| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei Trojaner: Systemwiederherstellung durchgeführtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
13.09.2012, 15:28
| #1 |
 |  Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Guten Tag miteinander, ich habe mir den Bundespolizei Trojaner eingefangen und nach einer Systemwiederherstellung sieht mein PC wieder normal aus, ist einfach viel langsamer. Nach Recherche in Google habe ich gemerkt, dass dieser Trojaner eventuell damit nicht aus der Welt ist. Ich bräuchte drigend Hilfe, da ich nicht weiss wie ich diesen Trojaner komplett entfernen kann. Ich lasse gerade einen kompletten Scan mit Malwarebytes Anti-Malware 1.65 laufen und werde die allfällligen Resultate unter Quarantäne stellen. Wie gehe ich am Besten weiter vor? Besten Dank bereits im Voraus. Schwizer |
|
16.09.2012, 07:36
| #2 |
| /// the machine /// TB-Ausbilder    | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Hi,
__________________Sorry für die Verspätung. Brauchst Du immer noch Hilfe?
__________________ |
|
17.09.2012, 09:38
| #3 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt ich hab mehrere Viren gefunden, aber ich weiss einfach nicht ob ich alles erwischt habe... wäre also sehr froh über hilfe...
__________________ |
|
17.09.2012, 10:14
| #4 |
| /// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.09.2012, 15:35
| #5 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Schritt 1: Fehlermeldung Defogger defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:59 on 17/09/2012 (bouni) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU  AEMON Tools Lite -> RemovedChecking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- |
|
17.09.2012, 15:41
| #6 |
| /// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Lass defogger sein und mach den Rest 
__________________ --> Bundespolizei Trojaner: Systemwiederherstellung durchgeführt |
|
17.09.2012, 16:01
| #7 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Schritt 2: OTL.txt:OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 17.09.2012 16:39:02 - Run 1 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\bouni\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 57.47% Memory free 6.19 Gb Paging File | 4.73 Gb Available in Paging File | 76.35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286.54 Gb Total Space | 49.41 Gb Free Space | 17.24% Space Free | Partition Type: NTFS Drive D: | 11.54 Gb Total Space | 1.28 Gb Free Space | 11.12% Space Free | Partition Type: NTFS Computer Name: BOUNIS_SKLAVE | User Name: bouni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2011.06.01 20:28:14 | 001,545,144 | ---- | M] (MusicLab, LLC) -- C:\Programme\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\TV\TVAgent.exe PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.12.16 17:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe PRC - [2008.10.26 22:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008.07.14 19:15:10 | 000,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpAgent.exe PRC - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe PRC - [2008.06.19 13:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.06.19 13:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2001.12.29 09:10:00 | 000,106,561 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.) -- C:\Programme\WinZip\WZQKPICK.EXE ========== Modules (No Company Name) ========== MOD - [2012.06.14 03:44:08 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll MOD - [2012.06.14 03:40:36 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 03:40:28 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.14 03:40:13 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.14 03:39:16 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.05.12 18:29:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.11 15:13:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.11 15:12:28 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll MOD - [2012.05.11 15:12:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 15:11:43 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.05.11 15:11:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.11 15:10:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.04.22 22:53:22 | 000,267,656 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll MOD - [2009.04.22 22:53:22 | 000,124,288 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll MOD - [2009.04.22 22:53:22 | 000,038,184 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll MOD - [2009.04.22 22:53:20 | 000,349,480 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll MOD - [2009.04.22 22:52:56 | 000,066,856 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.30 06:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2008.09.25 18:42:26 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.06.19 13:10:46 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll ========== Services (SafeList) ========== SRV - [2012.09.13 15:07:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.09.10 10:46:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) SRV - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe -- (STacSV) SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe -- (AESTFilters) SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.03.23 15:15:57 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.10.26 22:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008.09.19 22:21:00 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.09.16 10:33:38 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.09.04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.08.07 19:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.08.06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = hxxp://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*hxxp://www.yahoo.com/ext/search/search.html IE - HKLM\..\SearchScopes,DefaultScope = {2FA475CC-D5AC-45D5-8E4F-C87F8622E920} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {2FA475CC-D5AC-45D5-8E4F-C87F8622E920} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{7E82651D-3339-4882-9925-8DEA2110B4C1}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.uzh.ch:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaultthis.engineName: "P2P Max DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=297&systemid=2&q=" FF - prefs.js..network.proxy.ftp: "proxy.uzh.ch" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "proxy.uzh.ch" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.ssl: "proxy.uzh.ch" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\bouni\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\bouni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.04.15 17:30:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.07.31 21:30:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009.04.15 17:30:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M] [2011.08.06 18:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions [2009.07.05 01:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.08.24 11:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions [2011.08.06 18:19:53 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} [2012.08.24 11:53:52 | 000,005,143 | ---- | M] () (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\extensions\50374ef51ab48@50374ef51ab81.info.xpi [2009.06.25 16:06:48 | 000,000,882 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\conduit.xml [2011.03.23 15:16:17 | 000,002,059 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\daemon-search.xml [2012.09.10 09:09:33 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-1.xml [2010.06.24 11:16:05 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-10.xml [2010.06.30 22:21:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-11.xml [2010.07.23 14:49:29 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-12.xml [2010.07.31 12:55:31 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-13.xml [2010.09.14 23:23:27 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-14.xml [2010.09.15 00:34:48 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-15.xml [2010.10.19 00:14:40 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-16.xml [2010.10.26 20:41:07 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-17.xml [2010.11.03 15:44:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-18.xml [2009.10.27 02:04:43 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-2.xml [2009.10.31 14:52:58 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-3.xml [2009.10.31 20:24:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-4.xml [2009.12.17 15:08:15 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-5.xml [2010.01.09 03:13:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-6.xml [2010.02.22 13:36:01 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-7.xml [2010.02.22 23:09:26 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-8.xml [2010.04.08 16:29:00 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-9.xml [2009.09.17 14:30:04 | 000,000,944 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin.xml [2011.08.06 18:19:40 | 000,002,497 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\SearchResults.xml [2012.09.10 10:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.10 10:45:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.09.04 20:24:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.09.10 10:46:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.19 18:57:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 00:29:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.19 18:57:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.19 18:57:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.06 18:19:40 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2012.03.19 18:57:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.19 18:57:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programme\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programme\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC) O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\bouni\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\bouni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61ABEAFE-2C63-4028-92C1-6054469D099F}: DhcpNameServer = 138.188.101.189 138.188.101.186 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A6DB7DB-9D69-4D6A-A380-042076FFC470}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17B5496-B4DD-41C3-A52E-F53B3BB08079}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\Programme\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC) O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\Programme\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.17 16:26:58 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe [2012.09.17 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C5821B4A-8511-43AF-8B5D-D622502EA73D} [2012.09.16 16:22:17 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D4EBCAA6-9A2B-4F22-8A2C-651284825738} [2012.09.16 04:22:06 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{982B131E-8B81-4992-80C4-77705240AED3} [2012.09.15 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{21A47432-A0FA-46DF-96EC-2CDCDAE1DCAF} [2012.09.14 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{7ACA0C7A-A3DA-44B7-A39F-83D1DA402BE5} [2012.09.13 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Roaming\Malwarebytes [2012.09.13 16:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.13 16:06:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.13 16:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.13 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.13 15:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.13 15:35:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.13 15:20:16 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{B242B18C-13B2-4445-AE10-1685CD71D494} [2012.09.13 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{3C6572FF-8669-4D7C-8878-FA857A234A4D} [2012.09.13 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{34F32623-48EC-4FDE-9673-A5A86DF55E4E} [2012.09.10 10:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.10 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{E333967A-E26F-44A0-B0B8-A84E8F11372F} [2012.09.06 14:38:45 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{447CA8C4-7195-4BE3-8BFB-0A3106B47C84} [2012.09.02 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{9950D904-A89D-423F-9DE3-50A1440FDED9} [2012.08.31 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C6F2F373-AB5A-42F5-BF33-5F2F682F2F17} [2012.08.31 03:50:59 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{0B8D096C-0518-4611-AF41-2DFDF839DC5C} [2012.08.28 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{63A539B6-E17F-46D6-9F3B-D50591AEAD24} [2012.08.26 11:54:13 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C36316A7-629D-4B67-88B1-F48A1F8A2A80} [2012.08.24 11:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012.08.24 11:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2012.08.24 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3} [2012.08.20 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D81A48AD-FF8C-43BF-B4DB-3792419B850B} ========== Files - Modified Within 30 Days ========== [2012.09.17 16:28:00 | 000,148,992 | ---- | M] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe [2012.09.17 16:07:04 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.09.17 16:03:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.17 16:03:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.17 16:02:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.17 16:02:46 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys [2012.09.17 16:01:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.09.17 16:00:25 | 000,000,176 | ---- | M] () -- C:\Users\bouni\defogger_reenable [2012.09.17 15:56:54 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job [2012.09.17 15:56:46 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.09.15 16:23:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job [2012.09.14 23:49:09 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job [2012.09.13 15:54:59 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.09.13 15:35:57 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.13 15:21:14 | 000,670,756 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2012.09.13 15:21:14 | 000,664,232 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2012.09.13 15:21:14 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.13 15:21:14 | 000,127,046 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2012.09.13 15:21:14 | 000,123,888 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2012.09.13 15:21:13 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.13 15:21:13 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.13 15:21:13 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.13 15:14:29 | 357,470,126 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.03 01:39:35 | 000,007,592 | ---- | M] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat [2012.08.24 09:37:45 | 000,392,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.09.17 15:59:59 | 000,000,176 | ---- | C] () -- C:\Users\bouni\defogger_reenable [2012.09.15 15:35:35 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job [2012.09.13 15:35:57 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.05.03 16:28:48 | 000,000,043 | ---- | C] () -- C:\Users\bouni\gsview32.ini [2010.07.31 13:19:02 | 001,102,070 | ---- | C] () -- C:\Users\bouni\Foto.JPG [2010.05.10 14:58:09 | 003,649,774 | ---- | C] () -- C:\Users\bouni\AppData\Local\tmp031.JPG [2010.03.17 17:26:01 | 002,220,931 | ---- | C] () -- C:\Users\bouni\Jahresergebnis Swissquote 2009.pdf [2010.03.15 22:28:33 | 000,023,552 | ---- | C] () -- C:\Users\bouni\AppData\Local\WebpageIcons.db [2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips [2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Chorus [2010.03.01 20:10:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT [2010.03.01 20:10:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Horn Section [2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa [2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Classic Thick [2010.03.01 20:10:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Basic [2010.03.01 20:07:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tribal Masks [2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Trance Pad [2010.03.01 19:56:24 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Treble Reduction [2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Themes [2010.03.01 19:53:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009.10.09 07:13:49 | 000,000,331 | ---- | C] () -- C:\Users\bouni\Zuletzt besuchte Orte - Verknüpfung.lnk [2009.05.24 23:57:44 | 000,007,592 | ---- | C] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat [2009.04.19 20:06:29 | 000,148,992 | ---- | C] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.15 17:34:37 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.04.15 17:31:02 | 000,000,020 | ---- | C] () -- C:\Users\bouni\ho.dir [2009.04.15 17:21:04 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== LOP Check ========== [2011.03.23 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DAEMON Tools Lite [2009.04.15 16:57:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DigitalPersona [2012.09.17 16:07:37 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Dropbox [2011.05.11 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\ICAClient [2012.05.15 23:23:51 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Kalypso Media [2011.05.01 21:23:27 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\LimeWire [2009.11.08 22:16:14 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\My Games [2010.03.01 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Nikon [2011.07.31 22:15:35 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Swiss Academic Software [2012.08.24 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\uTorrent [2011.07.17 14:40:03 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\xm1 [2012.09.14 23:49:09 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job [2012.09.17 15:56:54 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job [2012.09.17 16:01:44 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > --- --- --- Extras.txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.09.2012 16:39:02 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\bouni\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 57.47% Memory free
6.19 Gb Paging File | 4.73 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.54 Gb Total Space | 49.41 Gb Free Space | 17.24% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.28 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Computer Name: BOUNIS_SKLAVE | User Name: bouni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C15A9D-8F55-49A1-8763-DD50C067A94B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{506F0F08-0F4A-417C-AC33-0CFFDC45F7F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51FBABD3-2757-44DE-88F8-CC556AD92690}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{547CBC1A-EF2A-4975-AAFB-6A0E3A815B93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{715FD81B-5F45-443A-A6E5-41EE0B1D85CC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{762A524A-8AEF-4767-AB16-8FDCC086BDC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80EA4B6C-5CD2-497C-9C74-C25E78F1C30E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8EFC4CA0-57B0-41B6-A0EE-F287EE4EA02F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9674282F-4D31-48E8-9F9E-AA5E2ED9B752}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB6F3520-CF03-4121-8A90-E526DF999B42}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA9746FC-D17E-47EF-BDF9-AA83FA7F68DD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7BCEB60-DCC1-4B67-AD62-A85DF42EEBA3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D0FE787D-B517-4903-814C-E04D3FD03F48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D7EA3DFF-1484-4DE9-8502-02D02BCDD2F5}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0689D1BD-190C-48BA-8818-659ADBB5DE5E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0E882CE3-23E6-4880-BD0B-3E55455BA302}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{138F4406-DF95-43AD-B520-1919FD1CE20A}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{17497125-D3C7-4D65-B315-42E286E623AD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1D2F3453-279B-4AA0-AB8B-3B00ADD4428C}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{22DCCE25-CF44-4010-B834-0F5EBF9213A5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{22E84526-AE50-4F76-A9C3-3196CAF62C53}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{26644CD7-4016-48DC-9CC1-C32572ED3BBE}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{28704DA9-3D49-40C5-BECF-56802EFADF12}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2CFCA520-1D60-4FDB-AF74-E33017B2E28F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E8A590F-EBE2-4F55-A3FE-8F038365C13C}" = protocol=6 | dir=out | app=system |
"{33CFCE48-31A2-4A0A-9776-663C459C76CF}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe |
"{3C844911-F7B8-419E-B29B-A61BC08C8F02}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{3CD7B5C5-8AC0-4FA1-BAAE-B34DF8F4DD69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49D55AD7-2B95-45FB-BA4D-B182694E5EB8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CFBC55D-A2CD-4C50-9933-F36CAAEAAE72}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe |
"{50ACE72B-861C-454C-B6FE-ECD1CC5AC237}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50B8C698-1ACD-41AC-9553-FAB5C7B3F1C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53B8021C-42CB-4AFF-A375-A9D52AFA7A1C}" = dir=in | app=c:\program files\kalypso media\port royale 3\portroyale3.exe |
"{543CE704-9646-420F-B697-40EF0B103ECF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5C04EC6D-F925-478E-83B0-7F7C20AAAF0B}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{5EB804B6-655E-4FEF-BE7F-B66725AE2DDF}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{6B212D2C-3C7A-40F6-B848-F279DC8A8D53}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6B984457-3D28-45EC-9212-520BAB72FB4F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6BBD79D0-6D84-4E2D-B5EA-C93464ADECB1}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{6C92E4C4-06D4-4349-A7A4-1FA874819A71}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{71E421CE-F2A6-4DD4-B601-B7C4F1C73340}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{7342C563-DD90-4F93-A04A-FD0DD7ED4110}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{76D12B88-59B8-432A-8F28-14EEDC3BD373}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{77BECCEE-A24E-4200-B546-DBD733BFA569}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7863272F-64FD-43C5-B063-CA5EFC280C25}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{7EAB05BE-FFB6-4EAE-BCA2-F8F21CEC45B4}" = protocol=17 | dir=in | app=c:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe |
"{85303843-6E31-4C30-8549-16BB9F809A17}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{8BADCF3B-C598-4450-85BE-6D8A380F2414}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{8F0D8D8B-7CD1-4954-AD8B-BEC45EBA483D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{8F774128-195B-4BB8-AF9D-985C8B9A6CF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9100115F-A614-4492-B8C7-FEC46CA34A28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96436EAA-1F71-4EE0-B4CB-FB798BCFB3D0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6468FC9-B981-4F04-BDCB-D4038FC3EC0F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A69D0920-2D52-4F43-9725-FAACE08065E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDC94A67-02F6-429D-87E0-99FBB8870DF3}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BE0A7592-F696-4683-B06D-D009D3160A63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2565B7E-4BCC-479C-B1DD-DA9B396B478E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8D0447C-8B97-419F-856F-50B7A256710B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{C9353610-CEE5-45A2-9A84-3CEB45811AA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA4C2122-C4E5-4862-A17E-8C889FA29D2A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D104514C-DE9E-4F4D-BA22-233B45D5FC29}" = protocol=6 | dir=in | app=c:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe |
"{D6065407-3A05-4C28-93FD-533B6A257209}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{DF49B332-B1AD-4070-AA1B-746746C640B5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E35DE446-F2FE-49AC-AC31-97A7AD40B366}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{E574B0BD-86AE-4CD4-B6D6-9464035DD8DF}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{E6286C4F-B940-42D1-A2AD-F21C3AE3A866}" = dir=in | app=c:\users\bouni\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{E668F6D6-1443-4B4F-9ACD-0E9EF9D3FE3C}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{E6E88113-6D14-4502-A515-78F451F75294}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F15547BB-B0F2-4426-8B73-3B747C9DFFFC}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{F1C5E355-FA6E-4088-B88E-9D5C89B5F239}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F3661BE2-7586-4E62-89FC-0DF2612FEFD2}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe |
"{F416409C-FC9F-4E89-BE9B-9FAAB150B8E2}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{FDBF19C9-478A-4584-BACA-F9AD44A6DECE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{00EFC803-14AC-43FF-9992-C6477574F743}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{0E23DE26-0094-4453-B2A9-6401ECF5D130}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{131F49DE-6640-42BA-9FBA-BE940D0EF453}C:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{5D3C0669-82BB-4D82-A814-FD45E2610311}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{6AB99FC3-B327-44E4-BB7A-7D853DCF2ED3}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{86C5B1EC-9A81-4274-BEF1-2646168111F7}C:\program files\steam\steamapps\exclusive_thinking\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\exclusive_thinking\condition zero\hl.exe |
"TCP Query User{CEA16382-8A3B-49D3-A692-39FC308A41BE}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{EE621271-9E06-4800-88C6-D31C81428A93}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{632A013D-6197-4ABD-9480-79F59B6FB191}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{86F5DBFA-B2B3-4E8B-95C6-A3392310637C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{8C80409F-D84B-4BCB-9762-3B2E74EA2EB9}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{9865C006-DABE-4801-A1E6-113DE73B629D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B5568C0B-C816-4C80-9B45-AF85EEF21C17}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C8DC7BCB-D439-4034-8996-2514D1217E9C}C:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bouni\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{CB0CBA55-945C-4BEE-AD3E-B111BB3DD955}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{E18A687C-C184-4EAF-B2EB-B8493B2E5FFA}C:\program files\steam\steamapps\exclusive_thinking\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\exclusive_thinking\condition zero\hl.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011F0}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63C2981B-6E59-4514-8FC8-3C7A6368D0AE}" = HP User Guides 0126
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68DED384-1F74-4AEE-8B8E-95AF15572FE3}" = Port Royale 3
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E6C0842-AD82-40A3-A9EE-30BE62877379}" = Brother HL-3070CW
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CB775ADB-847D-41AD-9CB8-D691FA013F40}" = BibTexMng
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D865F5F2-3C79-4C3C-888A-485AF486E782}" = DigitalPersona Personal 3.1.0
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B7F5C5-D10D-458E-B02C-DA70320A00CC}" = Opexar
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BearShare 2 MediaBar" = MediaBar
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GSview 4.9" = GSview 4.9
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MatlabR2010a" = MATLAB R2010a
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"R for Windows 2.9.2_is1" = R for Windows 2.9.2
"Steam App 80" = Condition Zero
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.9
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.05.2011 14:34:22 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1154
Error - 25.05.2011 14:34:22 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1154
Error - 25.05.2011 15:40:19 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.05.2011 15:40:19 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3958635
Error - 25.05.2011 15:40:19 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3958635
Error - 25.05.2011 15:40:21 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.05.2011 15:40:21 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3959867
Error - 25.05.2011 15:40:21 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3959867
Error - 25.05.2011 15:40:23 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.05.2011 15:40:23 | Computer Name = bounis_sklave | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3962425
[ Cisco AnyConnect VPN Client Events ]
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2460 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2116 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7411 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5559 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5274
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:11:22 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::Notify File: .\MainThread.cpp Line: 6000 Invoked
Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 13.09.2012 08:30:02 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 13.09.2012 08:55:19 | Computer Name = bounis_sklave | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 13.09.2012 11:26:35 | Computer Name = BOUNIS_SKLAVE | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
[ DigitalPersona Pro Events ]
Error - 07.10.2009 06:48:20 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 07.10.2009 06:48:21 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 02.11.2010 15:42:24 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 02.11.2010 15:42:31 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 02.11.2010 15:42:34 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
Error - 28.11.2011 18:47:17 | Computer Name = bounis_sklave | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
[ System Events ]
Error - 17.09.2012 10:04:55 | Computer Name = bounis_sklave | Source = Service Control Manager | ID = 7000
Description =
Error - 17.09.2012 10:05:25 | Computer Name = bounis_sklave | Source = DCOM | ID = 10005
Description =
Error - 17.09.2012 10:05:27 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description =
Error - 17.09.2012 10:05:27 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 17.09.2012 10:05:29 | Computer Name = bounis_sklave | Source = Service Control Manager | ID = 7009
Description =
Error - 17.09.2012 10:05:29 | Computer Name = bounis_sklave | Source = Service Control Manager | ID = 7000
Description =
Error - 17.09.2012 10:05:43 | Computer Name = bounis_sklave | Source = DCOM | ID = 10016
Description =
Error - 17.09.2012 10:08:10 | Computer Name = bounis_sklave | Source = Service Control Manager | ID = 7011
Description =
Error - 17.09.2012 10:20:09 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =
Error - 17.09.2012 10:20:14 | Computer Name = bounis_sklave | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =
< End of report >
|
|
17.09.2012, 16:19
| #8 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Ich kann Schritt 3 nicht ausführen (GMER), folgende Fehlermeldung erscheint jeweils:  Habe ich nicht alle Programme geschlossen? |
|
17.09.2012, 18:00
| #9 | |
| /// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Bist Du mit dem Rechner auf ner Uni in der Schweiz unterwegs? Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.09.2012, 19:55
| #10 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Zu diesem Zeitpunkt war ich nicht an der Uni, aber hatte den Laptop die ganze letzte Woche an der Uni... Woran hast du das gesehen? Ich kann deine neuste Anweisung erst Morgen machen Besten Dank und schönen Abend Grüsse Michael |
|
17.09.2012, 20:04
| #11 |
| /// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Die Frage war eher allgemein gehalten, weil ich Proxy-Einträge der Uni sehe. Also entweder du gehst zu der Uni und dort ab und an mal Online, oder ich hau die Einträge raus 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.09.2012, 15:25
| #12 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt ja, ich studiere und daher der proxy... hier das resultat: Combofix Logfile: Code:
ATTFilter ComboFix 12-09-18.05 - bouni 18.09.2012 16:02:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.41.1031.18.3068.1585 [GMT 2:00]
ausgeführt von:: c:\users\bouni\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
c:\users\bouni\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-18 bis 2012-09-18 ))))))))))))))))))))))))))))))
.
.
2012-09-18 14:13 . 2012-09-18 14:13 -------- d-----w- c:\users\not admin\AppData\Local\temp
2012-09-18 14:13 . 2012-09-18 14:13 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-09-18 14:13 . 2012-09-18 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-13 14:07 . 2012-09-13 14:07 -------- d-----w- c:\users\bouni\AppData\Roaming\Malwarebytes
2012-09-13 14:06 . 2012-09-13 14:06 -------- d-----w- c:\programdata\Malwarebytes
2012-09-13 13:35 . 2012-09-13 13:35 -------- d-----w- c:\program files\Common Files\Skype
2012-09-13 13:35 . 2012-09-13 13:35 -------- d-----r- c:\program files\Skype
2012-08-24 09:55 . 2012-08-24 09:55 -------- d-----w- c:\programdata\Premium
2012-08-24 09:55 . 2012-08-24 09:55 -------- d-----w- c:\programdata\InstallMate
2012-08-21 22:20 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-20 20:44 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 23:03 . 2011-03-28 16:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-05 20:06 . 2012-08-12 17:45 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-05 20:06 . 2010-05-27 16:24 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-10 08:46 . 2012-09-10 08:45 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-06-01 18:28 1236400 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-05-30 13:48 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bouni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bouni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bouni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-04 1353080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Facebook Update"="c:\users\bouni\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-25 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-25 189736]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-07-14 814144]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-22 206120]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-05-19 3618104]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-10-26 450659]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-19 13593120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-19 92704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\bouni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-7 106561]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\aestsrv.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLDEBAD6BE
*NewlyCreated* - UWDDQUOG
*Deregistered* - MpKsldebad6be
*Deregistered* - uwddquog
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job
- c:\users\bouni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 21:44]
.
2012-09-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job
- c:\users\bouni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-08 21:44]
.
2012-09-15 c:\windows\Tasks\HPCeeScheduleForbouni.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-12-16 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = proxy.uzh.ch:3128
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://www.yahoo.com
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=297&systemid=2&q=
FF - prefs.js: network.proxy.ftp - proxy.uzh.ch
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - proxy.uzh.ch
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.ssl - proxy.uzh.ch
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-UCam_Menu - c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdatePDIRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-18 16:14
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\DPPWDFLT.dll
.
Zeit der Fertigstellung: 2012-09-18 16:17:49
ComboFix-quarantined-files.txt 2012-09-18 14:17
.
Vor Suchlauf: 8 Verzeichnis(se), 51'848'261'632 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 54'020'321'280 Bytes frei
.
- - End Of File - - A93E9FFCC48E34AD8EF212213E1C0373
|
|
18.09.2012, 16:32
| #13 |
| /// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Hi, Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.09.2012, 19:03
| #14 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Ich kann aswMBR.exe nicht richtig ausführen, folgende Fehlermeldung kommt:  Werde jetzt adwcleaner ausführen. Was soll ich wegen aswMBR machen? |
|
18.09.2012, 19:06
| #15 |
| | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Hier der Inhalt der Textdatei erstellt durch adwcleaner: # AdwCleaner v2.002 - Datei am 09/18/2012 um 20:05:06 erstellt # Aktualisiert am 16/09/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : bouni - BOUNIS_SKLAVE # Bootmodus : Normal # Ausgeführt unter : C:\Users\bouni\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml Datei Gefunden : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\searchplugins\Conduit.xml Datei Gefunden : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\searchplugins\daemon-search.xml Datei Gefunden : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\searchplugins\SearchResults.xml Ordner Gefunden : C:\ProgramData\boost_interprocess Ordner Gefunden : C:\ProgramData\InstallMate Ordner Gefunden : C:\ProgramData\Premium Ordner Gefunden : C:\Users\bouni\AppData\Local\bearshare Ordner Gefunden : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\Conduit Ordner Gefunden : C:\Users\Gast\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\not admin\AppData\LocalLow\Conduit ***** [Registrierungsdatenbank] ***** Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKU\S-1-5-21-1467267554-1309951501-3268280892-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v15.0 (de) Profilname : default Datei : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\prefs.js Gefunden : user_pref("browser.search.defaultenginename", "Search Results"); Gefunden : user_pref("browser.search.defaultthis.engineName", "P2P Max DE Customized Web Search"); Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&Sea[...] Gefunden : user_pref("browser.search.order.1", "Search Results"); Gefunden : user_pref("extensions.50374ef51abf6.scode", "(function(){try{if('aol.com,mystart.incredibar.com,prem[...] Gefunden : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=297&systemid=2&q="); Profilname : default Datei : C:\Users\not admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l1nb8iv.default\prefs.js [OK] Die Datei ist sauber. Profilname : default Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\z07ogyjd.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [3976 octets] - [18/09/2012 20:05:06] ########## EOF - C:\AdwCleaner[R1].txt - [4036 octets] ########## |
|
| Themen zu Bundespolizei Trojaner: Systemwiederherstellung durchgeführt |
| anti-malware, beste, besten, bräuchte, durchgeführt, einfach, eingefangen, entferne, entfernen, gemerkt, gen, google, guten, komplett, komplett entfernen, komplette, laufen, malwarebytes, miteinander, quarantäne, resultate, scan, stelle, systemwiederherstellung, trojaner |
Linear-Darstellung
