Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei Trojaner: Systemwiederherstellung durchgeführt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.09.2012, 21:31   #31
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



nachdem ich in OTL den CleanUp Button gedrückt habe und ein Neustart durchgeführt habe wird mein Desktophintergrund nicht mehr angezeigt und keine Bilder werden mehr in der Vorschau gezeigt... Ich hab absolut keine Ahnung welche einstellung hier geändert wurde und ob diese Änderungen die Einzigen waren.

Hier ein Screen, in dem Ordner polyball müssten Vorschauen von Bilder zu sehen sein:

-desktop.jpg

Ich habe vorgängig noch ein update von itunes und iCloud gemacht falls das einen Einfluss haben könnte.

Geändert von Schwizer (19.09.2012 um 21:42 Uhr)

Alt 20.09.2012, 06:53   #32
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Starte nochmal neu. Immer noch?
__________________

__________________

Alt 20.09.2012, 09:35   #33
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Auch nach dem neustarten.

Ich hatte solche Freude, dass der Rechner vor dem letzten Schritt viel schneller war. So war auch die Aufstarten Phase viel kürzer. Jetzt ist er wieder recht langsam

Da ich Apple aktualisiert hatte, habe ich mal alle Programme von Apple deinstalliert, aber auch das hat nichts gebracht
__________________

Alt 20.09.2012, 09:42   #34
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Lade OTl bitte neu und lass es laufen, poste die Logfiles.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.09.2012, 09:55   #35
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



OTL Logfile:

Code:
ATTFilter
OTL logfile created on: 20.09.2012 10:44:34 - Run 1
OTL by OldTimer - Version 3.2.64.0     Folder = C:\Users\bouni\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 49.11% Memory free
6.19 Gb Paging File | 4.68 Gb Available in Paging File | 75.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.54 Gb Total Space | 66.48 Gb Free Space | 23.20% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.27 Gb Free Space | 11.04% Space Free | Partition Type: NTFS
 
Computer Name: BOUNIS_SKLAVE | User Name: bouni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.20 10:43:53 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe
PRC - [2012.09.10 10:46:33 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.02.17 10:37:46 | 015,963,936 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.12.16 17:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe
PRC - [2008.10.26 22:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe
PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008.07.14 19:15:10 | 000,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpAgent.exe
PRC - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe
PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe
PRC - [2008.06.19 13:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.06.19 13:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2001.12.29 09:10:00 | 000,106,561 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.) -- C:\Programme\WinZip\WZQKPICK.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.10 10:46:02 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 03:44:08 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.14 03:40:36 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:40:28 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 03:40:13 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 03:39:16 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.12 18:29:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.11 15:13:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 15:12:28 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012.05.11 15:12:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 15:11:43 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.11 15:11:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 15:10:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.10.17 20:35:51 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.12.21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2009.04.22 22:52:56 | 000,066,856 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 06:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008.09.25 18:42:26 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.06.30 01:10:18 | 000,028,672 | ---- | M] () -- C:\Programme\CyberLink\Shared files\richvideops.dll
MOD - [2008.06.19 13:10:46 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.10 10:46:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe -- (STacSV)
SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe -- (AESTFilters)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\netaapl.sys -- (Netaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.03.23 15:15:57 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.10.26 22:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.19 22:21:00 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.16 10:33:38 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.09.04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.08.07 19:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.08.06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = hxxp://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*hxxp://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{7E82651D-3339-4882-9925-8DEA2110B4C1}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.uzh.ch:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.ch/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.ftp: "proxy.uzh.ch"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "proxy.uzh.ch"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy.uzh.ch"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\bouni\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\bouni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.04.15 17:30:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.07.31 21:30:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.19 22:46:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.19 22:46:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009.04.15 17:30:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.19 22:46:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.19 22:46:09 | 000,000,000 | ---D | M]
 
[2011.08.06 18:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions
[2009.07.05 01:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.09.19 20:26:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions
[2012.08.24 11:53:52 | 000,005,143 | ---- | M] () (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\extensions\50374ef51ab48@50374ef51ab81.info.xpi
[2012.09.10 09:09:33 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-1.xml
[2010.06.24 11:16:05 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-10.xml
[2010.06.30 22:21:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-11.xml
[2010.07.23 14:49:29 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-12.xml
[2010.07.31 12:55:31 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-13.xml
[2010.09.14 23:23:27 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-14.xml
[2010.09.15 00:34:48 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-15.xml
[2010.10.19 00:14:40 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-16.xml
[2010.10.26 20:41:07 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-17.xml
[2010.11.03 15:44:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-18.xml
[2009.10.27 02:04:43 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-2.xml
[2009.10.31 14:52:58 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-3.xml
[2009.10.31 20:24:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-4.xml
[2009.12.17 15:08:15 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-5.xml
[2010.01.09 03:13:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-6.xml
[2010.02.22 13:36:01 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-7.xml
[2010.02.22 23:09:26 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-8.xml
[2010.04.08 16:29:00 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-9.xml
[2009.09.17 14:30:04 | 000,000,944 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin.xml
[2012.09.10 10:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.10 10:45:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.09.04 20:24:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.09.10 10:46:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.19 18:57:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 00:29:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.19 18:57:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 18:57:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 18:57:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 18:57:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.09.18 16:14:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\bouni\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\bouni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61ABEAFE-2C63-4028-92C1-6054469D099F}: DhcpNameServer = 138.188.101.189 138.188.101.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A6DB7DB-9D69-4D6A-A380-042076FFC470}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17B5496-B4DD-41C3-A52E-F53B3BB08079}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\bouni\Pictures\001\DSC_0014.JPG
O24 - Desktop BackupWallPaper: C:\Users\bouni\Pictures\001\DSC_0014.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.20 10:43:50 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe
[2012.09.19 22:15:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.19 22:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.09.19 22:04:43 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.09.19 12:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.18 19:21:00 | 000,000,000 | ---D | C] -- C:\Users\bouni\Documents\EatNow
[2012.09.18 16:38:19 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2012.09.18 16:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.09.18 15:56:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.17 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C5821B4A-8511-43AF-8B5D-D622502EA73D}
[2012.09.16 16:22:17 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D4EBCAA6-9A2B-4F22-8A2C-651284825738}
[2012.09.16 04:22:06 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{982B131E-8B81-4992-80C4-77705240AED3}
[2012.09.15 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{21A47432-A0FA-46DF-96EC-2CDCDAE1DCAF}
[2012.09.14 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{7ACA0C7A-A3DA-44B7-A39F-83D1DA402BE5}
[2012.09.13 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Roaming\Malwarebytes
[2012.09.13 16:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.13 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.13 15:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.13 15:35:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.09.13 15:20:16 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{B242B18C-13B2-4445-AE10-1685CD71D494}
[2012.09.13 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{3C6572FF-8669-4D7C-8878-FA857A234A4D}
[2012.09.13 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{34F32623-48EC-4FDE-9673-A5A86DF55E4E}
[2012.09.10 10:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.10 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{E333967A-E26F-44A0-B0B8-A84E8F11372F}
[2012.09.06 14:38:45 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{447CA8C4-7195-4BE3-8BFB-0A3106B47C84}
[2012.09.02 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{9950D904-A89D-423F-9DE3-50A1440FDED9}
[2012.08.31 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C6F2F373-AB5A-42F5-BF33-5F2F682F2F17}
[2012.08.31 03:50:59 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{0B8D096C-0518-4611-AF41-2DFDF839DC5C}
[2012.08.28 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{63A539B6-E17F-46D6-9F3B-D50591AEAD24}
[2012.08.26 11:54:13 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C36316A7-629D-4B67-88B1-F48A1F8A2A80}
[2012.08.24 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.20 10:48:22 | 000,000,441 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.09.20 10:43:53 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe
[2012.09.20 10:28:57 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.20 10:26:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 10:26:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 10:26:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.20 10:26:07 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.20 03:17:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.20 02:49:01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job
[2012.09.19 23:49:04 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job
[2012.09.19 23:27:41 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\Port Royale 3.lnk
[2012.09.19 22:49:05 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.09.19 22:40:50 | 000,088,994 | ---- | M] () -- C:\Users\bouni\Desktop\Desktop.JPG
[2012.09.19 22:25:38 | 000,007,592 | ---- | M] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat
[2012.09.19 22:15:30 | 000,392,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.18 22:06:48 | 335,088,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.18 17:32:31 | 000,149,504 | ---- | M] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.18 16:34:44 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.09.18 16:34:26 | 000,673,660 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012.09.18 16:34:26 | 000,667,136 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012.09.18 16:34:26 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.18 16:34:26 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.18 16:34:26 | 000,128,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.18 16:34:26 | 000,127,890 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012.09.18 16:34:26 | 000,124,732 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012.09.18 16:34:26 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.18 16:14:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.09.17 16:00:25 | 000,000,176 | ---- | M] () -- C:\Users\bouni\defogger_reenable
[2012.09.15 16:23:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job
[2012.09.13 15:35:57 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2012.09.19 22:28:08 | 000,088,994 | ---- | C] () -- C:\Users\bouni\Desktop\Desktop.JPG
[2012.09.18 21:46:20 | 3218,284,544 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.18 16:34:35 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.09.17 15:59:59 | 000,000,176 | ---- | C] () -- C:\Users\bouni\defogger_reenable
[2012.09.15 15:35:35 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job
[2012.09.13 15:35:57 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.05.03 16:28:48 | 000,000,043 | ---- | C] () -- C:\Users\bouni\gsview32.ini
[2010.05.10 14:58:09 | 003,649,774 | ---- | C] () -- C:\Users\bouni\AppData\Local\tmp031.JPG
[2010.03.15 22:28:33 | 000,023,552 | ---- | C] () -- C:\Users\bouni\AppData\Local\WebpageIcons.db
[2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips
[2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Chorus
[2010.03.01 20:10:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.03.01 20:10:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Horn Section
[2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa
[2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Classic Thick
[2010.03.01 20:10:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Basic
[2010.03.01 20:07:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tribal Masks
[2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Trance Pad
[2010.03.01 19:56:24 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Treble Reduction
[2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Themes
[2010.03.01 19:53:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009.10.09 07:13:49 | 000,000,331 | ---- | C] () -- C:\Users\bouni\Zuletzt besuchte Orte - Verknüpfung.lnk
[2009.05.24 23:57:44 | 000,007,592 | ---- | C] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat
[2009.04.19 20:06:29 | 000,149,504 | ---- | C] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.15 17:34:37 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.04.15 17:31:02 | 000,000,020 | ---- | C] () -- C:\Users\bouni\ho.dir
[2009.04.15 17:21:04 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2011.03.23 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DAEMON Tools Lite
[2009.04.15 16:57:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DigitalPersona
[2012.09.20 10:29:18 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Dropbox
[2011.05.11 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\ICAClient
[2012.05.15 23:23:51 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Kalypso Media
[2011.05.01 21:23:27 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\LimeWire
[2009.11.08 22:16:14 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\My Games
[2010.03.01 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Nikon
[2011.07.31 22:15:35 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Swiss Academic Software
[2011.07.17 14:40:03 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\xm1
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


und hier noch das OTL EXTRAS Logfile:

Code:
ATTFilter
OTL Extras logfile created on: 20.09.2012 10:44:34 - Run 1
OTL by OldTimer - Version 3.2.64.0     Folder = C:\Users\bouni\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 49.11% Memory free
6.19 Gb Paging File | 4.68 Gb Available in Paging File | 75.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.54 Gb Total Space | 66.48 Gb Free Space | 23.20% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.27 Gb Free Space | 11.04% Space Free | Partition Type: NTFS
 
Computer Name: BOUNIS_SKLAVE | User Name: bouni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C15A9D-8F55-49A1-8763-DD50C067A94B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{506F0F08-0F4A-417C-AC33-0CFFDC45F7F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{51FBABD3-2757-44DE-88F8-CC556AD92690}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{547CBC1A-EF2A-4975-AAFB-6A0E3A815B93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{715FD81B-5F45-443A-A6E5-41EE0B1D85CC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{762A524A-8AEF-4767-AB16-8FDCC086BDC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80EA4B6C-5CD2-497C-9C74-C25E78F1C30E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8EFC4CA0-57B0-41B6-A0EE-F287EE4EA02F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9674282F-4D31-48E8-9F9E-AA5E2ED9B752}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB6F3520-CF03-4121-8A90-E526DF999B42}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BA9746FC-D17E-47EF-BDF9-AA83FA7F68DD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7BCEB60-DCC1-4B67-AD62-A85DF42EEBA3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D0FE787D-B517-4903-814C-E04D3FD03F48}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D7EA3DFF-1484-4DE9-8502-02D02BCDD2F5}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0689D1BD-190C-48BA-8818-659ADBB5DE5E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{0E882CE3-23E6-4880-BD0B-3E55455BA302}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{138F4406-DF95-43AD-B520-1919FD1CE20A}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{17497125-D3C7-4D65-B315-42E286E623AD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{1D2F3453-279B-4AA0-AB8B-3B00ADD4428C}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{22DCCE25-CF44-4010-B834-0F5EBF9213A5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{22E84526-AE50-4F76-A9C3-3196CAF62C53}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{26644CD7-4016-48DC-9CC1-C32572ED3BBE}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{28704DA9-3D49-40C5-BECF-56802EFADF12}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2CFCA520-1D60-4FDB-AF74-E33017B2E28F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2E8A590F-EBE2-4F55-A3FE-8F038365C13C}" = protocol=6 | dir=out | app=system | 
"{33CFCE48-31A2-4A0A-9776-663C459C76CF}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{3C844911-F7B8-419E-B29B-A61BC08C8F02}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{3CD7B5C5-8AC0-4FA1-BAAE-B34DF8F4DD69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{49D55AD7-2B95-45FB-BA4D-B182694E5EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4CFBC55D-A2CD-4C50-9933-F36CAAEAAE72}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe | 
"{50ACE72B-861C-454C-B6FE-ECD1CC5AC237}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{50B8C698-1ACD-41AC-9553-FAB5C7B3F1C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{53B8021C-42CB-4AFF-A375-A9D52AFA7A1C}" = dir=in | app=c:\program files\kalypso media\port royale 3\portroyale3.exe | 
"{543CE704-9646-420F-B697-40EF0B103ECF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5C04EC6D-F925-478E-83B0-7F7C20AAAF0B}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | 
"{5EB804B6-655E-4FEF-BE7F-B66725AE2DDF}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{6B212D2C-3C7A-40F6-B848-F279DC8A8D53}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{6B984457-3D28-45EC-9212-520BAB72FB4F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6BBD79D0-6D84-4E2D-B5EA-C93464ADECB1}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{71E421CE-F2A6-4DD4-B601-B7C4F1C73340}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{7342C563-DD90-4F93-A04A-FD0DD7ED4110}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{76D12B88-59B8-432A-8F28-14EEDC3BD373}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{77BECCEE-A24E-4200-B546-DBD733BFA569}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{7863272F-64FD-43C5-B063-CA5EFC280C25}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{7EAB05BE-FFB6-4EAE-BCA2-F8F21CEC45B4}" = protocol=17 | dir=in | app=c:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe | 
"{85303843-6E31-4C30-8549-16BB9F809A17}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{8BADCF3B-C598-4450-85BE-6D8A380F2414}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{8F0D8D8B-7CD1-4954-AD8B-BEC45EBA483D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{8F774128-195B-4BB8-AF9D-985C8B9A6CF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9100115F-A614-4492-B8C7-FEC46CA34A28}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A69D0920-2D52-4F43-9725-FAACE08065E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE0A7592-F696-4683-B06D-D009D3160A63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2565B7E-4BCC-479C-B1DD-DA9B396B478E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8D0447C-8B97-419F-856F-50B7A256710B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{C9353610-CEE5-45A2-9A84-3CEB45811AA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA4C2122-C4E5-4862-A17E-8C889FA29D2A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D104514C-DE9E-4F4D-BA22-233B45D5FC29}" = protocol=6 | dir=in | app=c:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D6065407-3A05-4C28-93FD-533B6A257209}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{E35DE446-F2FE-49AC-AC31-97A7AD40B366}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{E574B0BD-86AE-4CD4-B6D6-9464035DD8DF}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{E6286C4F-B940-42D1-A2AD-F21C3AE3A866}" = dir=in | app=c:\users\bouni\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{E668F6D6-1443-4B4F-9ACD-0E9EF9D3FE3C}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{E6E88113-6D14-4502-A515-78F451F75294}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{F15547BB-B0F2-4426-8B73-3B747C9DFFFC}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{F3661BE2-7586-4E62-89FC-0DF2612FEFD2}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe | 
"{F416409C-FC9F-4E89-BE9B-9FAAB150B8E2}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{FDBF19C9-478A-4584-BACA-F9AD44A6DECE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{00EFC803-14AC-43FF-9992-C6477574F743}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{0E23DE26-0094-4453-B2A9-6401ECF5D130}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{131F49DE-6640-42BA-9FBA-BE940D0EF453}C:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{5D3C0669-82BB-4D82-A814-FD45E2610311}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"TCP Query User{6AB99FC3-B327-44E4-BB7A-7D853DCF2ED3}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{86C5B1EC-9A81-4274-BEF1-2646168111F7}C:\program files\steam\steamapps\exclusive_thinking\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\exclusive_thinking\condition zero\hl.exe | 
"TCP Query User{CEA16382-8A3B-49D3-A692-39FC308A41BE}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{EE621271-9E06-4800-88C6-D31C81428A93}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{632A013D-6197-4ABD-9480-79F59B6FB191}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{86F5DBFA-B2B3-4E8B-95C6-A3392310637C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{8C80409F-D84B-4BCB-9762-3B2E74EA2EB9}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{9865C006-DABE-4801-A1E6-113DE73B629D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{B5568C0B-C816-4C80-9B45-AF85EEF21C17}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{C8DC7BCB-D439-4034-8996-2514D1217E9C}C:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{CB0CBA55-945C-4BEE-AD3E-B111BB3DD955}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{E18A687C-C184-4EAF-B2EB-B8493B2E5FFA}C:\program files\steam\steamapps\exclusive_thinking\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\exclusive_thinking\condition zero\hl.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011F0}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63C2981B-6E59-4514-8FC8-3C7A6368D0AE}" = HP User Guides 0126
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E6C0842-AD82-40A3-A9EE-30BE62877379}" = Brother HL-3070CW
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CB775ADB-847D-41AD-9CB8-D691FA013F40}" = BibTexMng
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D865F5F2-3C79-4C3C-888A-485AF486E782}" = DigitalPersona Personal 3.1.0
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B7F5C5-D10D-458E-B02C-DA70320A00CC}" = Opexar
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ESET Online Scanner" = ESET Online Scanner v3
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GSview 4.9" = GSview 4.9
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"MatlabR2010a" = MATLAB R2010a
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"R for Windows 2.9.2_is1" = R for Windows 2.9.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 0.9.9
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2011 08:03:21 | Computer Name = bounis_sklave | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.05.2011 08:03:58 | Computer Name = bounis_sklave | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.05.2011 08:08:27 | Computer Name = bounis_sklave | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.05.2011 08:24:50 | Computer Name = bounis_sklave | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.05.2011 11:53:19 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = 
 
Error - 16.05.2011 13:09:58 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = 
 
Error - 16.05.2011 13:09:58 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = 
 
Error - 16.05.2011 13:09:59 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = 
 
Error - 16.05.2011 13:10:02 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = 
 
Error - 16.05.2011 13:10:02 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 
2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 7411 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 5559 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5274
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::Notify File: .\MainThread.cpp Line: 6000 Invoked
 Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
 ROUTETABLE_ERROR_GETBESTROUTE_FAILED 
 
Error - 13.09.2012 08:30:02 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 13.09.2012 08:55:19 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 13.09.2012 11:26:35 | Computer Name = BOUNIS_SKLAVE | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
 
[ DigitalPersona Pro Events ]
Error - 07.10.2009 06:48:20 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 07.10.2009 06:48:21 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 02.11.2010 15:42:24 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 02.11.2010 15:42:31 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 02.11.2010 15:42:34 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
Error - 28.11.2011 18:47:17 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
[ System Events ]
Error - 19.09.2012 17:09:30 | Computer Name = bounis_sklave | Source = DCOM | ID = 10016
Description = 
 
Error - 19.09.2012 17:12:01 | Computer Name = bounis_sklave | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 19.09.2012 17:12:30 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 19.09.2012 17:27:07 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = 
 
Error - 19.09.2012 17:27:10 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = 
 
Error - 20.09.2012 04:27:36 | Computer Name = bounis_sklave | Source = DCOM | ID = 10016
Description = 
 
Error - 20.09.2012 04:27:43 | Computer Name = bounis_sklave | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.09.2012 04:34:13 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 20.09.2012 04:43:03 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = 
 
Error - 20.09.2012 04:43:21 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = 
 
 
< End of report >
         
--- --- ---


Alt 20.09.2012, 10:06   #36
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Geiler Name fürn PC

Schau mal bitte in diesen Ordner und sag mir was drin is

C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3}
__________________
--> Bundespolizei Trojaner: Systemwiederherstellung durchgeführt

Alt 20.09.2012, 10:24   #37
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Besten Dank, wollte mit dem Namen nur die Machtverhältnisse sicher stellen

Folgende Files sind da drin:
-aufzeichnen.jpg

Wobei gestern um die kritische Zeit zwei Files kreiert wurden (die beiden DAT-Dateien):
-aufzeichnen2.jpg

sowie der Ordner 0C1522E5-74DE-4DDC-9F01-5FA63D501219.aplzod

Der von dir gewünschte ordner {57378D17-DAB5-4F69-B2D9-2622717B26B3} ist leer.

Alt 20.09.2012, 11:14   #38
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Hi,

Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe File not found
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
[2012.09.17 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C5821B4A-8511-43AF-8B5D-D622502EA73D}
[2012.09.16 16:22:17 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D4EBCAA6-9A2B-4F22-8A2C-651284825738}
[2012.09.16 04:22:06 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{982B131E-8B81-4992-80C4-77705240AED3}
[2012.09.15 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{21A47432-A0FA-46DF-96EC-2CDCDAE1DCAF}
[2012.09.14 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{7ACA0C7A-A3DA-44B7-A39F-83D1DA402BE5}
[2012.09.13 15:20:16 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{B242B18C-13B2-4445-AE10-1685CD71D494}
[2012.09.13 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{3C6572FF-8669-4D7C-8878-FA857A234A4D}
[2012.09.13 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{34F32623-48EC-4FDE-9673-A5A86DF55E4E}
[2012.09.10 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{E333967A-E26F-44A0-B0B8-A84E8F11372F}
[2012.09.06 14:38:45 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{447CA8C4-7195-4BE3-8BFB-0A3106B47C84}
[2012.09.02 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{9950D904-A89D-423F-9DE3-50A1440FDED9}
[2012.08.31 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C6F2F373-AB5A-42F5-BF33-5F2F682F2F17}
[2012.08.31 03:50:59 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{0B8D096C-0518-4611-AF41-2DFDF839DC5C}
[2012.08.28 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{63A539B6-E17F-46D6-9F3B-D50591AEAD24}
[2012.08.26 11:54:13 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C36316A7-629D-4B67-88B1-F48A1F8A2A80}
[2012.08.24 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3}
[2012.09.20 10:26:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.20 10:26:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
         
[list][*]und füge es hier ein: [*] Schließe alle Programme.[*] Klicke auf den Fix Button.[*] Klick auf .[*] OTL verlangt einen Neustart. Bitte zulassen.[*] Nach dem Neustart findest Du ein Textdokument.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.09.2012, 11:33   #39
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Mein Sklave ist beim booten zwar immer noch etwa doppelt so langsam wie gestern, aber ist durchaus das Level von vor der Aktion hier...

Der Desktop wird wieder angezeigt und die Dokumente in den Foldern auch. An was hats gelegen? An dem Apple Update?

Hier noch das txt File:

Code:
ATTFilter
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ApplePhotoStreams deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iCloudServices deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MobileDocuments deleted successfully.
C:\Users\bouni\AppData\Local\{C5821B4A-8511-43AF-8B5D-D622502EA73D} folder moved successfully.
C:\Users\bouni\AppData\Local\{D4EBCAA6-9A2B-4F22-8A2C-651284825738} folder moved successfully.
C:\Users\bouni\AppData\Local\{982B131E-8B81-4992-80C4-77705240AED3} folder moved successfully.
C:\Users\bouni\AppData\Local\{21A47432-A0FA-46DF-96EC-2CDCDAE1DCAF} folder moved successfully.
C:\Users\bouni\AppData\Local\{7ACA0C7A-A3DA-44B7-A39F-83D1DA402BE5} folder moved successfully.
C:\Users\bouni\AppData\Local\{B242B18C-13B2-4445-AE10-1685CD71D494} folder moved successfully.
C:\Users\bouni\AppData\Local\{3C6572FF-8669-4D7C-8878-FA857A234A4D} folder moved successfully.
C:\Users\bouni\AppData\Local\{34F32623-48EC-4FDE-9673-A5A86DF55E4E} folder moved successfully.
C:\Users\bouni\AppData\Local\{E333967A-E26F-44A0-B0B8-A84E8F11372F} folder moved successfully.
C:\Users\bouni\AppData\Local\{447CA8C4-7195-4BE3-8BFB-0A3106B47C84} folder moved successfully.
C:\Users\bouni\AppData\Local\{9950D904-A89D-423F-9DE3-50A1440FDED9} folder moved successfully.
C:\Users\bouni\AppData\Local\{C6F2F373-AB5A-42F5-BF33-5F2F682F2F17} folder moved successfully.
C:\Users\bouni\AppData\Local\{0B8D096C-0518-4611-AF41-2DFDF839DC5C} folder moved successfully.
C:\Users\bouni\AppData\Local\{63A539B6-E17F-46D6-9F3B-D50591AEAD24} folder moved successfully.
C:\Users\bouni\AppData\Local\{C36316A7-629D-4B67-88B1-F48A1F8A2A80} folder moved successfully.
C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3} folder moved successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
 
OTL by OldTimer - Version 3.2.64.0 log created on 09202012_122514

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 20.09.2012, 11:54   #40
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Joah, soviele Überbleibsel ohne direkte Zugehörigkeit können schonmal Schluckauf bringen .

Cleanup Button in OTL drücken und fertig sind wir .
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.09.2012, 17:27   #41
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Besten Dank für deine Hilfe. Es funktioniert nun fast alles... Es kommen noch paar solche Fehlermeldungen:

-prob1.jpg

Aber das bekomm ich irgendwie schon noch hin ansonsten haue ich dich nochmals per PN oder so... Wirklich nochmals besten Dank für die kompetente Unterstützung, sehr gute Erklärung/Anweisung und tolle Hilfe!

Grüsse
Schwizer

Alt 20.09.2012, 18:55   #42
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Wann kommt die Meldung?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.09.2012, 19:08   #43
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



das kommt wenn ich den pc aufstarte oder abmelde und wieder neu anmelde...

Alt 20.09.2012, 19:35   #44
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Das gehört zur Cyberlink Power Camera oder ähnlicher Software von Cyberlink. Deinstallieren und Neu installieren sollte helfen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.09.2012, 20:09   #45
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Den hab ich weg bekommen, aber mein Rechner ist noch immer recht am Limit... so schlimm wars noch nie... Ich stell mal paar Bilder vom Taskmanager rauf... Alleine Dropbox braucht so viel Arbeitsspeicher... kann doch nicht normal sein?

-taskmanager1.jpg

-taskmanager2.jpg

-taskmanager3.jpg

-taskmanager4.jpg

Es werden die ganze Zeit irgendwelche Indexe und Protokolle gesucht...

Antwort

Themen zu Bundespolizei Trojaner: Systemwiederherstellung durchgeführt
anti-malware, beste, besten, bräuchte, durchgeführt, einfach, eingefangen, entferne, entfernen, gemerkt, gen, google, guten, komplett, komplett entfernen, komplette, laufen, malwarebytes, miteinander, quarantäne, resultate, scan, stelle, systemwiederherstellung, trojaner



Ähnliche Themen: Bundespolizei Trojaner: Systemwiederherstellung durchgeführt


  1. Bundespolizei Trojaner - Weitere Schritte nach Systemwiederherstellung
    Log-Analyse und Auswertung - 04.06.2013 (18)
  2. GVU Trojaner, Win 7, Systemwiederherstellung durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (11)
  3. Bundespolizei Trojaner - Systemwiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (2)
  4. Wie lösche ich endgültig den GVU-Trojaner? Systemwiederherstellung bereits durchgeführt.
    Plagegeister aller Art und deren Bekämpfung - 19.10.2012 (1)
  5. Bundespolizei Trojaner - Systemwiederherstellung
    Log-Analyse und Auswertung - 16.10.2012 (1)
  6. Bundespolizei-Trojaner mit Windows-Systemwiederherstellung bearbeitet ?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (32)
  7. BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt?
    Log-Analyse und Auswertung - 26.07.2012 (1)
  8. S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?
    Log-Analyse und Auswertung - 25.07.2012 (30)
  9. BKA-Trojaner / Systemwiederherstellung durchgeführt / OTL.txt & EXTRAS.txt
    Log-Analyse und Auswertung - 25.07.2012 (2)
  10. Hatte einen Virus oder Wurm und habe Systemwiederherstellung durchgeführt!
    Log-Analyse und Auswertung - 23.07.2012 (1)
  11. Bundespolizei-Trojaner - Systemwiederherstellung durchgeführt - Sytem sauber? logs inside
    Log-Analyse und Auswertung - 19.07.2012 (28)
  12. Bundespolizei Trojaner - weg nach Systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  13. Bundespolizei Trojaner Otl-Scan wurde durchgeführt, brauche Hilfe!
    Log-Analyse und Auswertung - 19.03.2012 (9)
  14. Trojaner 'System check' eingefangen, Sony Vaio Systemwiederherstellung durchgeführt -> ausreichend?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (4)
  15. Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm
    Log-Analyse und Auswertung - 02.03.2012 (27)
  16. Bundespolizei Trojaner Systemwiederherstellung und jetzt?
    Plagegeister aller Art und deren Bekämpfung - 18.02.2012 (30)
  17. Bundespolizei-Trojaner nach Systemwiederherstellung
    Log-Analyse und Auswertung - 12.08.2011 (34)

Zum Thema Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - nachdem ich in OTL den CleanUp Button gedrückt habe und ein Neustart durchgeführt habe wird mein Desktophintergrund nicht mehr angezeigt und keine Bilder werden mehr in der Vorschau gezeigt... Ich - Bundespolizei Trojaner: Systemwiederherstellung durchgeführt...
Archiv
Du betrachtest: Bundespolizei Trojaner: Systemwiederherstellung durchgeführt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.