Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei Trojaner: Systemwiederherstellung durchgeführt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 18.09.2012, 19:38   #16
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.


Aswmbr mit rechtsklick gestartet? Versuchs nochmal, bei der frage nach dem scannen mit avast engine nein anklicken.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.09.2012, 21:21   #17
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Ich hab aswmbr mit einem doppelklick gestartet (alle offenen Programme habe ich geschlossen) aber anschliessend als Admin die Berechtigung gegeben aswmbr auszuführen.

Bei dem letzten Lauf wurde der Computer Heruntergefahren, um ihn vor einer Beschädigung zu bewahren (blaue Fehlermeldung über den gesamten Bildschirm). Irgendwie läuft dieses Programm nicht korrekt auf meinem Rechner...

Ich will es ehrlich gesagt nicht nochmals laufen lassen, da sich mein Rechner zimlich harsch abgewürgt hat.
__________________


Alt 18.09.2012, 21:22   #18
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



ok dann nur das andere.
__________________
__________________

Alt 18.09.2012, 21:44   #19
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Das Andere habe ich bereits gepostet. Besten Dank.

Alt 19.09.2012, 04:43   #20
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Nö der Schritt mit AdwCleaner und löschen fehlt . Und dann bitt ein frisches OTL logfile.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.09.2012, 09:44   #21
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Tut mir leid, war gestern nicht mehr ganz auf der Höhe

Code:
ATTFilter
# AdwCleaner v2.002 - Datei am 09/19/2012 um 10:30:17 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : bouni - BOUNIS_SKLAVE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\bouni\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\searchplugins\daemon-search.xml
Datei Gelöscht : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\searchplugins\SearchResults.xml
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\bouni\AppData\Local\bearshare
Ordner Gelöscht : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\Conduit
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\not admin\AppData\LocalLow\Conduit

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\Software\Conduit
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\prefs.js

C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "P2P Max DE Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("extensions.50374ef51abf6.scode", "(function(){try{if('aol.com,mystart.incredibar.com,prem[...]
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=297&systemid=2&q=");

Profilname : default 
Datei : C:\Users\not admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l1nb8iv.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\z07ogyjd.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4105 octets] - [18/09/2012 20:05:06]
AdwCleaner[S1].txt - [4463 octets] - [19/09/2012 10:30:17]

########## EOF - C:\AdwCleaner[S1].txt - [4523 octets] ##########
         

Alt 19.09.2012, 10:30   #22
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Bitte noch ein frisches OTL logfile. Noch Probleme mit dem Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.09.2012, 10:56   #23
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Mein Computer macht einen ziemlich guten Eindruck. Ist er jetzt wieder sauber?

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.09.2012 11:45:27 - Run 2
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\bouni\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 55.54% Memory free
6.19 Gb Paging File | 4.78 Gb Available in Paging File | 77.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.54 Gb Total Space | 49.73 Gb Free Space | 17.36% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.28 Gb Free Space | 11.13% Space Free | Partition Type: NTFS
 
Computer Name: BOUNIS_SKLAVE | User Name: bouni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.12.16 17:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe
PRC - [2008.10.26 22:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe
PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008.07.14 19:15:10 | 000,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpAgent.exe
PRC - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe
PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe
PRC - [2008.06.19 13:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.06.19 13:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2001.12.29 09:10:00 | 000,106,561 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.) -- C:\Programme\WinZip\WZQKPICK.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 03:44:08 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.14 03:40:36 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:40:28 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 03:40:13 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 03:39:16 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.12 18:29:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.11 15:13:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 15:12:28 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012.05.11 15:12:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 15:11:43 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.11 15:11:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 15:10:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.04.22 22:52:56 | 000,066,856 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 06:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008.09.25 18:42:26 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.06.30 01:10:18 | 000,028,672 | ---- | M] () -- C:\Programme\CyberLink\Shared files\richvideops.dll
MOD - [2008.06.19 13:10:46 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.13 15:07:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.10 10:46:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe -- (STacSV)
SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe -- (AESTFilters)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\bouni\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.03.23 15:15:57 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.10.26 22:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.19 22:21:00 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.16 10:33:38 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.09.04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.08.07 19:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.08.06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = hxxp://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*hxxp://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{7E82651D-3339-4882-9925-8DEA2110B4C1}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.uzh.ch:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.ftp: "proxy.uzh.ch"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "proxy.uzh.ch"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy.uzh.ch"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\bouni\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\bouni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.04.15 17:30:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.07.31 21:30:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009.04.15 17:30:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M]
 
[2011.08.06 18:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions
[2009.07.05 01:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.08.24 11:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions
[2011.08.06 18:19:53 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2012.08.24 11:53:52 | 000,005,143 | ---- | M] () (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\extensions\50374ef51ab48@50374ef51ab81.info.xpi
[2012.09.10 09:09:33 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-1.xml
[2010.06.24 11:16:05 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-10.xml
[2010.06.30 22:21:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-11.xml
[2010.07.23 14:49:29 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-12.xml
[2010.07.31 12:55:31 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-13.xml
[2010.09.14 23:23:27 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-14.xml
[2010.09.15 00:34:48 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-15.xml
[2010.10.19 00:14:40 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-16.xml
[2010.10.26 20:41:07 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-17.xml
[2010.11.03 15:44:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-18.xml
[2009.10.27 02:04:43 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-2.xml
[2009.10.31 14:52:58 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-3.xml
[2009.10.31 20:24:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-4.xml
[2009.12.17 15:08:15 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-5.xml
[2010.01.09 03:13:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-6.xml
[2010.02.22 13:36:01 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-7.xml
[2010.02.22 23:09:26 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-8.xml
[2010.04.08 16:29:00 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-9.xml
[2009.09.17 14:30:04 | 000,000,944 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin.xml
[2012.09.10 10:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.10 10:45:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.09.04 20:24:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.09.10 10:46:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.19 18:57:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 00:29:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.19 18:57:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 18:57:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 18:57:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 18:57:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.09.18 16:14:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programme\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programme\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\bouni\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\bouni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61ABEAFE-2C63-4028-92C1-6054469D099F}: DhcpNameServer = 138.188.101.189 138.188.101.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A6DB7DB-9D69-4D6A-A380-042076FFC470}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17B5496-B4DD-41C3-A52E-F53B3BB08079}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.18 19:21:00 | 000,000,000 | ---D | C] -- C:\Users\bouni\Documents\EatNow
[2012.09.18 19:07:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\bouni\Desktop\aswMBR.exe
[2012.09.18 16:38:19 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2012.09.18 16:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.09.18 16:18:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.18 16:00:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.18 16:00:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.18 16:00:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.18 16:00:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.09.18 15:59:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.09.18 15:56:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.18 15:56:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.18 15:43:51 | 004,753,347 | R--- | C] (Swearware) -- C:\Users\bouni\Desktop\ComboFix.exe
[2012.09.17 16:26:58 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe
[2012.09.17 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C5821B4A-8511-43AF-8B5D-D622502EA73D}
[2012.09.16 16:22:17 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D4EBCAA6-9A2B-4F22-8A2C-651284825738}
[2012.09.16 04:22:06 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{982B131E-8B81-4992-80C4-77705240AED3}
[2012.09.15 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{21A47432-A0FA-46DF-96EC-2CDCDAE1DCAF}
[2012.09.14 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{7ACA0C7A-A3DA-44B7-A39F-83D1DA402BE5}
[2012.09.13 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Roaming\Malwarebytes
[2012.09.13 16:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.13 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.13 15:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.13 15:35:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.09.13 15:20:16 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{B242B18C-13B2-4445-AE10-1685CD71D494}
[2012.09.13 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{3C6572FF-8669-4D7C-8878-FA857A234A4D}
[2012.09.13 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{34F32623-48EC-4FDE-9673-A5A86DF55E4E}
[2012.09.10 10:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.10 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{E333967A-E26F-44A0-B0B8-A84E8F11372F}
[2012.09.06 14:38:45 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{447CA8C4-7195-4BE3-8BFB-0A3106B47C84}
[2012.09.02 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{9950D904-A89D-423F-9DE3-50A1440FDED9}
[2012.08.31 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C6F2F373-AB5A-42F5-BF33-5F2F682F2F17}
[2012.08.31 03:50:59 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{0B8D096C-0518-4611-AF41-2DFDF839DC5C}
[2012.08.28 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{63A539B6-E17F-46D6-9F3B-D50591AEAD24}
[2012.08.26 11:54:13 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C36316A7-629D-4B67-88B1-F48A1F8A2A80}
[2012.08.24 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3}
[2012.08.20 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D81A48AD-FF8C-43BF-B4DB-3792419B850B}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.19 11:49:04 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job
[2012.09.19 10:35:01 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.19 10:32:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 10:32:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 10:31:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.19 10:31:43 | 3216,232,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.19 10:30:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.19 10:27:59 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.09.18 23:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job
[2012.09.18 22:06:48 | 335,088,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.18 20:04:26 | 000,512,737 | ---- | M] () -- C:\Users\bouni\Desktop\adwcleaner.exe
[2012.09.18 20:01:03 | 000,088,396 | ---- | M] () -- C:\Users\bouni\Desktop\Problem2.JPG
[2012.09.18 19:07:41 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\bouni\Desktop\aswMBR.exe
[2012.09.18 17:32:31 | 000,149,504 | ---- | M] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.18 16:34:44 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.09.18 16:34:26 | 000,673,660 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012.09.18 16:34:26 | 000,667,136 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012.09.18 16:34:26 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.18 16:34:26 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.18 16:34:26 | 000,128,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.18 16:34:26 | 000,127,890 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012.09.18 16:34:26 | 000,124,732 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012.09.18 16:34:26 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.18 16:14:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.09.18 15:44:22 | 004,753,347 | R--- | M] (Swearware) -- C:\Users\bouni\Desktop\ComboFix.exe
[2012.09.17 17:49:20 | 000,000,441 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.09.17 17:05:24 | 000,302,592 | ---- | M] () -- C:\Users\bouni\Desktop\eomlqucp.exe
[2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe
[2012.09.17 16:00:25 | 000,000,176 | ---- | M] () -- C:\Users\bouni\defogger_reenable
[2012.09.15 16:23:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job
[2012.09.13 15:35:57 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.03 01:39:35 | 000,007,592 | ---- | M] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat
[2012.08.24 09:37:45 | 000,392,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.18 21:46:20 | 3216,232,448 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.18 20:04:20 | 000,512,737 | ---- | C] () -- C:\Users\bouni\Desktop\adwcleaner.exe
[2012.09.18 20:01:01 | 000,088,396 | ---- | C] () -- C:\Users\bouni\Desktop\Problem2.JPG
[2012.09.18 16:34:35 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.09.18 16:00:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.18 16:00:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.18 16:00:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.18 16:00:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.18 16:00:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.17 17:05:23 | 000,302,592 | ---- | C] () -- C:\Users\bouni\Desktop\eomlqucp.exe
[2012.09.17 15:59:59 | 000,000,176 | ---- | C] () -- C:\Users\bouni\defogger_reenable
[2012.09.15 15:35:35 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job
[2012.09.13 15:35:57 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.05.03 16:28:48 | 000,000,043 | ---- | C] () -- C:\Users\bouni\gsview32.ini
[2010.07.31 13:19:02 | 001,102,070 | ---- | C] () -- C:\Users\bouni\Foto.JPG
[2010.05.10 14:58:09 | 003,649,774 | ---- | C] () -- C:\Users\bouni\AppData\Local\tmp031.JPG
[2010.03.17 17:26:01 | 002,220,931 | ---- | C] () -- C:\Users\bouni\Jahresergebnis Swissquote 2009.pdf
[2010.03.15 22:28:33 | 000,023,552 | ---- | C] () -- C:\Users\bouni\AppData\Local\WebpageIcons.db
[2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips
[2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Chorus
[2010.03.01 20:10:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.03.01 20:10:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Horn Section
[2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa
[2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Classic Thick
[2010.03.01 20:10:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Basic
[2010.03.01 20:07:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tribal Masks
[2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Trance Pad
[2010.03.01 19:56:24 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Treble Reduction
[2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Themes
[2010.03.01 19:53:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009.10.09 07:13:49 | 000,000,331 | ---- | C] () -- C:\Users\bouni\Zuletzt besuchte Orte - Verknüpfung.lnk
[2009.05.24 23:57:44 | 000,007,592 | ---- | C] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat
[2009.04.19 20:06:29 | 000,149,504 | ---- | C] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.15 17:34:37 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.04.15 17:31:02 | 000,000,020 | ---- | C] () -- C:\Users\bouni\ho.dir
[2009.04.15 17:21:04 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== LOP Check ==========
 
[2011.03.23 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DAEMON Tools Lite
[2009.04.15 16:57:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DigitalPersona
[2012.09.19 10:35:28 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Dropbox
[2011.05.11 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\ICAClient
[2012.05.15 23:23:51 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Kalypso Media
[2011.05.01 21:23:27 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\LimeWire
[2009.11.08 22:16:14 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\My Games
[2010.03.01 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Nikon
[2011.07.31 22:15:35 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Swiss Academic Software
[2012.08.24 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\uTorrent
[2011.07.17 14:40:03 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\xm1
[2012.09.18 23:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job
[2012.09.19 11:49:04 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job
[2012.09.19 10:30:46 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 19.09.2012, 11:19   #24
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Schaut gut aus, jetzt scannen wir noch nach Überresten und dann räumen wir auf



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Und dann ein frisches OTL logfile.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.09.2012, 15:30   #25
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Hier was ESET gefunden hat:

Code:
ATTFilter
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll	a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe	a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll	probably a variant of Win32/Toolbar.SearchSuite application
C:\Users\bouni\Downloads\SoftonicDownloader_fuer_utorrent.exe	a variant of Win32/SoftonicDownloader.A application
         


Das neue OTL logfile:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.09.2012 16:15:52 - Run 3
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\bouni\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 41.23% Memory free
6.19 Gb Paging File | 4.62 Gb Available in Paging File | 74.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.54 Gb Total Space | 48.85 Gb Free Space | 17.05% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.28 Gb Free Space | 11.13% Space Free | Partition Type: NTFS
 
Computer Name: BOUNIS_SKLAVE | User Name: bouni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe
PRC - [2012.09.10 10:46:33 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.12.16 17:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe
PRC - [2008.10.26 22:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe
PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008.07.14 19:15:10 | 000,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpAgent.exe
PRC - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe
PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe
PRC - [2008.06.19 13:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.06.19 13:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2001.12.29 09:10:00 | 000,106,561 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.) -- C:\Programme\WinZip\WZQKPICK.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.10 10:46:02 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 03:44:08 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.14 03:40:36 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:40:28 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 03:40:13 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 03:39:16 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.12 18:29:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.11 15:13:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 15:12:28 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012.05.11 15:12:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 15:11:43 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.11 15:11:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 15:10:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.10.17 20:35:51 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.04.22 22:52:56 | 000,066,856 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 06:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008.09.25 18:42:26 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.06.30 01:10:18 | 000,028,672 | ---- | M] () -- C:\Programme\CyberLink\Shared files\richvideops.dll
MOD - [2008.06.19 13:10:46 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.13 15:07:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.10 10:46:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe -- (STacSV)
SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe -- (AESTFilters)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\bouni\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.03.23 15:15:57 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.10.26 22:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.19 22:21:00 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.16 10:33:38 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.09.04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.08.07 19:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.08.06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = hxxp://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*hxxp://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{7E82651D-3339-4882-9925-8DEA2110B4C1}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.uzh.ch:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.ftp: "proxy.uzh.ch"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "proxy.uzh.ch"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy.uzh.ch"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\bouni\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\bouni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.04.15 17:30:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.07.31 21:30:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009.04.15 17:30:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M]
 
[2011.08.06 18:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions
[2009.07.05 01:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.08.24 11:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions
[2011.08.06 18:19:53 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2012.08.24 11:53:52 | 000,005,143 | ---- | M] () (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\extensions\50374ef51ab48@50374ef51ab81.info.xpi
[2012.09.10 09:09:33 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-1.xml
[2010.06.24 11:16:05 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-10.xml
[2010.06.30 22:21:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-11.xml
[2010.07.23 14:49:29 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-12.xml
[2010.07.31 12:55:31 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-13.xml
[2010.09.14 23:23:27 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-14.xml
[2010.09.15 00:34:48 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-15.xml
[2010.10.19 00:14:40 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-16.xml
[2010.10.26 20:41:07 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-17.xml
[2010.11.03 15:44:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-18.xml
[2009.10.27 02:04:43 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-2.xml
[2009.10.31 14:52:58 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-3.xml
[2009.10.31 20:24:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-4.xml
[2009.12.17 15:08:15 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-5.xml
[2010.01.09 03:13:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-6.xml
[2010.02.22 13:36:01 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-7.xml
[2010.02.22 23:09:26 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-8.xml
[2010.04.08 16:29:00 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-9.xml
[2009.09.17 14:30:04 | 000,000,944 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin.xml
[2012.09.10 10:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.10 10:45:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.09.04 20:24:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.09.10 10:46:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.19 18:57:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 00:29:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.19 18:57:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 18:57:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 18:57:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 18:57:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.09.18 16:14:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programme\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programme\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\bouni\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\bouni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61ABEAFE-2C63-4028-92C1-6054469D099F}: DhcpNameServer = 138.188.101.189 138.188.101.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A6DB7DB-9D69-4D6A-A380-042076FFC470}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17B5496-B4DD-41C3-A52E-F53B3BB08079}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.19 12:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.19 12:26:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\bouni\Desktop\esetsmartinstaller_enu.exe
[2012.09.18 19:21:00 | 000,000,000 | ---D | C] -- C:\Users\bouni\Documents\EatNow
[2012.09.18 19:07:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\bouni\Desktop\aswMBR.exe
[2012.09.18 16:38:19 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2012.09.18 16:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.09.18 16:18:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.18 16:00:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.18 16:00:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.18 16:00:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.18 16:00:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.09.18 15:59:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.09.18 15:56:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.18 15:56:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.18 15:43:51 | 004,753,347 | R--- | C] (Swearware) -- C:\Users\bouni\Desktop\ComboFix.exe
[2012.09.17 16:26:58 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe
[2012.09.17 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C5821B4A-8511-43AF-8B5D-D622502EA73D}
[2012.09.16 16:22:17 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D4EBCAA6-9A2B-4F22-8A2C-651284825738}
[2012.09.16 04:22:06 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{982B131E-8B81-4992-80C4-77705240AED3}
[2012.09.15 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{21A47432-A0FA-46DF-96EC-2CDCDAE1DCAF}
[2012.09.14 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{7ACA0C7A-A3DA-44B7-A39F-83D1DA402BE5}
[2012.09.13 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Roaming\Malwarebytes
[2012.09.13 16:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.13 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.13 15:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.13 15:35:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.09.13 15:20:16 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{B242B18C-13B2-4445-AE10-1685CD71D494}
[2012.09.13 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{3C6572FF-8669-4D7C-8878-FA857A234A4D}
[2012.09.13 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{34F32623-48EC-4FDE-9673-A5A86DF55E4E}
[2012.09.10 10:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.10 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{E333967A-E26F-44A0-B0B8-A84E8F11372F}
[2012.09.06 14:38:45 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{447CA8C4-7195-4BE3-8BFB-0A3106B47C84}
[2012.09.02 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{9950D904-A89D-423F-9DE3-50A1440FDED9}
[2012.08.31 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C6F2F373-AB5A-42F5-BF33-5F2F682F2F17}
[2012.08.31 03:50:59 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{0B8D096C-0518-4611-AF41-2DFDF839DC5C}
[2012.08.28 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{63A539B6-E17F-46D6-9F3B-D50591AEAD24}
[2012.08.26 11:54:13 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C36316A7-629D-4B67-88B1-F48A1F8A2A80}
[2012.08.24 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3}
[2012.08.20 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D81A48AD-FF8C-43BF-B4DB-3792419B850B}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.19 14:49:09 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job
[2012.09.19 14:31:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 14:31:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 12:26:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\bouni\Desktop\esetsmartinstaller_enu.exe
[2012.09.19 12:19:49 | 000,000,441 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.09.19 10:35:01 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.19 10:31:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.19 10:31:43 | 3216,232,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.19 10:30:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.19 10:27:59 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.09.18 23:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job
[2012.09.18 22:06:48 | 335,088,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.18 20:04:26 | 000,512,737 | ---- | M] () -- C:\Users\bouni\Desktop\adwcleaner.exe
[2012.09.18 20:01:03 | 000,088,396 | ---- | M] () -- C:\Users\bouni\Desktop\Problem2.JPG
[2012.09.18 19:07:41 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\bouni\Desktop\aswMBR.exe
[2012.09.18 17:32:31 | 000,149,504 | ---- | M] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.18 16:34:44 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.09.18 16:34:26 | 000,673,660 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012.09.18 16:34:26 | 000,667,136 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012.09.18 16:34:26 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.18 16:34:26 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.18 16:34:26 | 000,128,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.18 16:34:26 | 000,127,890 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012.09.18 16:34:26 | 000,124,732 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012.09.18 16:34:26 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.18 16:14:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.09.18 15:44:22 | 004,753,347 | R--- | M] (Swearware) -- C:\Users\bouni\Desktop\ComboFix.exe
[2012.09.17 17:05:24 | 000,302,592 | ---- | M] () -- C:\Users\bouni\Desktop\eomlqucp.exe
[2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe
[2012.09.17 16:00:25 | 000,000,176 | ---- | M] () -- C:\Users\bouni\defogger_reenable
[2012.09.15 16:23:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job
[2012.09.13 15:35:57 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.03 01:39:35 | 000,007,592 | ---- | M] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat
[2012.08.24 09:37:45 | 000,392,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.18 21:46:20 | 3216,232,448 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.18 20:04:20 | 000,512,737 | ---- | C] () -- C:\Users\bouni\Desktop\adwcleaner.exe
[2012.09.18 20:01:01 | 000,088,396 | ---- | C] () -- C:\Users\bouni\Desktop\Problem2.JPG
[2012.09.18 16:34:35 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.09.18 16:00:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.18 16:00:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.18 16:00:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.18 16:00:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.18 16:00:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.17 17:05:23 | 000,302,592 | ---- | C] () -- C:\Users\bouni\Desktop\eomlqucp.exe
[2012.09.17 15:59:59 | 000,000,176 | ---- | C] () -- C:\Users\bouni\defogger_reenable
[2012.09.15 15:35:35 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job
[2012.09.13 15:35:57 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.05.03 16:28:48 | 000,000,043 | ---- | C] () -- C:\Users\bouni\gsview32.ini
[2010.07.31 13:19:02 | 001,102,070 | ---- | C] () -- C:\Users\bouni\Foto.JPG
[2010.05.10 14:58:09 | 003,649,774 | ---- | C] () -- C:\Users\bouni\AppData\Local\tmp031.JPG
[2010.03.17 17:26:01 | 002,220,931 | ---- | C] () -- C:\Users\bouni\Jahresergebnis Swissquote 2009.pdf
[2010.03.15 22:28:33 | 000,023,552 | ---- | C] () -- C:\Users\bouni\AppData\Local\WebpageIcons.db
[2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips
[2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Chorus
[2010.03.01 20:10:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.03.01 20:10:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Horn Section
[2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa
[2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Classic Thick
[2010.03.01 20:10:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Basic
[2010.03.01 20:07:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tribal Masks
[2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Trance Pad
[2010.03.01 19:56:24 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Treble Reduction
[2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Themes
[2010.03.01 19:53:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009.10.09 07:13:49 | 000,000,331 | ---- | C] () -- C:\Users\bouni\Zuletzt besuchte Orte - Verknüpfung.lnk
[2009.05.24 23:57:44 | 000,007,592 | ---- | C] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat
[2009.04.19 20:06:29 | 000,149,504 | ---- | C] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.15 17:34:37 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.04.15 17:31:02 | 000,000,020 | ---- | C] () -- C:\Users\bouni\ho.dir
[2009.04.15 17:21:04 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== LOP Check ==========
 
[2011.03.23 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DAEMON Tools Lite
[2009.04.15 16:57:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DigitalPersona
[2012.09.19 10:35:28 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Dropbox
[2011.05.11 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\ICAClient
[2012.05.15 23:23:51 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Kalypso Media
[2011.05.01 21:23:27 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\LimeWire
[2009.11.08 22:16:14 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\My Games
[2010.03.01 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Nikon
[2011.07.31 22:15:35 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Swiss Academic Software
[2012.08.24 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\uTorrent
[2011.07.17 14:40:03 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\xm1
[2012.09.18 23:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job
[2012.09.19 14:49:09 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job
[2012.09.19 10:30:46 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Geändert von Schwizer (19.09.2012 um 16:20 Uhr)

Alt 19.09.2012, 18:58   #26
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Bearshare MediaBar und uTorrent bitte deinstallieren.

Die eine Datei im Downloadsordner bitte löschen und Papierkorb leeren.

Poste dann bitte nochmal ein frisches OTL logfile. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.09.2012, 19:40   #27
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



uTorrent und Mediabar Deinstalliert, Datei im Downloadordner gelöscht und Papierkorb geleert.

Mein Rechner macht einen ziemlich gesunden Eindruck. fällt mir wirklich nicht mehr auf. hier noch das OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.09.2012 20:29:03 - Run 4
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\bouni\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 34.12% Memory free
6.19 Gb Paging File | 4.06 Gb Available in Paging File | 65.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.54 Gb Total Space | 63.62 Gb Free Space | 22.20% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.28 Gb Free Space | 11.13% Space Free | Partition Type: NTFS
 
Computer Name: BOUNIS_SKLAVE | User Name: bouni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe
PRC - [2012.09.10 10:46:33 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.02.17 10:37:46 | 015,963,936 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010.01.18 19:17:54 | 000,151,552 | ---- | M] (The MathWorks Inc.) -- C:\Programme\MATLAB\R2010a\bin\win32\MATLAB.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.12.16 17:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe
PRC - [2008.10.26 22:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe
PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008.07.14 19:15:10 | 000,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpAgent.exe
PRC - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe
PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe
PRC - [2008.06.19 13:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.06.19 13:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2001.12.29 09:10:00 | 000,106,561 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.) -- C:\Programme\WinZip\WZQKPICK.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.10 10:46:02 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 03:44:08 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.14 03:40:36 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:40:28 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 03:40:13 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 03:39:16 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.12 18:29:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.11 15:13:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 15:12:28 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012.05.11 15:12:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 15:11:43 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.11 15:11:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 15:10:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.10.17 20:35:51 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.12.21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010.02.05 18:47:16 | 000,385,024 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\xmlcore.dll
MOD - [2010.02.05 18:47:12 | 001,429,504 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\mcos.dll
MOD - [2010.02.05 18:47:12 | 000,516,096 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwfl.dll
MOD - [2010.02.05 18:47:12 | 000,417,792 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\m_dispatcher.dll
MOD - [2010.02.03 09:49:20 | 000,057,344 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\ir_xfmr.dll
MOD - [2010.01.22 03:24:22 | 000,483,328 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\hgbuiltins.dll
MOD - [2010.01.19 12:34:24 | 000,014,336 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativemlint.dll
MOD - [2010.01.19 12:34:22 | 000,094,208 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativecmdwin.dll
MOD - [2010.01.19 12:34:22 | 000,027,648 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativelex.dll
MOD - [2010.01.19 12:34:20 | 001,363,968 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\instutil.dll
MOD - [2010.01.19 12:34:20 | 000,147,456 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativejmi.dll
MOD - [2010.01.18 23:47:00 | 000,126,976 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwbridge.dll
MOD - [2010.01.18 23:47:00 | 000,102,400 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwi18n.dll
MOD - [2010.01.18 23:47:00 | 000,013,824 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwMATLAB_res.dll
MOD - [2010.01.18 23:46:58 | 000,643,072 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\boost_regex-vc80-mt-1_36.dll
MOD - [2010.01.18 23:46:58 | 000,348,160 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\mlint.dll
MOD - [2010.01.18 23:46:58 | 000,086,016 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\boost_filesystem-vc80-mt-1_36.dll
MOD - [2010.01.18 23:46:58 | 000,065,536 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\boost_signals-vc80-mt-1_36.dll
MOD - [2010.01.18 23:46:58 | 000,057,344 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\boost_date_time-vc80-mt-1_36.dll
MOD - [2010.01.18 23:46:58 | 000,011,776 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\boost_system-vc80-mt-1_36.dll
MOD - [2010.01.18 23:46:56 | 000,880,640 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwmathutil.dll
MOD - [2010.01.18 23:46:56 | 000,798,720 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\mlutil.dll
MOD - [2010.01.18 23:46:56 | 000,135,168 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwmathrng.dll
MOD - [2010.01.18 23:46:56 | 000,069,632 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwblas.dll
MOD - [2010.01.18 23:46:56 | 000,057,344 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwbinder.dll
MOD - [2010.01.18 23:46:56 | 000,049,152 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\boost_thread-vc80-mt-1_36.dll
MOD - [2010.01.18 23:46:56 | 000,026,112 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativeservices.dll
MOD - [2010.01.18 23:46:56 | 000,025,600 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\mtok.dll
MOD - [2010.01.18 23:46:56 | 000,017,920 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\uinone.dll
MOD - [2010.01.18 23:46:54 | 000,368,640 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\profiler.dll
MOD - [2010.01.18 23:46:52 | 000,978,944 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\hgdatatypes.dll
MOD - [2010.01.18 23:46:52 | 000,421,888 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\hgutils.dll
MOD - [2010.01.18 23:46:52 | 000,208,896 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwlapack.dll
MOD - [2010.01.18 23:46:52 | 000,122,880 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativejava.dll
MOD - [2010.01.18 23:46:52 | 000,049,152 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativelmgr.dll
MOD - [2010.01.11 19:52:56 | 000,212,992 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwspmatrix.dll
MOD - [2010.01.11 19:52:52 | 000,009,216 | ---- | M] () -- C:\Programme\MATLAB\R2010a\toolbox\matlab\winfun\winqueryreg.mexw32
MOD - [2010.01.11 19:52:46 | 001,867,776 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libhdf5.dll
MOD - [2010.01.11 19:52:46 | 000,126,976 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libexpat.dll
MOD - [2010.01.11 19:52:46 | 000,027,648 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwamd.dll
MOD - [2010.01.11 19:52:46 | 000,023,552 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwcolamd.dll
MOD - [2010.01.11 19:52:44 | 000,425,984 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\iqm.dll
MOD - [2010.01.06 11:56:32 | 000,307,200 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwcholmod.dll
MOD - [2010.01.06 11:56:30 | 000,059,904 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\zlib1.dll
MOD - [2009.04.22 22:52:56 | 000,066,856 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 06:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
MOD - [2009.02.27 17:01:20 | 007,589,888 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU
MOD - [2009.02.27 16:42:30 | 000,049,152 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Weblink.DEU
MOD - [2009.02.27 16:42:26 | 000,005,120 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU
MOD - [2009.02.27 16:42:04 | 000,057,344 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Search.DEU
MOD - [2009.02.27 16:40:40 | 000,102,400 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu
MOD - [2009.02.27 16:40:12 | 001,712,128 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2009.02.27 16:39:22 | 000,081,920 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\accessibility.DEU
MOD - [2009.02.27 12:56:34 | 000,016,768 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2009.02.27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009.01.18 15:50:02 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2008.09.25 18:42:26 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.06.30 01:10:18 | 000,028,672 | ---- | M] () -- C:\Programme\CyberLink\Shared files\richvideops.dll
MOD - [2008.06.19 13:10:46 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.12.11 07:19:40 | 001,204,224 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\Onix32.dll
MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.13 15:07:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.10 10:46:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe -- (STacSV)
SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe -- (AESTFilters)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\bouni\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.03.23 15:15:57 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.10.26 22:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.19 22:21:00 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.16 10:33:38 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.09.04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.08.07 19:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.08.06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = hxxp://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*hxxp://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{7E82651D-3339-4882-9925-8DEA2110B4C1}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.uzh.ch:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.ch/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.ftp: "proxy.uzh.ch"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "proxy.uzh.ch"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy.uzh.ch"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\bouni\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\bouni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.04.15 17:30:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.07.31 21:30:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009.04.15 17:30:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M]
 
[2011.08.06 18:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions
[2009.07.05 01:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.09.19 20:26:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions
[2012.08.24 11:53:52 | 000,005,143 | ---- | M] () (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\extensions\50374ef51ab48@50374ef51ab81.info.xpi
[2012.09.10 09:09:33 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-1.xml
[2010.06.24 11:16:05 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-10.xml
[2010.06.30 22:21:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-11.xml
[2010.07.23 14:49:29 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-12.xml
[2010.07.31 12:55:31 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-13.xml
[2010.09.14 23:23:27 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-14.xml
[2010.09.15 00:34:48 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-15.xml
[2010.10.19 00:14:40 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-16.xml
[2010.10.26 20:41:07 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-17.xml
[2010.11.03 15:44:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-18.xml
[2009.10.27 02:04:43 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-2.xml
[2009.10.31 14:52:58 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-3.xml
[2009.10.31 20:24:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-4.xml
[2009.12.17 15:08:15 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-5.xml
[2010.01.09 03:13:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-6.xml
[2010.02.22 13:36:01 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-7.xml
[2010.02.22 23:09:26 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-8.xml
[2010.04.08 16:29:00 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-9.xml
[2009.09.17 14:30:04 | 000,000,944 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin.xml
[2012.09.10 10:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.10 10:45:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.09.04 20:24:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.09.10 10:46:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.19 18:57:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 00:29:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.19 18:57:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 18:57:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 18:57:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 18:57:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.09.18 16:14:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\bouni\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [removeBearSharetoolbar] cmd.exe /c RD /S /Q "C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar" File not found
O4 - Startup: C:\Users\bouni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61ABEAFE-2C63-4028-92C1-6054469D099F}: DhcpNameServer = 138.188.101.189 138.188.101.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A6DB7DB-9D69-4D6A-A380-042076FFC470}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17B5496-B4DD-41C3-A52E-F53B3BB08079}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.19 12:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.19 12:26:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\bouni\Desktop\esetsmartinstaller_enu.exe
[2012.09.18 19:21:00 | 000,000,000 | ---D | C] -- C:\Users\bouni\Documents\EatNow
[2012.09.18 19:07:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\bouni\Desktop\aswMBR.exe
[2012.09.18 16:38:19 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2012.09.18 16:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.09.18 16:18:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.18 16:00:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.18 16:00:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.18 16:00:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.18 16:00:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.09.18 15:59:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.09.18 15:56:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.18 15:56:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.18 15:43:51 | 004,753,347 | R--- | C] (Swearware) -- C:\Users\bouni\Desktop\ComboFix.exe
[2012.09.17 16:26:58 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe
[2012.09.17 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C5821B4A-8511-43AF-8B5D-D622502EA73D}
[2012.09.16 16:22:17 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D4EBCAA6-9A2B-4F22-8A2C-651284825738}
[2012.09.16 04:22:06 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{982B131E-8B81-4992-80C4-77705240AED3}
[2012.09.15 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{21A47432-A0FA-46DF-96EC-2CDCDAE1DCAF}
[2012.09.14 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{7ACA0C7A-A3DA-44B7-A39F-83D1DA402BE5}
[2012.09.13 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Roaming\Malwarebytes
[2012.09.13 16:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.13 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.13 15:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.13 15:35:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.09.13 15:20:16 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{B242B18C-13B2-4445-AE10-1685CD71D494}
[2012.09.13 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{3C6572FF-8669-4D7C-8878-FA857A234A4D}
[2012.09.13 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{34F32623-48EC-4FDE-9673-A5A86DF55E4E}
[2012.09.10 10:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.10 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{E333967A-E26F-44A0-B0B8-A84E8F11372F}
[2012.09.06 14:38:45 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{447CA8C4-7195-4BE3-8BFB-0A3106B47C84}
[2012.09.02 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{9950D904-A89D-423F-9DE3-50A1440FDED9}
[2012.08.31 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C6F2F373-AB5A-42F5-BF33-5F2F682F2F17}
[2012.08.31 03:50:59 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{0B8D096C-0518-4611-AF41-2DFDF839DC5C}
[2012.08.28 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{63A539B6-E17F-46D6-9F3B-D50591AEAD24}
[2012.08.26 11:54:13 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C36316A7-629D-4B67-88B1-F48A1F8A2A80}
[2012.08.24 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3}
[2012.08.20 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D81A48AD-FF8C-43BF-B4DB-3792419B850B}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.19 20:31:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 20:31:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 19:26:37 | 000,000,441 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.09.19 17:49:04 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job
[2012.09.19 12:26:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\bouni\Desktop\esetsmartinstaller_enu.exe
[2012.09.19 10:35:01 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.19 10:31:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.19 10:31:43 | 3216,232,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.19 10:30:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.19 10:27:59 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.09.18 23:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job
[2012.09.18 22:06:48 | 335,088,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.18 20:04:26 | 000,512,737 | ---- | M] () -- C:\Users\bouni\Desktop\adwcleaner.exe
[2012.09.18 20:01:03 | 000,088,396 | ---- | M] () -- C:\Users\bouni\Desktop\Problem2.JPG
[2012.09.18 19:07:41 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\bouni\Desktop\aswMBR.exe
[2012.09.18 17:32:31 | 000,149,504 | ---- | M] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.18 16:34:44 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.09.18 16:34:26 | 000,673,660 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012.09.18 16:34:26 | 000,667,136 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012.09.18 16:34:26 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.18 16:34:26 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.18 16:34:26 | 000,128,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.18 16:34:26 | 000,127,890 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012.09.18 16:34:26 | 000,124,732 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012.09.18 16:34:26 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.18 16:14:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.09.18 15:44:22 | 004,753,347 | R--- | M] (Swearware) -- C:\Users\bouni\Desktop\ComboFix.exe
[2012.09.17 17:05:24 | 000,302,592 | ---- | M] () -- C:\Users\bouni\Desktop\eomlqucp.exe
[2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe
[2012.09.17 16:00:25 | 000,000,176 | ---- | M] () -- C:\Users\bouni\defogger_reenable
[2012.09.15 16:23:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job
[2012.09.13 15:35:57 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.03 01:39:35 | 000,007,592 | ---- | M] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat
[2012.08.24 09:37:45 | 000,392,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.18 21:46:20 | 3216,232,448 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.18 20:04:20 | 000,512,737 | ---- | C] () -- C:\Users\bouni\Desktop\adwcleaner.exe
[2012.09.18 20:01:01 | 000,088,396 | ---- | C] () -- C:\Users\bouni\Desktop\Problem2.JPG
[2012.09.18 16:34:35 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.09.18 16:00:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.18 16:00:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.18 16:00:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.18 16:00:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.18 16:00:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.17 17:05:23 | 000,302,592 | ---- | C] () -- C:\Users\bouni\Desktop\eomlqucp.exe
[2012.09.17 15:59:59 | 000,000,176 | ---- | C] () -- C:\Users\bouni\defogger_reenable
[2012.09.15 15:35:35 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job
[2012.09.13 15:35:57 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.05.03 16:28:48 | 000,000,043 | ---- | C] () -- C:\Users\bouni\gsview32.ini
[2010.05.10 14:58:09 | 003,649,774 | ---- | C] () -- C:\Users\bouni\AppData\Local\tmp031.JPG
[2010.03.15 22:28:33 | 000,023,552 | ---- | C] () -- C:\Users\bouni\AppData\Local\WebpageIcons.db
[2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips
[2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Chorus
[2010.03.01 20:10:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.03.01 20:10:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Horn Section
[2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa
[2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Classic Thick
[2010.03.01 20:10:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Basic
[2010.03.01 20:07:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tribal Masks
[2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Trance Pad
[2010.03.01 19:56:24 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Treble Reduction
[2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Themes
[2010.03.01 19:53:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009.10.09 07:13:49 | 000,000,331 | ---- | C] () -- C:\Users\bouni\Zuletzt besuchte Orte - Verknüpfung.lnk
[2009.05.24 23:57:44 | 000,007,592 | ---- | C] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat
[2009.04.19 20:06:29 | 000,149,504 | ---- | C] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.15 17:34:37 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.04.15 17:31:02 | 000,000,020 | ---- | C] () -- C:\Users\bouni\ho.dir
[2009.04.15 17:21:04 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== LOP Check ==========
 
[2011.03.23 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DAEMON Tools Lite
[2009.04.15 16:57:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DigitalPersona
[2012.09.19 10:35:28 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Dropbox
[2011.05.11 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\ICAClient
[2012.05.15 23:23:51 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Kalypso Media
[2011.05.01 21:23:27 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\LimeWire
[2009.11.08 22:16:14 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\My Games
[2010.03.01 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Nikon
[2011.07.31 22:15:35 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Swiss Academic Software
[2012.09.19 20:25:46 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\uTorrent
[2011.07.17 14:40:03 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\xm1
[2012.09.18 23:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job
[2012.09.19 17:49:04 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job
[2012.09.19 10:30:46 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 19.09.2012, 19:48   #28
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found
O4 - HKLM..\RunOnce: [removeBearSharetoolbar] cmd.exe /c RD /S /Q "C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar" File not found
[2012.09.17 17:05:24 | 000,302,592 | ---- | M] () -- C:\Users\bouni\Desktop\eomlqucp.exe
[2012.09.19 20:25:46 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\uTorrent
:Commands
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.



Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





OTL öffnen und Cleanup Button drücken.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.09.2012, 20:18   #29
Schwizer
 
Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



OTL hat irgendwann nicht mehr richtig funktioniert und musste geschlossen werden, habe dann den admin benutzer abgemeldet und wieder angemeldet (über den taskmanager). anschliessend war folgendes textfilge offen:

Files\Folders moved on Reboot...
C:\Users\bouni\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

war das nur ein fehler vor dem neustart des rechners? ich werde jetzt auf alle fälle kurz nochmals einen neustart machen. soll ich gleich mit dem zweiten punkt fortfahren?

beim neustart kam jetzt die fehlermeldung, dass aplle photostream exe nicht mehr funktioniere... kann kein entsprechendes file finden...

Alt 19.09.2012, 20:56   #30
schrauber
/// the machine
/// TB-Ausbilder
 

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Standard

Bundespolizei Trojaner: Systemwiederherstellung durchgeführt



Installier das Program mal neu. Davon wurde nix entfernt . Und ja den rest kannste abarbeiten .
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Bundespolizei Trojaner: Systemwiederherstellung durchgeführt
anti-malware, beste, besten, bräuchte, durchgeführt, einfach, eingefangen, entferne, entfernen, gemerkt, gen, google, guten, komplett, komplett entfernen, komplette, laufen, malwarebytes, miteinander, quarantäne, resultate, scan, stelle, systemwiederherstellung, trojaner



Ähnliche Themen: Bundespolizei Trojaner: Systemwiederherstellung durchgeführt


  1. Bundespolizei Trojaner - Weitere Schritte nach Systemwiederherstellung
    Log-Analyse und Auswertung - 04.06.2013 (18)
  2. GVU Trojaner, Win 7, Systemwiederherstellung durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (11)
  3. Bundespolizei Trojaner - Systemwiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (2)
  4. Wie lösche ich endgültig den GVU-Trojaner? Systemwiederherstellung bereits durchgeführt.
    Plagegeister aller Art und deren Bekämpfung - 19.10.2012 (1)
  5. Bundespolizei Trojaner - Systemwiederherstellung
    Log-Analyse und Auswertung - 16.10.2012 (1)
  6. Bundespolizei-Trojaner mit Windows-Systemwiederherstellung bearbeitet ?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (32)
  7. BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt?
    Log-Analyse und Auswertung - 26.07.2012 (1)
  8. S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?
    Log-Analyse und Auswertung - 25.07.2012 (30)
  9. BKA-Trojaner / Systemwiederherstellung durchgeführt / OTL.txt & EXTRAS.txt
    Log-Analyse und Auswertung - 25.07.2012 (2)
  10. Hatte einen Virus oder Wurm und habe Systemwiederherstellung durchgeführt!
    Log-Analyse und Auswertung - 23.07.2012 (1)
  11. Bundespolizei-Trojaner - Systemwiederherstellung durchgeführt - Sytem sauber? logs inside
    Log-Analyse und Auswertung - 19.07.2012 (28)
  12. Bundespolizei Trojaner - weg nach Systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  13. Bundespolizei Trojaner Otl-Scan wurde durchgeführt, brauche Hilfe!
    Log-Analyse und Auswertung - 19.03.2012 (9)
  14. Trojaner 'System check' eingefangen, Sony Vaio Systemwiederherstellung durchgeführt -> ausreichend?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (4)
  15. Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm
    Log-Analyse und Auswertung - 02.03.2012 (27)
  16. Bundespolizei Trojaner Systemwiederherstellung und jetzt?
    Plagegeister aller Art und deren Bekämpfung - 18.02.2012 (30)
  17. Bundespolizei-Trojaner nach Systemwiederherstellung
    Log-Analyse und Auswertung - 12.08.2011 (34)

Zum Thema Bundespolizei Trojaner: Systemwiederherstellung durchgeführt - Schließe alle offenen Programme und Browser. Starte die adwcleaner.exe mit einem Doppelklick. Klicke auf Löschen . Bestätige jeweils mit Ok . Dein Rechner wird neu gestartet. Nach dem Neustart öffnet - Bundespolizei Trojaner: Systemwiederherstellung durchgeführt...
Archiv
Du betrachtest: Bundespolizei Trojaner: Systemwiederherstellung durchgeführt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.