 12.09.2012 09:54:22 | Computer Name = CE05278.corp.********.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 419 seconds with 300 seconds of active time. This session ended with a crash.
Error - 12.09.2012 13:04:45 | Computer Name = CE05278.corp.********.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 12174
seconds with 1620 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.05.2013 16:46:44 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10016
Description =
Error - 14.05.2013 16:49:56 | Computer Name = CE05278.corp.********.com | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.
Error - 14.05.2013 16:50:15 | Computer Name = CE05278.corp.********.com | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:49:23 on ?14.?05.?2013 was unexpected.
Error - 14.05.2013 16:50:20 | Computer Name = CE05278.corp.********.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain CORP due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.
Error - 14.05.2013 16:50:20 | Computer Name = CE05278.corp.********.com | Source = Service Control Manager | ID = 7001
Description = The SAPSprint service depends on the Print Spooler service which failed
to start because of the following error: %%1068
Error - 14.05.2013 16:50:21 | Computer Name = CE05278.corp.********.com | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache eeCtrl lenovo.smi SPBBCDrv spldr SRTSP SRTSPX SYMTDI TPPWRIF Wanarpv6
Error - 14.05.2013 16:50:39 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10005
Description =
Error - 14.05.2013 16:51:01 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10005
Description =
Error - 14.05.2013 16:51:02 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10005
Description =
Error - 14.05.2013 16:51:03 | Computer Name = CE05278.corp.********.com | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
14.05.2013, 23:00
| #6 |
| /// Malware-holic | GVU Trojaner eingefangen... Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [ctfmon.exe] C:\ProgramData\0jmlje.dat (Microsoft Corporation)
[2013/05/14 22:16:12 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\0jmlje.dat
[2013/05/14 22:16:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/05/14 22:16:10 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Users\******\1508452.dll
[2013/05/14 22:44:14 | 095,023,320 | ---- | M] () -- C:\ProgramData\ejlmj0.pad
[2013/05/14 22:16:18 | 000,001,039 | ---- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ --> GVU Trojaner eingefangen... |
|
14.05.2013, 23:06
| #7 |
| | GVU Trojaner eingefangen... OK, der Neustart steht an und ich bin dann mal kurz weg. Danach poste ich den Inhalt des genannten Files. Bis gleich, S2k13 |
|
14.05.2013, 23:08
| #8 |
| /// Malware-holic | GVU Trojaner eingefangen... und den Upload, solche Zwischenposts kannst du aber schon weglassen :d
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.05.2013, 23:16
| #9 |
| | GVU Trojaner eingefangen... Hallo, hier der Inhalt der Datei: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully. C:\ProgramData\0jmlje.dat moved successfully. File C:\ProgramData\0jmlje.dat not found. C:\ProgramData\rundll32.exe moved successfully. File C:\Users\******\1508452.dll not found. C:\ProgramData\ejlmj0.pad moved successfully. C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 902623 bytes ->Flash cache emptied: 57472 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: ****** ->Temp folder emptied: 515729823 bytes ->Temporary Internet Files folder emptied: 79544816 bytes ->Java cache emptied: 164293389 bytes ->FireFox cache emptied: 112444198 bytes ->Google Chrome cache emptied: 405889500 bytes ->Apple Safari cache emptied: 45069312 bytes ->Flash cache emptied: 57983 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 133758081 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 6711886567 bytes Total Files Cleaned = 7,791.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05152013_000308 Files\Folders moved on Reboot... File\Folder C:\Users\******\AppData\Local\Temp\~DF1093D3A25D7AB203.TMP not found! File\Folder C:\Users\******\AppData\Local\Temp\~DF3B550A7803C60A4F.TMP not found! File\Folder C:\Users\******\AppData\Local\Temp\~DF402F512C8993E1F6.TMP not found! File\Folder C:\Users\******\AppData\Local\Temp\~DF5F32D82E020CDF60.TMP not found! File\Folder C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\58V9DXTF\ads[2].htm not found! File\Folder C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CFAF0O4\134958-gvu-trojaner-eingefangen[2].html not found! File\Folder C:\Users\******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CFAF0O4\ads[4].htm not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Eine Frage habe ich noch... Wenn ich das Verzeichnis MovedFiles in ein zip-Archiv packe und dann hochlade, enthält dies jedoch noch personenbezogene Infos. Soll das so sein? Ich würde es gerne vermeiden... Viele Grüße, S2k13 |
|
14.05.2013, 23:21
| #10 |
| /// Malware-holic | GVU Trojaner eingefangen... die sehe ich nur und lösche die dann
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.05.2013, 23:27
| #11 |
| | GVU Trojaner eingefangen... Hi, leider klappt der Link nicht. Meldung: "Internet Explorer cannot display the webpage"... Gibt es eine Alternative? VG, S2k13 |
|
14.05.2013, 23:27
| #12 |
| /// Malware-holic | GVU Trojaner eingefangen... ja, geht irgendwie grad nich File-Upload.net - Ihr kostenloser File Hoster! da hochladen, download und löschlink als private nachicht an mich
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.05.2013, 23:30
| #13 |
| /// Malware-holic | GVU Trojaner eingefangen... Uploadchannel geht auch wieder
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.05.2013, 23:32
| #14 |
| | GVU Trojaner eingefangen... Hallo, die PM is eben raus. Ist der PC jetzt wieder vollständig sauber? Gibt es weiteres zu beachten, um künftig sicher surfen zu können? Danke vorab. Gruß, S2k13 |
|
14.05.2013, 23:32
| #15 |
| /// Malware-holic | GVU Trojaner eingefangen... geladen und gelöscht, thx Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU Trojaner eingefangen... |
| eingefangen, einträge, einträgen, files, forum, freischalten, funktionier, gefangen, geld, gen, gmer, gvu trojaner, gvu-trojaner, modus, poste, posten, programme, troja, trojaner, träge |
Textbox. 
Linear-Darstellung
