|
Log-Analyse und Auswertung: Bundespolizei Trojaner: Systemwiederherstellung durchgeführtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.09.2012, 19:38 | #16 |
/// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt
Aswmbr mit rechtsklick gestartet? Versuchs nochmal, bei der frage nach dem scannen mit avast engine nein anklicken.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
18.09.2012, 21:21 | #17 |
| Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Ich hab aswmbr mit einem doppelklick gestartet (alle offenen Programme habe ich geschlossen) aber anschliessend als Admin die Berechtigung gegeben aswmbr auszuführen.
__________________Bei dem letzten Lauf wurde der Computer Heruntergefahren, um ihn vor einer Beschädigung zu bewahren (blaue Fehlermeldung über den gesamten Bildschirm). Irgendwie läuft dieses Programm nicht korrekt auf meinem Rechner... Ich will es ehrlich gesagt nicht nochmals laufen lassen, da sich mein Rechner zimlich harsch abgewürgt hat. |
18.09.2012, 21:22 | #18 |
/// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt ok dann nur das andere.
__________________
__________________ |
18.09.2012, 21:44 | #19 |
| Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Das Andere habe ich bereits gepostet. Besten Dank. |
19.09.2012, 04:43 | #20 |
/// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Nö der Schritt mit AdwCleaner und löschen fehlt . Und dann bitt ein frisches OTL logfile.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.09.2012, 09:44 | #21 |
| Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Tut mir leid, war gestern nicht mehr ganz auf der Höhe Code:
ATTFilter # AdwCleaner v2.002 - Datei am 09/19/2012 um 10:30:17 erstellt # Aktualisiert am 16/09/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : bouni - BOUNIS_SKLAVE # Bootmodus : Normal # Ausgeführt unter : C:\Users\bouni\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml Datei Gelöscht : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\searchplugins\Conduit.xml Datei Gelöscht : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\searchplugins\daemon-search.xml Datei Gelöscht : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\searchplugins\SearchResults.xml Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\ProgramData\InstallMate Ordner Gelöscht : C:\ProgramData\Premium Ordner Gelöscht : C:\Users\bouni\AppData\Local\bearshare Ordner Gelöscht : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\Conduit Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\not admin\AppData\LocalLow\Conduit ***** [Registrierungsdatenbank] ***** Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\Software\Conduit Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v15.0 (de) Profilname : default Datei : C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\prefs.js C:\Users\bouni\AppData\Roaming\Mozilla\Firefox\Profiles\wjdi8igd.default\user.js ... Gelöscht ! Gelöscht : user_pref("browser.search.defaultenginename", "Search Results"); Gelöscht : user_pref("browser.search.defaultthis.engineName", "P2P Max DE Customized Web Search"); Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&Sea[...] Gelöscht : user_pref("browser.search.order.1", "Search Results"); Gelöscht : user_pref("extensions.50374ef51abf6.scode", "(function(){try{if('aol.com,mystart.incredibar.com,prem[...] Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=297&systemid=2&q="); Profilname : default Datei : C:\Users\not admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l1nb8iv.default\prefs.js [OK] Die Datei ist sauber. Profilname : default Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\z07ogyjd.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [4105 octets] - [18/09/2012 20:05:06] AdwCleaner[S1].txt - [4463 octets] - [19/09/2012 10:30:17] ########## EOF - C:\AdwCleaner[S1].txt - [4523 octets] ########## |
19.09.2012, 10:30 | #22 |
/// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Bitte noch ein frisches OTL logfile. Noch Probleme mit dem Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.09.2012, 10:56 | #23 |
| Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Mein Computer macht einen ziemlich guten Eindruck. Ist er jetzt wieder sauber? OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.09.2012 11:45:27 - Run 2 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\bouni\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 55.54% Memory free 6.19 Gb Paging File | 4.78 Gb Available in Paging File | 77.26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286.54 Gb Total Space | 49.73 Gb Free Space | 17.36% Space Free | Partition Type: NTFS Drive D: | 11.54 Gb Total Space | 1.28 Gb Free Space | 11.13% Space Free | Partition Type: NTFS Computer Name: BOUNIS_SKLAVE | User Name: bouni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\TV\TVAgent.exe PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.12.16 17:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe PRC - [2008.10.26 22:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008.07.14 19:15:10 | 000,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpAgent.exe PRC - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe PRC - [2008.06.19 13:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.06.19 13:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2001.12.29 09:10:00 | 000,106,561 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.) -- C:\Programme\WinZip\WZQKPICK.EXE ========== Modules (No Company Name) ========== MOD - [2012.06.14 03:44:08 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll MOD - [2012.06.14 03:40:36 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 03:40:28 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.14 03:40:13 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.14 03:39:16 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.05.12 18:29:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.11 15:13:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.11 15:12:28 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll MOD - [2012.05.11 15:12:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 15:11:43 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.05.11 15:11:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.11 15:10:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.04.22 22:52:56 | 000,066,856 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.30 06:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2008.09.25 18:42:26 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.06.30 01:10:18 | 000,028,672 | ---- | M] () -- C:\Programme\CyberLink\Shared files\richvideops.dll MOD - [2008.06.19 13:10:46 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll ========== Services (SafeList) ========== SRV - [2012.09.13 15:07:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.09.10 10:46:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) SRV - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe -- (STacSV) SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe -- (AESTFilters) SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\bouni\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.03.23 15:15:57 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.10.26 22:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008.09.19 22:21:00 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.09.16 10:33:38 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.09.04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.08.07 19:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.08.06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = hxxp://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*hxxp://www.yahoo.com/ext/search/search.html IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{7E82651D-3339-4882-9925-8DEA2110B4C1}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms} IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.uzh.ch:3128 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.ftp: "proxy.uzh.ch" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "proxy.uzh.ch" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.ssl: "proxy.uzh.ch" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\bouni\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\bouni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.04.15 17:30:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.07.31 21:30:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009.04.15 17:30:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M] [2011.08.06 18:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions [2009.07.05 01:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.08.24 11:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions [2011.08.06 18:19:53 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} [2012.08.24 11:53:52 | 000,005,143 | ---- | M] () (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\extensions\50374ef51ab48@50374ef51ab81.info.xpi [2012.09.10 09:09:33 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-1.xml [2010.06.24 11:16:05 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-10.xml [2010.06.30 22:21:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-11.xml [2010.07.23 14:49:29 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-12.xml [2010.07.31 12:55:31 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-13.xml [2010.09.14 23:23:27 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-14.xml [2010.09.15 00:34:48 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-15.xml [2010.10.19 00:14:40 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-16.xml [2010.10.26 20:41:07 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-17.xml [2010.11.03 15:44:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-18.xml [2009.10.27 02:04:43 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-2.xml [2009.10.31 14:52:58 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-3.xml [2009.10.31 20:24:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-4.xml [2009.12.17 15:08:15 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-5.xml [2010.01.09 03:13:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-6.xml [2010.02.22 13:36:01 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-7.xml [2010.02.22 23:09:26 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-8.xml [2010.04.08 16:29:00 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-9.xml [2009.09.17 14:30:04 | 000,000,944 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin.xml [2012.09.10 10:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.10 10:45:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.09.04 20:24:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.09.10 10:46:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.19 18:57:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 00:29:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.19 18:57:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.19 18:57:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.19 18:57:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.19 18:57:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.09.18 16:14:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programme\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programme\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll () O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\bouni\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\bouni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61ABEAFE-2C63-4028-92C1-6054469D099F}: DhcpNameServer = 138.188.101.189 138.188.101.186 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A6DB7DB-9D69-4D6A-A380-042076FFC470}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17B5496-B4DD-41C3-A52E-F53B3BB08079}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.18 19:21:00 | 000,000,000 | ---D | C] -- C:\Users\bouni\Documents\EatNow [2012.09.18 19:07:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\bouni\Desktop\aswMBR.exe [2012.09.18 16:38:19 | 000,000,000 | ---D | C] -- C:\Windows\TEMP [2012.09.18 16:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.09.18 16:18:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.09.18 16:00:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.09.18 16:00:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.09.18 16:00:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.09.18 16:00:08 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.09.18 15:59:14 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.09.18 15:56:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.18 15:56:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.09.18 15:43:51 | 004,753,347 | R--- | C] (Swearware) -- C:\Users\bouni\Desktop\ComboFix.exe [2012.09.17 16:26:58 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe [2012.09.17 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C5821B4A-8511-43AF-8B5D-D622502EA73D} [2012.09.16 16:22:17 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D4EBCAA6-9A2B-4F22-8A2C-651284825738} [2012.09.16 04:22:06 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{982B131E-8B81-4992-80C4-77705240AED3} [2012.09.15 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{21A47432-A0FA-46DF-96EC-2CDCDAE1DCAF} [2012.09.14 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{7ACA0C7A-A3DA-44B7-A39F-83D1DA402BE5} [2012.09.13 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Roaming\Malwarebytes [2012.09.13 16:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.13 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.13 15:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.13 15:35:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.13 15:20:16 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{B242B18C-13B2-4445-AE10-1685CD71D494} [2012.09.13 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{3C6572FF-8669-4D7C-8878-FA857A234A4D} [2012.09.13 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{34F32623-48EC-4FDE-9673-A5A86DF55E4E} [2012.09.10 10:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.10 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{E333967A-E26F-44A0-B0B8-A84E8F11372F} [2012.09.06 14:38:45 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{447CA8C4-7195-4BE3-8BFB-0A3106B47C84} [2012.09.02 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{9950D904-A89D-423F-9DE3-50A1440FDED9} [2012.08.31 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C6F2F373-AB5A-42F5-BF33-5F2F682F2F17} [2012.08.31 03:50:59 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{0B8D096C-0518-4611-AF41-2DFDF839DC5C} [2012.08.28 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{63A539B6-E17F-46D6-9F3B-D50591AEAD24} [2012.08.26 11:54:13 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C36316A7-629D-4B67-88B1-F48A1F8A2A80} [2012.08.24 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3} [2012.08.20 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D81A48AD-FF8C-43BF-B4DB-3792419B850B} ========== Files - Modified Within 30 Days ========== [2012.09.19 11:49:04 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job [2012.09.19 10:35:01 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.09.19 10:32:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.19 10:32:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.19 10:31:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.19 10:31:43 | 3216,232,448 | -HS- | M] () -- C:\hiberfil.sys [2012.09.19 10:30:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.09.19 10:27:59 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.09.18 23:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job [2012.09.18 22:06:48 | 335,088,670 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.09.18 20:04:26 | 000,512,737 | ---- | M] () -- C:\Users\bouni\Desktop\adwcleaner.exe [2012.09.18 20:01:03 | 000,088,396 | ---- | M] () -- C:\Users\bouni\Desktop\Problem2.JPG [2012.09.18 19:07:41 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\bouni\Desktop\aswMBR.exe [2012.09.18 17:32:31 | 000,149,504 | ---- | M] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.18 16:34:44 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.09.18 16:34:26 | 000,673,660 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2012.09.18 16:34:26 | 000,667,136 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2012.09.18 16:34:26 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.18 16:34:26 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.18 16:34:26 | 000,128,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.18 16:34:26 | 000,127,890 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2012.09.18 16:34:26 | 000,124,732 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2012.09.18 16:34:26 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.18 16:14:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.09.18 15:44:22 | 004,753,347 | R--- | M] (Swearware) -- C:\Users\bouni\Desktop\ComboFix.exe [2012.09.17 17:49:20 | 000,000,441 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.09.17 17:05:24 | 000,302,592 | ---- | M] () -- C:\Users\bouni\Desktop\eomlqucp.exe [2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe [2012.09.17 16:00:25 | 000,000,176 | ---- | M] () -- C:\Users\bouni\defogger_reenable [2012.09.15 16:23:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job [2012.09.13 15:35:57 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.03 01:39:35 | 000,007,592 | ---- | M] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat [2012.08.24 09:37:45 | 000,392,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.09.18 21:46:20 | 3216,232,448 | -HS- | C] () -- C:\hiberfil.sys [2012.09.18 20:04:20 | 000,512,737 | ---- | C] () -- C:\Users\bouni\Desktop\adwcleaner.exe [2012.09.18 20:01:01 | 000,088,396 | ---- | C] () -- C:\Users\bouni\Desktop\Problem2.JPG [2012.09.18 16:34:35 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.09.18 16:00:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.09.18 16:00:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.09.18 16:00:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.09.18 16:00:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.09.18 16:00:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.09.17 17:05:23 | 000,302,592 | ---- | C] () -- C:\Users\bouni\Desktop\eomlqucp.exe [2012.09.17 15:59:59 | 000,000,176 | ---- | C] () -- C:\Users\bouni\defogger_reenable [2012.09.15 15:35:35 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job [2012.09.13 15:35:57 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.05.03 16:28:48 | 000,000,043 | ---- | C] () -- C:\Users\bouni\gsview32.ini [2010.07.31 13:19:02 | 001,102,070 | ---- | C] () -- C:\Users\bouni\Foto.JPG [2010.05.10 14:58:09 | 003,649,774 | ---- | C] () -- C:\Users\bouni\AppData\Local\tmp031.JPG [2010.03.17 17:26:01 | 002,220,931 | ---- | C] () -- C:\Users\bouni\Jahresergebnis Swissquote 2009.pdf [2010.03.15 22:28:33 | 000,023,552 | ---- | C] () -- C:\Users\bouni\AppData\Local\WebpageIcons.db [2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips [2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Chorus [2010.03.01 20:10:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT [2010.03.01 20:10:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Horn Section [2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa [2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Classic Thick [2010.03.01 20:10:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Basic [2010.03.01 20:07:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tribal Masks [2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Trance Pad [2010.03.01 19:56:24 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Treble Reduction [2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Themes [2010.03.01 19:53:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009.10.09 07:13:49 | 000,000,331 | ---- | C] () -- C:\Users\bouni\Zuletzt besuchte Orte - Verknüpfung.lnk [2009.05.24 23:57:44 | 000,007,592 | ---- | C] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat [2009.04.19 20:06:29 | 000,149,504 | ---- | C] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.15 17:34:37 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.04.15 17:31:02 | 000,000,020 | ---- | C] () -- C:\Users\bouni\ho.dir [2009.04.15 17:21:04 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== LOP Check ========== [2011.03.23 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DAEMON Tools Lite [2009.04.15 16:57:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DigitalPersona [2012.09.19 10:35:28 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Dropbox [2011.05.11 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\ICAClient [2012.05.15 23:23:51 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Kalypso Media [2011.05.01 21:23:27 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\LimeWire [2009.11.08 22:16:14 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\My Games [2010.03.01 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Nikon [2011.07.31 22:15:35 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Swiss Academic Software [2012.08.24 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\uTorrent [2011.07.17 14:40:03 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\xm1 [2012.09.18 23:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job [2012.09.19 11:49:04 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job [2012.09.19 10:30:46 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
19.09.2012, 11:19 | #24 |
/// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Schaut gut aus, jetzt scannen wir noch nach Überresten und dann räumen wir auf ESET Online Scanner
Und dann ein frisches OTL logfile.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.09.2012, 15:30 | #25 |
| Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Hier was ESET gefunden hat: Code:
ATTFilter C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application C:\Users\bouni\Downloads\SoftonicDownloader_fuer_utorrent.exe a variant of Win32/SoftonicDownloader.A application Das neue OTL logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.09.2012 16:15:52 - Run 3 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\bouni\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 41.23% Memory free 6.19 Gb Paging File | 4.62 Gb Available in Paging File | 74.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286.54 Gb Total Space | 48.85 Gb Free Space | 17.05% Space Free | Partition Type: NTFS Drive D: | 11.54 Gb Total Space | 1.28 Gb Free Space | 11.13% Space Free | Partition Type: NTFS Computer Name: BOUNIS_SKLAVE | User Name: bouni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe PRC - [2012.09.10 10:46:33 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\TV\TVAgent.exe PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.12.16 17:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe PRC - [2008.10.26 22:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008.07.14 19:15:10 | 000,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpAgent.exe PRC - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe PRC - [2008.06.19 13:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.06.19 13:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2001.12.29 09:10:00 | 000,106,561 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.) -- C:\Programme\WinZip\WZQKPICK.EXE ========== Modules (No Company Name) ========== MOD - [2012.09.10 10:46:02 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.14 03:44:08 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll MOD - [2012.06.14 03:40:36 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 03:40:28 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.14 03:40:13 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.14 03:39:16 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.05.12 18:29:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.11 15:13:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.11 15:12:28 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll MOD - [2012.05.11 15:12:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 15:11:43 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.05.11 15:11:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.11 15:10:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.10.17 20:35:51 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.04.22 22:52:56 | 000,066,856 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.30 06:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2008.09.25 18:42:26 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.06.30 01:10:18 | 000,028,672 | ---- | M] () -- C:\Programme\CyberLink\Shared files\richvideops.dll MOD - [2008.06.19 13:10:46 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll ========== Services (SafeList) ========== SRV - [2012.09.13 15:07:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.09.10 10:46:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) SRV - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe -- (STacSV) SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe -- (AESTFilters) SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\bouni\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.03.23 15:15:57 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.10.26 22:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008.09.19 22:21:00 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.09.16 10:33:38 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.09.04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.08.07 19:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.08.06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = hxxp://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*hxxp://www.yahoo.com/ext/search/search.html IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{7E82651D-3339-4882-9925-8DEA2110B4C1}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms} IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.uzh.ch:3128 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.ftp: "proxy.uzh.ch" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "proxy.uzh.ch" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.ssl: "proxy.uzh.ch" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\bouni\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\bouni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.04.15 17:30:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.07.31 21:30:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009.04.15 17:30:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M] [2011.08.06 18:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions [2009.07.05 01:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.08.24 11:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions [2011.08.06 18:19:53 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} [2012.08.24 11:53:52 | 000,005,143 | ---- | M] () (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\extensions\50374ef51ab48@50374ef51ab81.info.xpi [2012.09.10 09:09:33 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-1.xml [2010.06.24 11:16:05 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-10.xml [2010.06.30 22:21:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-11.xml [2010.07.23 14:49:29 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-12.xml [2010.07.31 12:55:31 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-13.xml [2010.09.14 23:23:27 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-14.xml [2010.09.15 00:34:48 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-15.xml [2010.10.19 00:14:40 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-16.xml [2010.10.26 20:41:07 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-17.xml [2010.11.03 15:44:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-18.xml [2009.10.27 02:04:43 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-2.xml [2009.10.31 14:52:58 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-3.xml [2009.10.31 20:24:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-4.xml [2009.12.17 15:08:15 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-5.xml [2010.01.09 03:13:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-6.xml [2010.02.22 13:36:01 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-7.xml [2010.02.22 23:09:26 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-8.xml [2010.04.08 16:29:00 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-9.xml [2009.09.17 14:30:04 | 000,000,944 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin.xml [2012.09.10 10:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.10 10:45:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.09.04 20:24:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.09.10 10:46:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.19 18:57:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 00:29:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.19 18:57:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.19 18:57:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.19 18:57:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.19 18:57:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.09.18 16:14:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programme\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programme\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll () O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\bouni\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\bouni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61ABEAFE-2C63-4028-92C1-6054469D099F}: DhcpNameServer = 138.188.101.189 138.188.101.186 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A6DB7DB-9D69-4D6A-A380-042076FFC470}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17B5496-B4DD-41C3-A52E-F53B3BB08079}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.19 12:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.19 12:26:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\bouni\Desktop\esetsmartinstaller_enu.exe [2012.09.18 19:21:00 | 000,000,000 | ---D | C] -- C:\Users\bouni\Documents\EatNow [2012.09.18 19:07:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\bouni\Desktop\aswMBR.exe [2012.09.18 16:38:19 | 000,000,000 | ---D | C] -- C:\Windows\TEMP [2012.09.18 16:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.09.18 16:18:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.09.18 16:00:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.09.18 16:00:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.09.18 16:00:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.09.18 16:00:08 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.09.18 15:59:14 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.09.18 15:56:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.18 15:56:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.09.18 15:43:51 | 004,753,347 | R--- | C] (Swearware) -- C:\Users\bouni\Desktop\ComboFix.exe [2012.09.17 16:26:58 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe [2012.09.17 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C5821B4A-8511-43AF-8B5D-D622502EA73D} [2012.09.16 16:22:17 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D4EBCAA6-9A2B-4F22-8A2C-651284825738} [2012.09.16 04:22:06 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{982B131E-8B81-4992-80C4-77705240AED3} [2012.09.15 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{21A47432-A0FA-46DF-96EC-2CDCDAE1DCAF} [2012.09.14 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{7ACA0C7A-A3DA-44B7-A39F-83D1DA402BE5} [2012.09.13 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Roaming\Malwarebytes [2012.09.13 16:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.13 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.13 15:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.13 15:35:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.13 15:20:16 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{B242B18C-13B2-4445-AE10-1685CD71D494} [2012.09.13 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{3C6572FF-8669-4D7C-8878-FA857A234A4D} [2012.09.13 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{34F32623-48EC-4FDE-9673-A5A86DF55E4E} [2012.09.10 10:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.10 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{E333967A-E26F-44A0-B0B8-A84E8F11372F} [2012.09.06 14:38:45 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{447CA8C4-7195-4BE3-8BFB-0A3106B47C84} [2012.09.02 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{9950D904-A89D-423F-9DE3-50A1440FDED9} [2012.08.31 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C6F2F373-AB5A-42F5-BF33-5F2F682F2F17} [2012.08.31 03:50:59 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{0B8D096C-0518-4611-AF41-2DFDF839DC5C} [2012.08.28 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{63A539B6-E17F-46D6-9F3B-D50591AEAD24} [2012.08.26 11:54:13 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C36316A7-629D-4B67-88B1-F48A1F8A2A80} [2012.08.24 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3} [2012.08.20 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D81A48AD-FF8C-43BF-B4DB-3792419B850B} ========== Files - Modified Within 30 Days ========== [2012.09.19 14:49:09 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job [2012.09.19 14:31:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.19 14:31:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.19 12:26:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\bouni\Desktop\esetsmartinstaller_enu.exe [2012.09.19 12:19:49 | 000,000,441 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.09.19 10:35:01 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.09.19 10:31:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.19 10:31:43 | 3216,232,448 | -HS- | M] () -- C:\hiberfil.sys [2012.09.19 10:30:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.09.19 10:27:59 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.09.18 23:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job [2012.09.18 22:06:48 | 335,088,670 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.09.18 20:04:26 | 000,512,737 | ---- | M] () -- C:\Users\bouni\Desktop\adwcleaner.exe [2012.09.18 20:01:03 | 000,088,396 | ---- | M] () -- C:\Users\bouni\Desktop\Problem2.JPG [2012.09.18 19:07:41 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\bouni\Desktop\aswMBR.exe [2012.09.18 17:32:31 | 000,149,504 | ---- | M] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.18 16:34:44 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.09.18 16:34:26 | 000,673,660 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2012.09.18 16:34:26 | 000,667,136 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2012.09.18 16:34:26 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.18 16:34:26 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.18 16:34:26 | 000,128,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.18 16:34:26 | 000,127,890 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2012.09.18 16:34:26 | 000,124,732 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2012.09.18 16:34:26 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.18 16:14:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.09.18 15:44:22 | 004,753,347 | R--- | M] (Swearware) -- C:\Users\bouni\Desktop\ComboFix.exe [2012.09.17 17:05:24 | 000,302,592 | ---- | M] () -- C:\Users\bouni\Desktop\eomlqucp.exe [2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe [2012.09.17 16:00:25 | 000,000,176 | ---- | M] () -- C:\Users\bouni\defogger_reenable [2012.09.15 16:23:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job [2012.09.13 15:35:57 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.03 01:39:35 | 000,007,592 | ---- | M] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat [2012.08.24 09:37:45 | 000,392,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.09.18 21:46:20 | 3216,232,448 | -HS- | C] () -- C:\hiberfil.sys [2012.09.18 20:04:20 | 000,512,737 | ---- | C] () -- C:\Users\bouni\Desktop\adwcleaner.exe [2012.09.18 20:01:01 | 000,088,396 | ---- | C] () -- C:\Users\bouni\Desktop\Problem2.JPG [2012.09.18 16:34:35 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.09.18 16:00:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.09.18 16:00:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.09.18 16:00:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.09.18 16:00:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.09.18 16:00:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.09.17 17:05:23 | 000,302,592 | ---- | C] () -- C:\Users\bouni\Desktop\eomlqucp.exe [2012.09.17 15:59:59 | 000,000,176 | ---- | C] () -- C:\Users\bouni\defogger_reenable [2012.09.15 15:35:35 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job [2012.09.13 15:35:57 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.05.03 16:28:48 | 000,000,043 | ---- | C] () -- C:\Users\bouni\gsview32.ini [2010.07.31 13:19:02 | 001,102,070 | ---- | C] () -- C:\Users\bouni\Foto.JPG [2010.05.10 14:58:09 | 003,649,774 | ---- | C] () -- C:\Users\bouni\AppData\Local\tmp031.JPG [2010.03.17 17:26:01 | 002,220,931 | ---- | C] () -- C:\Users\bouni\Jahresergebnis Swissquote 2009.pdf [2010.03.15 22:28:33 | 000,023,552 | ---- | C] () -- C:\Users\bouni\AppData\Local\WebpageIcons.db [2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips [2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Chorus [2010.03.01 20:10:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT [2010.03.01 20:10:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Horn Section [2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa [2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Classic Thick [2010.03.01 20:10:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Basic [2010.03.01 20:07:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tribal Masks [2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Trance Pad [2010.03.01 19:56:24 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Treble Reduction [2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Themes [2010.03.01 19:53:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009.10.09 07:13:49 | 000,000,331 | ---- | C] () -- C:\Users\bouni\Zuletzt besuchte Orte - Verknüpfung.lnk [2009.05.24 23:57:44 | 000,007,592 | ---- | C] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat [2009.04.19 20:06:29 | 000,149,504 | ---- | C] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.15 17:34:37 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.04.15 17:31:02 | 000,000,020 | ---- | C] () -- C:\Users\bouni\ho.dir [2009.04.15 17:21:04 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== LOP Check ========== [2011.03.23 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DAEMON Tools Lite [2009.04.15 16:57:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DigitalPersona [2012.09.19 10:35:28 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Dropbox [2011.05.11 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\ICAClient [2012.05.15 23:23:51 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Kalypso Media [2011.05.01 21:23:27 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\LimeWire [2009.11.08 22:16:14 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\My Games [2010.03.01 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Nikon [2011.07.31 22:15:35 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Swiss Academic Software [2012.08.24 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\uTorrent [2011.07.17 14:40:03 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\xm1 [2012.09.18 23:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job [2012.09.19 14:49:09 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job [2012.09.19 10:30:46 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Geändert von Schwizer (19.09.2012 um 16:20 Uhr) |
19.09.2012, 18:58 | #26 |
/// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Bearshare MediaBar und uTorrent bitte deinstallieren. Die eine Datei im Downloadsordner bitte löschen und Papierkorb leeren. Poste dann bitte nochmal ein frisches OTL logfile. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.09.2012, 19:40 | #27 |
| Bundespolizei Trojaner: Systemwiederherstellung durchgeführt uTorrent und Mediabar Deinstalliert, Datei im Downloadordner gelöscht und Papierkorb geleert. Mein Rechner macht einen ziemlich gesunden Eindruck. fällt mir wirklich nicht mehr auf. hier noch das OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.09.2012 20:29:03 - Run 4 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\bouni\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 34.12% Memory free 6.19 Gb Paging File | 4.06 Gb Available in Paging File | 65.57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286.54 Gb Total Space | 63.62 Gb Free Space | 22.20% Space Free | Partition Type: NTFS Drive D: | 11.54 Gb Total Space | 1.28 Gb Free Space | 11.13% Space Free | Partition Type: NTFS Computer Name: BOUNIS_SKLAVE | User Name: bouni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe PRC - [2012.09.10 10:46:33 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.02.17 10:37:46 | 015,963,936 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.12.14 16:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe PRC - [2010.01.18 19:17:54 | 000,151,552 | ---- | M] (The MathWorks Inc.) -- C:\Programme\MATLAB\R2010a\bin\win32\MATLAB.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\TV\TVAgent.exe PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.12.16 17:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe PRC - [2008.10.26 22:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Programme\SMINST\BLService.exe PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe PRC - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008.07.14 19:15:10 | 000,814,144 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpAgent.exe PRC - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe PRC - [2008.06.19 13:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.06.19 13:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2001.12.29 09:10:00 | 000,106,561 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.) -- C:\Programme\WinZip\WZQKPICK.EXE ========== Modules (No Company Name) ========== MOD - [2012.09.10 10:46:02 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.14 03:44:08 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll MOD - [2012.06.14 03:40:36 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 03:40:28 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.14 03:40:13 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.14 03:39:16 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.05.12 18:29:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.11 15:13:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.11 15:12:28 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll MOD - [2012.05.11 15:12:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.05.11 15:11:43 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.05.11 15:11:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.11 15:10:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.10.17 20:35:51 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.12.21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010.02.05 18:47:16 | 000,385,024 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\xmlcore.dll MOD - [2010.02.05 18:47:12 | 001,429,504 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\mcos.dll MOD - [2010.02.05 18:47:12 | 000,516,096 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwfl.dll MOD - [2010.02.05 18:47:12 | 000,417,792 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\m_dispatcher.dll MOD - [2010.02.03 09:49:20 | 000,057,344 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\ir_xfmr.dll MOD - [2010.01.22 03:24:22 | 000,483,328 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\hgbuiltins.dll MOD - [2010.01.19 12:34:24 | 000,014,336 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativemlint.dll MOD - [2010.01.19 12:34:22 | 000,094,208 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativecmdwin.dll MOD - [2010.01.19 12:34:22 | 000,027,648 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativelex.dll MOD - [2010.01.19 12:34:20 | 001,363,968 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\instutil.dll MOD - [2010.01.19 12:34:20 | 000,147,456 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativejmi.dll MOD - [2010.01.18 23:47:00 | 000,126,976 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwbridge.dll MOD - [2010.01.18 23:47:00 | 000,102,400 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwi18n.dll MOD - [2010.01.18 23:47:00 | 000,013,824 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwMATLAB_res.dll MOD - [2010.01.18 23:46:58 | 000,643,072 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\boost_regex-vc80-mt-1_36.dll MOD - [2010.01.18 23:46:58 | 000,348,160 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\mlint.dll MOD - [2010.01.18 23:46:58 | 000,086,016 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\boost_filesystem-vc80-mt-1_36.dll MOD - [2010.01.18 23:46:58 | 000,065,536 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\boost_signals-vc80-mt-1_36.dll MOD - [2010.01.18 23:46:58 | 000,057,344 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\boost_date_time-vc80-mt-1_36.dll MOD - [2010.01.18 23:46:58 | 000,011,776 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\boost_system-vc80-mt-1_36.dll MOD - [2010.01.18 23:46:56 | 000,880,640 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwmathutil.dll MOD - [2010.01.18 23:46:56 | 000,798,720 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\mlutil.dll MOD - [2010.01.18 23:46:56 | 000,135,168 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwmathrng.dll MOD - [2010.01.18 23:46:56 | 000,069,632 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwblas.dll MOD - [2010.01.18 23:46:56 | 000,057,344 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwbinder.dll MOD - [2010.01.18 23:46:56 | 000,049,152 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\boost_thread-vc80-mt-1_36.dll MOD - [2010.01.18 23:46:56 | 000,026,112 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativeservices.dll MOD - [2010.01.18 23:46:56 | 000,025,600 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\mtok.dll MOD - [2010.01.18 23:46:56 | 000,017,920 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\uinone.dll MOD - [2010.01.18 23:46:54 | 000,368,640 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\profiler.dll MOD - [2010.01.18 23:46:52 | 000,978,944 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\hgdatatypes.dll MOD - [2010.01.18 23:46:52 | 000,421,888 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\hgutils.dll MOD - [2010.01.18 23:46:52 | 000,208,896 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwlapack.dll MOD - [2010.01.18 23:46:52 | 000,122,880 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativejava.dll MOD - [2010.01.18 23:46:52 | 000,049,152 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\nativelmgr.dll MOD - [2010.01.11 19:52:56 | 000,212,992 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwspmatrix.dll MOD - [2010.01.11 19:52:52 | 000,009,216 | ---- | M] () -- C:\Programme\MATLAB\R2010a\toolbox\matlab\winfun\winqueryreg.mexw32 MOD - [2010.01.11 19:52:46 | 001,867,776 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libhdf5.dll MOD - [2010.01.11 19:52:46 | 000,126,976 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libexpat.dll MOD - [2010.01.11 19:52:46 | 000,027,648 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwamd.dll MOD - [2010.01.11 19:52:46 | 000,023,552 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwcolamd.dll MOD - [2010.01.11 19:52:44 | 000,425,984 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\iqm.dll MOD - [2010.01.06 11:56:32 | 000,307,200 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\libmwcholmod.dll MOD - [2010.01.06 11:56:30 | 000,059,904 | ---- | M] () -- C:\Programme\MATLAB\R2010a\bin\win32\zlib1.dll MOD - [2009.04.22 22:52:56 | 000,066,856 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.30 06:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll MOD - [2009.02.27 17:01:20 | 007,589,888 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU MOD - [2009.02.27 16:42:30 | 000,049,152 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Weblink.DEU MOD - [2009.02.27 16:42:26 | 000,005,120 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU MOD - [2009.02.27 16:42:04 | 000,057,344 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Search.DEU MOD - [2009.02.27 16:40:40 | 000,102,400 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu MOD - [2009.02.27 16:40:12 | 001,712,128 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU MOD - [2009.02.27 16:39:22 | 000,081,920 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\accessibility.DEU MOD - [2009.02.27 12:56:34 | 000,016,768 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2009.02.27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2009.01.18 15:50:02 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll MOD - [2008.09.25 18:42:26 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.06.30 01:10:18 | 000,028,672 | ---- | M] () -- C:\Programme\CyberLink\Shared files\richvideops.dll MOD - [2008.06.19 13:10:46 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.12.11 07:19:40 | 001,204,224 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\Onix32.dll MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll ========== Services (SafeList) ========== SRV - [2012.09.13 15:07:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.09.10 10:46:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) SRV - [2008.10.26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\stacsv.exe -- (STacSV) SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.09.16 10:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008.07.14 19:15:10 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_408c4e5a\AEstSrv.exe -- (AESTFilters) SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\bouni\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.08.02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.03.23 15:15:57 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.10.26 22:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008.09.19 22:21:00 | 007,404,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.09.16 10:33:38 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.09.04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.08.07 19:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.08.06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*hxxp://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = hxxp://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*hxxp://www.yahoo.com/ext/search/search.html IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2FA475CC-D5AC-45D5-8E4F-C87F8622E920}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcnnbie7-de-ch IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{7E82651D-3339-4882-9925-8DEA2110B4C1}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=297&systemid=2&q={searchTerms} IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.uzh.ch:3128 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://www.google.ch/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.ftp: "proxy.uzh.ch" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "proxy.uzh.ch" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.ssl: "proxy.uzh.ch" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\bouni\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\bouni\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.04.15 17:30:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.07.31 21:30:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2009.04.15 17:30:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:46:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 17:32:32 | 000,000,000 | ---D | M] [2011.08.06 18:20:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions [2009.07.05 01:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.09.19 20:26:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\Firefox\Profiles\wjdi8igd.default\extensions [2012.08.24 11:53:52 | 000,005,143 | ---- | M] () (No name found) -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\extensions\50374ef51ab48@50374ef51ab81.info.xpi [2012.09.10 09:09:33 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-1.xml [2010.06.24 11:16:05 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-10.xml [2010.06.30 22:21:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-11.xml [2010.07.23 14:49:29 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-12.xml [2010.07.31 12:55:31 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-13.xml [2010.09.14 23:23:27 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-14.xml [2010.09.15 00:34:48 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-15.xml [2010.10.19 00:14:40 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-16.xml [2010.10.26 20:41:07 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-17.xml [2010.11.03 15:44:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-18.xml [2009.10.27 02:04:43 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-2.xml [2009.10.31 14:52:58 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-3.xml [2009.10.31 20:24:36 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-4.xml [2009.12.17 15:08:15 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-5.xml [2010.01.09 03:13:24 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-6.xml [2010.02.22 13:36:01 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-7.xml [2010.02.22 23:09:26 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-8.xml [2010.04.08 16:29:00 | 000,000,950 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin-9.xml [2009.09.17 14:30:04 | 000,000,944 | ---- | M] () -- C:\Users\bouni\AppData\Roaming\mozilla\firefox\profiles\wjdi8igd.default\searchplugins\icqplugin.xml [2012.09.10 10:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.10 10:45:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.09.04 20:24:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.09.10 10:46:33 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.19 18:57:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 00:29:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.19 18:57:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.19 18:57:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.19 18:57:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.19 18:57:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.09.18 16:14:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.) O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\bouni\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [removeBearSharetoolbar] cmd.exe /c RD /S /Q "C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar" File not found O4 - Startup: C:\Users\bouni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\bouni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.ethz.ch/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61ABEAFE-2C63-4028-92C1-6054469D099F}: DhcpNameServer = 138.188.101.189 138.188.101.186 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A6DB7DB-9D69-4D6A-A380-042076FFC470}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C17B5496-B4DD-41C3-A52E-F53B3BB08079}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.19 12:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.19 12:26:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\bouni\Desktop\esetsmartinstaller_enu.exe [2012.09.18 19:21:00 | 000,000,000 | ---D | C] -- C:\Users\bouni\Documents\EatNow [2012.09.18 19:07:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\bouni\Desktop\aswMBR.exe [2012.09.18 16:38:19 | 000,000,000 | ---D | C] -- C:\Windows\TEMP [2012.09.18 16:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.09.18 16:18:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.09.18 16:00:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.09.18 16:00:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.09.18 16:00:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.09.18 16:00:08 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.09.18 15:59:14 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.09.18 15:56:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.18 15:56:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.09.18 15:43:51 | 004,753,347 | R--- | C] (Swearware) -- C:\Users\bouni\Desktop\ComboFix.exe [2012.09.17 16:26:58 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe [2012.09.17 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C5821B4A-8511-43AF-8B5D-D622502EA73D} [2012.09.16 16:22:17 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D4EBCAA6-9A2B-4F22-8A2C-651284825738} [2012.09.16 04:22:06 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{982B131E-8B81-4992-80C4-77705240AED3} [2012.09.15 16:06:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{21A47432-A0FA-46DF-96EC-2CDCDAE1DCAF} [2012.09.14 12:34:28 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{7ACA0C7A-A3DA-44B7-A39F-83D1DA402BE5} [2012.09.13 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Roaming\Malwarebytes [2012.09.13 16:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.13 15:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.13 15:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.13 15:35:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.13 15:20:16 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{B242B18C-13B2-4445-AE10-1685CD71D494} [2012.09.13 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{3C6572FF-8669-4D7C-8878-FA857A234A4D} [2012.09.13 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{34F32623-48EC-4FDE-9673-A5A86DF55E4E} [2012.09.10 10:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.10 09:01:39 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{E333967A-E26F-44A0-B0B8-A84E8F11372F} [2012.09.06 14:38:45 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{447CA8C4-7195-4BE3-8BFB-0A3106B47C84} [2012.09.02 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{9950D904-A89D-423F-9DE3-50A1440FDED9} [2012.08.31 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C6F2F373-AB5A-42F5-BF33-5F2F682F2F17} [2012.08.31 03:50:59 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{0B8D096C-0518-4611-AF41-2DFDF839DC5C} [2012.08.28 21:26:32 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{63A539B6-E17F-46D6-9F3B-D50591AEAD24} [2012.08.26 11:54:13 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{C36316A7-629D-4B67-88B1-F48A1F8A2A80} [2012.08.24 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{57378D17-DAB5-4F69-B2D9-2622717B26B3} [2012.08.20 22:18:41 | 000,000,000 | ---D | C] -- C:\Users\bouni\AppData\Local\{D81A48AD-FF8C-43BF-B4DB-3792419B850B} ========== Files - Modified Within 30 Days ========== [2012.09.19 20:31:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.19 20:31:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.19 19:26:37 | 000,000,441 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.09.19 17:49:04 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job [2012.09.19 12:26:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\bouni\Desktop\esetsmartinstaller_enu.exe [2012.09.19 10:35:01 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.09.19 10:31:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.19 10:31:43 | 3216,232,448 | -HS- | M] () -- C:\hiberfil.sys [2012.09.19 10:30:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.09.19 10:27:59 | 000,457,517 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.09.18 23:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job [2012.09.18 22:06:48 | 335,088,670 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.09.18 20:04:26 | 000,512,737 | ---- | M] () -- C:\Users\bouni\Desktop\adwcleaner.exe [2012.09.18 20:01:03 | 000,088,396 | ---- | M] () -- C:\Users\bouni\Desktop\Problem2.JPG [2012.09.18 19:07:41 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\bouni\Desktop\aswMBR.exe [2012.09.18 17:32:31 | 000,149,504 | ---- | M] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.18 16:34:44 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.09.18 16:34:26 | 000,673,660 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2012.09.18 16:34:26 | 000,667,136 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2012.09.18 16:34:26 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.18 16:34:26 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.18 16:34:26 | 000,128,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.18 16:34:26 | 000,127,890 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2012.09.18 16:34:26 | 000,124,732 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2012.09.18 16:34:26 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.18 16:14:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.09.18 15:44:22 | 004,753,347 | R--- | M] (Swearware) -- C:\Users\bouni\Desktop\ComboFix.exe [2012.09.17 17:05:24 | 000,302,592 | ---- | M] () -- C:\Users\bouni\Desktop\eomlqucp.exe [2012.09.17 16:27:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\bouni\Desktop\OTL.exe [2012.09.17 16:00:25 | 000,000,176 | ---- | M] () -- C:\Users\bouni\defogger_reenable [2012.09.15 16:23:05 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job [2012.09.13 15:35:57 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.03 01:39:35 | 000,007,592 | ---- | M] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat [2012.08.24 09:37:45 | 000,392,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.09.18 21:46:20 | 3216,232,448 | -HS- | C] () -- C:\hiberfil.sys [2012.09.18 20:04:20 | 000,512,737 | ---- | C] () -- C:\Users\bouni\Desktop\adwcleaner.exe [2012.09.18 20:01:01 | 000,088,396 | ---- | C] () -- C:\Users\bouni\Desktop\Problem2.JPG [2012.09.18 16:34:35 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.09.18 16:00:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.09.18 16:00:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.09.18 16:00:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.09.18 16:00:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.09.18 16:00:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.09.17 17:05:23 | 000,302,592 | ---- | C] () -- C:\Users\bouni\Desktop\eomlqucp.exe [2012.09.17 15:59:59 | 000,000,176 | ---- | C] () -- C:\Users\bouni\defogger_reenable [2012.09.15 15:35:35 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForbouni.job [2012.09.13 15:35:57 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.05.03 16:28:48 | 000,000,043 | ---- | C] () -- C:\Users\bouni\gsview32.ini [2010.05.10 14:58:09 | 003,649,774 | ---- | C] () -- C:\Users\bouni\AppData\Local\tmp031.JPG [2010.03.15 22:28:33 | 000,023,552 | ---- | C] () -- C:\Users\bouni\AppData\Local\WebpageIcons.db [2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips [2010.03.01 20:10:29 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Chorus [2010.03.01 20:10:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT [2010.03.01 20:10:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Horn Section [2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Cocoa [2010.03.01 20:10:27 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Classic Thick [2010.03.01 20:10:27 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Basic [2010.03.01 20:07:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tribal Masks [2010.03.01 19:56:24 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Trance Pad [2010.03.01 19:56:24 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Treble Reduction [2010.03.01 19:53:35 | 000,000,268 | RH-- | C] () -- C:\Users\bouni\AppData\Roaming\Themes [2010.03.01 19:53:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009.10.09 07:13:49 | 000,000,331 | ---- | C] () -- C:\Users\bouni\Zuletzt besuchte Orte - Verknüpfung.lnk [2009.05.24 23:57:44 | 000,007,592 | ---- | C] () -- C:\Users\bouni\AppData\Local\d3d9caps.dat [2009.04.19 20:06:29 | 000,149,504 | ---- | C] () -- C:\Users\bouni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.15 17:34:37 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.04.15 17:31:02 | 000,000,020 | ---- | C] () -- C:\Users\bouni\ho.dir [2009.04.15 17:21:04 | 000,457,517 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== LOP Check ========== [2011.03.23 15:24:57 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DAEMON Tools Lite [2009.04.15 16:57:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\DigitalPersona [2012.09.19 10:35:28 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Dropbox [2011.05.11 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\ICAClient [2012.05.15 23:23:51 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Kalypso Media [2011.05.01 21:23:27 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\LimeWire [2009.11.08 22:16:14 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\My Games [2010.03.01 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Nikon [2011.07.31 22:15:35 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\Swiss Academic Software [2012.09.19 20:25:46 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\uTorrent [2011.07.17 14:40:03 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\xm1 [2012.09.18 23:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000Core.job [2012.09.19 17:49:04 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1467267554-1309951501-3268280892-1000UA.job [2012.09.19 10:30:46 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
19.09.2012, 19:48 | #28 |
/// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Fixen mit OTL
Code:
ATTFilter :OTL O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll File not found O4 - HKLM..\RunOnce: [removeBearSharetoolbar] cmd.exe /c RD /S /Q "C:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar" File not found [2012.09.17 17:05:24 | 000,302,592 | ---- | M] () -- C:\Users\bouni\Desktop\eomlqucp.exe [2012.09.19 20:25:46 | 000,000,000 | ---D | M] -- C:\Users\bouni\AppData\Roaming\uTorrent :Commands [emptytemp]
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. OTL öffnen und Cleanup Button drücken. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.09.2012, 20:18 | #29 |
| Bundespolizei Trojaner: Systemwiederherstellung durchgeführt OTL hat irgendwann nicht mehr richtig funktioniert und musste geschlossen werden, habe dann den admin benutzer abgemeldet und wieder angemeldet (über den taskmanager). anschliessend war folgendes textfilge offen: Files\Folders moved on Reboot... C:\Users\bouni\AppData\Local\Temp\ehmsas.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... war das nur ein fehler vor dem neustart des rechners? ich werde jetzt auf alle fälle kurz nochmals einen neustart machen. soll ich gleich mit dem zweiten punkt fortfahren? beim neustart kam jetzt die fehlermeldung, dass aplle photostream exe nicht mehr funktioniere... kann kein entsprechendes file finden... |
19.09.2012, 20:56 | #30 |
/// the machine /// TB-Ausbilder | Bundespolizei Trojaner: Systemwiederherstellung durchgeführt Installier das Program mal neu. Davon wurde nix entfernt . Und ja den rest kannste abarbeiten .
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Bundespolizei Trojaner: Systemwiederherstellung durchgeführt |
anti-malware, beste, besten, bräuchte, durchgeführt, einfach, eingefangen, entferne, entfernen, gemerkt, gen, google, guten, komplett, komplett entfernen, komplette, laufen, malwarebytes, miteinander, quarantäne, resultate, scan, stelle, systemwiederherstellung, trojaner |