![]() |
Plagegeister aller Art und deren Bekämpfung: Hilfe bei Trojan.Bnk.win32.keyblogger.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #16 |
/// Selecta Jahrusso ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Hilfe bei Trojan.Bnk.win32.keyblogger.gen Deinstalliere bitte McAfee Security Scan Plus
ATTFilter :otl FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: engine@conduit.com: FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=76f5291f00000000000000f1d000f1d0&tlver=" [2011.04.17 19:34:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nina Saurer\AppData\Roaming\mozilla\Firefox\Profiles\w7lh2ydz.default\extensions\engine@conduit.com [2011.04.30 18:00:16 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Nina Saurer\AppData\Roaming\mozilla\Firefox\Profiles\w7lh2ydz.default\extensions\ffxtlbr@babylon.com [2009.11.10 22:15:41 | 000,002,236 | ---- | M] () -- C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default\searchplugins\askcom.xml [2010.08.18 23:08:49 | 000,000,881 | ---- | M] () -- C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default\searchplugins\conduit.xml :commands [reboot]
Besuche bitte die Microsoft-Update-Seite und lade Dir alle Updates unter Benutzerdefiniert herunter Mache das so lange bis du nichts mehr angeboten bekommst Du musst dafür mit den Internet Explorer ins Netz gehen. Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste in deiner nächsten Antwort OTL.txt Extras.txt Berichte wie der Rechner läuft
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
![]() | #17 |
![]() | ![]() Hilfe bei Trojan.Bnk.win32.keyblogger.gen OTL Logfile:
ATTFilter OTL logfile created on: 12.01.2012 17:10:39 - Run 4 OTL by OldTimer - Version Folder = C:\Users\Nina Saurer\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 52,90% Memory free 6,20 Gb Paging File | 4,71 Gb Available in Paging File | 75,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 128,46 Gb Free Space | 55,16% Space Free | Partition Type: NTFS Drive D: | 221,16 Gb Total Space | 207,08 Gb Free Space | 93,63% Space Free | Partition Type: NTFS Computer Name: NINASAURER-PC | User Name: Nina Saurer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.03 14:26:43 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.12.26 11:31:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nina Saurer\Desktop\OTL.exe PRC - [2011.02.01 14:49:28 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2010.09.20 08:48:08 | 000,185,784 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe PRC - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.12 21:43:35 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009.07.12 21:04:27 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.30 15:37:55 | 001,392,640 | ---- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE PRC - [2009.04.21 12:18:29 | 000,540,576 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2009.04.07 18:04:36 | 000,070,880 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe PRC - [2009.04.07 18:02:10 | 003,405,048 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe PRC - [2009.04.02 18:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009.03.21 04:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.02.07 00:13:16 | 001,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe PRC - [2008.12.09 23:01:10 | 000,424,504 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\smartlogon.exe PRC - [2008.12.09 23:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe PRC - [2008.11.27 03:54:00 | 000,211,512 | ---- | M] (ATK) -- C:\Program files\P4G\BatteryLife.exe PRC - [2008.11.20 17:38:28 | 001,511,936 | ---- | M] (tele.ring) -- C:\Program Files\telering\tele.ring Mobile Internet\tele.ring Mobile Internet.exe PRC - [2008.10.15 00:58:32 | 000,158,264 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe PRC - [2008.10.01 07:02:48 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008.09.03 01:11:04 | 008,105,984 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2008.08.19 18:34:04 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2008.08.18 19:27:32 | 000,117,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2008.08.18 18:56:22 | 000,098,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2008.08.14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008.08.14 04:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2008.08.14 00:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008.07.19 03:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008.06.12 14:14:06 | 000,214,288 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe PRC - [2008.04.01 07:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2008.03.31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2008.03.25 14:45:38 | 000,603,408 | ---- | M] (Avid Development GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe PRC - [2008.01.21 03:24:54 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2007.12.18 10:48:40 | 000,196,704 | ---- | M] (OptionNV) -- C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.11.20 12:44:30 | 001,145,400 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Net4Switch\Net4Switch.exe PRC - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.08.03 11:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2005.07.06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (No Company Name) ========== MOD - [2012.01.03 14:26:44 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.06.19 09:14:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.06.19 09:14:23 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.06.19 09:13:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2011.06.19 09:13:53 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll MOD - [2011.06.19 09:12:26 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.06.19 09:12:08 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.06.19 09:11:57 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.06.19 09:10:40 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.06.19 09:10:10 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2010.09.20 08:48:10 | 000,837,992 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\MngModule.dll MOD - [2010.09.20 08:48:10 | 000,239,016 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\TipsClient.dll MOD - [2010.08.18 22:17:23 | 000,101,376 | ---- | M] () -- C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll MOD - [2010.08.18 22:17:23 | 000,052,224 | ---- | M] () -- C:\Users\Nina Saurer\AppData\Roaming\Mozilla\Firefox\Profiles\w7lh2ydz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll MOD - [2009.08.16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2009.07.12 21:13:38 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3364.37101__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2009.07.12 21:13:38 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3364.37179__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2009.07.12 21:13:38 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3364.37083__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2009.07.12 21:13:38 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3364.37103__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2009.07.12 21:13:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3364.37160__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2009.07.12 21:13:38 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3364.37091__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2009.07.12 21:13:38 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3364.37141__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2009.07.12 21:13:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3364.37097__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2009.07.12 21:13:38 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3364.37128__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2009.07.12 21:13:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3364.37092__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2009.07.12 21:13:37 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3364.37146__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2009.07.12 21:13:37 | 000,172,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3364.37192__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll MOD - [2009.07.12 21:13:37 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3364.37179__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2009.07.12 21:13:37 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3364.37180__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2009.07.12 21:13:37 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3364.37147__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2009.07.12 21:13:37 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3364.37146__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2009.07.12 21:13:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3364.37178__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2009.07.12 21:13:37 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3364.37192__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll MOD - [2009.07.12 21:13:35 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3364.37130__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2009.07.12 21:13:35 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3364.37092__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2009.07.12 21:13:35 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3364.37104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2009.07.12 21:13:35 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3364.37155__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2009.07.12 21:13:35 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3364.37140__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2009.07.12 21:13:35 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3364.37108__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2009.07.12 21:13:35 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3364.37103__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2009.07.12 21:13:35 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3364.37139__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2009.07.12 21:13:35 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3364.37129__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2009.07.12 21:13:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3364.37128__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2009.07.12 21:13:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3364.37107__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2009.07.12 21:13:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3364.37138__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2009.07.12 21:13:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3364.37140__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2009.07.12 21:13:34 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3364.37129__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2009.07.12 21:13:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3364.37129__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2009.07.12 21:13:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2009.07.12 21:13:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2009.07.12 21:13:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2009.07.12 21:13:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2009.07.12 21:13:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2009.07.12 21:13:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2009.07.12 21:13:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2009.07.12 21:13:34 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\\atixclib.dll MOD - [2009.07.12 21:13:33 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll MOD - [2009.07.12 21:13:33 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2009.07.12 21:13:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2009.07.12 21:13:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2009.07.12 21:13:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2009.07.12 21:13:33 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll MOD - [2009.07.12 21:13:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2009.07.12 21:13:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2009.07.12 21:13:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2009.07.12 21:13:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3309.28647__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll MOD - [2009.07.12 21:13:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2009.07.12 21:13:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2009.07.12 21:13:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2009.07.12 21:13:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2009.07.12 21:13:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll MOD - [2009.07.12 21:13:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll MOD - [2009.07.12 21:13:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2009.07.12 21:13:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll MOD - [2009.07.12 21:13:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll MOD - [2009.07.12 21:13:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2009.07.12 21:13:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2009.07.12 21:13:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2009.07.12 21:13:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2009.07.12 21:13:32 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2009.07.12 21:13:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2009.07.12 21:13:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2009.07.12 21:13:32 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2009.07.12 21:13:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2009.07.12 21:13:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2009.07.12 21:13:32 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2009.07.12 21:13:32 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2009.07.12 21:13:32 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2009.07.12 21:13:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2009.07.12 21:13:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2009.07.12 21:13:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2009.07.12 21:13:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll MOD - [2009.07.12 21:13:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2009.07.12 21:13:31 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3364.37207__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2009.07.12 21:13:31 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3364.37097__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2009.07.12 21:13:31 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3364.37174__90ba9c70f846762e\MOM.Implementation.dll MOD - [2009.07.12 21:13:31 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3364.37172__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2009.07.12 21:13:31 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3364.37188__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2009.07.12 21:13:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2009.07.12 21:13:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2009.07.12 21:13:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2009.07.12 21:13:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2009.07.12 21:13:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2009.07.12 21:13:31 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\\AxInterop.WBOCXLib.dll MOD - [2009.07.12 21:13:31 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\\Interop.WBOCXLib.dll MOD - [2009.07.12 21:13:31 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3364.37078__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009.07.12 21:13:30 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3364.37087__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2009.07.12 21:13:30 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3364.37168__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2009.07.12 21:13:30 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3364.37080__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2009.07.12 21:13:30 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3364.37081__90ba9c70f846762e\ATIDEMOS.dll MOD - [2009.07.12 21:13:30 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3364.37082__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2009.07.12 21:13:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2009.07.12 21:13:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2009.07.12 21:13:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\\ATICCCom.dll MOD - [2009.07.12 21:13:30 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3364.37173__90ba9c70f846762e\CCC.Implementation.dll MOD - [2009.07.12 21:13:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2009.07.12 21:13:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2009.07.12 21:13:29 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3364.37080__90ba9c70f846762e\APM.Server.dll MOD - [2009.07.12 21:13:29 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3364.37079__90ba9c70f846762e\AEM.Server.dll MOD - [2009.04.30 08:23:47 | 047,607,808 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll MOD - [2009.04.02 02:26:19 | 000,102,400 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll MOD - [2009.03.19 03:16:09 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.11.20 17:38:28 | 000,221,696 | ---- | M] () -- C:\Program Files\telering\tele.ring Mobile Internet\optimizer.dll MOD - [2008.10.30 23:37:04 | 000,015,360 | ---- | M] () -- C:\Program files\P4G\OvrClk.dll MOD - [2008.10.24 19:29:16 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008.08.20 23:49:56 | 000,016,384 | ---- | M] () -- C:\Program files\P4G\DevMng.dll MOD - [2008.07.27 19:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\\System.Windows.Forms.resources.dll MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\\mscorlib.resources.dll MOD - [2008.07.19 03:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2008.06.09 17:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2008.03.25 14:45:44 | 000,111,888 | ---- | M] () -- C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll MOD - [2008.03.17 10:49:59 | 000,069,632 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll MOD - [2008.02.14 06:56:59 | 000,094,208 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe MOD - [2007.11.19 12:54:20 | 000,188,416 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswsysmon.dll MOD - [2007.11.19 10:11:58 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswcore.dll MOD - [2007.11.12 23:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll MOD - [2007.09.06 13:05:00 | 000,081,920 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswobj.dll MOD - [2007.08.14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007.08.02 08:53:06 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswresmgr.dll MOD - [2007.07.24 13:41:10 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ResItf.dll MOD - [2007.07.12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2007.06.19 10:38:08 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswui.dll MOD - [2007.06.15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll MOD - [2007.06.02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll MOD - [2007.05.14 13:07:14 | 000,009,728 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\LogonStartup.dll MOD - [2007.05.14 10:10:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswgblset.dll MOD - [2007.03.10 00:16:52 | 000,106,496 | ---- | M] () -- C:\Program Files\ATKGFNEX\AGFNEX.dll MOD - [2006.12.09 08:34:36 | 000,139,264 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipsw_cfgmgr.dll MOD - [2006.12.07 08:29:06 | 000,007,168 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\iphelper.dll MOD - [2006.12.06 15:55:32 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswhlp.dll MOD - [2006.12.06 15:55:22 | 000,086,016 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\ipswds.dll MOD - [2006.12.06 15:42:26 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\Net4Switch\cxcmrt.dll ========== Win32 Services (SafeList) ========== SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.07 18:04:36 | 000,070,880 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service) SRV - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.08.14 04:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.03.31 10:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.12.18 10:48:40 | 000,196,704 | ---- | M] (OptionNV) [Auto | Running] -- C:\Program Files\telering\tele.ring Mobile Internet\GtDetectSc.exe -- (GtDetectSc) SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.08.03 11:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) ========== Driver Services (SafeList) ========== DRV - [2009.11.25 11:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.07.12 21:40:27 | 000,030,264 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.28 04:16:09 | 001,019,392 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009.04.01 22:12:48 | 000,233,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service) DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009.03.19 04:06:27 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2009.03.19 02:33:13 | 000,093,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.12.24 09:39:43 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2008.12.20 08:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.11.27 12:16:47 | 000,135,680 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.11.03 08:03:27 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.08.11 03:14:11 | 001,752,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008.06.13 11:03:12 | 000,444,800 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700) DRV - [2008.05.29 17:21:04 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby) DRV - [2008.05.29 01:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2008.05.27 21:55:53 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s) DRV - [2008.04.28 14:26:41 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008.04.07 07:00:45 | 000,006,656 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CRFILTER.sys -- (CRFILTER) DRV - [2008.02.18 15:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP) DRV - [2008.02.08 11:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS) DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.08.06 12:30:18 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2007.08.03 13:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.03.30 11:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER) DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}: FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}: FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nina Saurer\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nina Saurer\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.03 14:26:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.03 14:26:45 | 000,000,000 | ---D | M] [2009.08.20 20:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina Saurer\AppData\Roaming\mozilla\Extensions [2012.01.12 16:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina Saurer\AppData\Roaming\mozilla\Firefox\Profiles\w7lh2ydz.default\extensions [2009.09.08 20:01:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nina Saurer\AppData\Roaming\mozilla\Firefox\Profiles\w7lh2ydz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.18 22:17:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Nina Saurer\AppData\Roaming\mozilla\Firefox\Profiles\w7lh2ydz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.18 22:17:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Nina Saurer\AppData\Roaming\mozilla\Firefox\Profiles\w7lh2ydz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.04 12:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011.06.23 08:00:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.07.11 18:19:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.01.04 12:41:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.12.20 21:29:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.20 21:29:46 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.20 21:29:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.20 21:29:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.20 21:29:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nina Saurer\AppData\Local\Google\Chrome\Application\8.0.552.237\pdf.dll CHR - plugin: Google Gears (Enabled) = C:\Users\Nina Saurer\AppData\Local\Google\Chrome\Application\8.0.552.237\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nina Saurer\AppData\Local\Google\Chrome\Application\8.0.552.237\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Nina Saurer\AppData\Local\Google\Update\\npGoogleOneClick8.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2012.01.02 22:28:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe (Pinnacle Systems) O4 - HKCU..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation) O4 - HKCU..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Nina Saurer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Nina Saurer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation) O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C4AB1CD-2E6D-4B83-9139-953013399F39}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C366D753-EAF5-4B0F-A67F-3EC5529788AB}: DhcpNameServer = O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Nina Saurer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nina Saurer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.08 13:48:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.01.08 13:46:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.01.08 13:29:22 | 000,000,000 | ---D | C] -- C:\Users\Nina Saurer\AppData\Local\temp [2012.01.08 13:28:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.01.08 13:20:59 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.01.08 13:16:27 | 004,374,678 | R--- | C] (Swearware) -- C:\Users\Nina Saurer\Desktop\ComboFix.exe [2012.01.05 13:27:12 | 000,000,000 | ---D | C] -- C:\Users\Nina Saurer\Desktop\Trojanerboard [2012.01.04 13:29:27 | 000,000,000 | ---D | C] -- C:\Users\Nina Saurer\AppData\Roaming\Malwarebytes [2012.01.04 13:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.04 13:29:18 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.04 13:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.04 12:41:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.01.04 12:41:07 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.01.04 12:41:07 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.01.02 23:00:19 | 000,000,000 | ---D | C] -- C:\Users\Nina Saurer\AppData\Roaming\Apple Computer [2012.01.02 23:00:19 | 000,000,000 | ---D | C] -- C:\Users\Nina Saurer\AppData\Local\Apple Computer [2012.01.02 23:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.02 22:58:48 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2012.01.02 22:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.02 22:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.01.02 22:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.01.02 22:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.01.02 22:56:17 | 000,000,000 | ---D | C] -- C:\Users\Nina Saurer\AppData\Local\Apple [2012.01.02 22:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.01.02 22:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.01.02 22:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.01.02 22:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.01.02 22:04:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.01.02 22:04:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.01.02 22:04:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.01.02 22:04:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.01.02 22:04:16 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.12.26 19:21:55 | 000,000,000 | ---D | C] -- C:\_OTL [2011.12.26 11:34:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Nina Saurer\Desktop\OTL.exe [2011.12.14 11:43:53 | 000,000,000 | ---D | C] -- C:\Users\Nina Saurer\Desktop\Seminararbeit ELGA [2008.11.03 08:03:27 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2012.01.12 16:54:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-887524061-3622075544-3766794456-1000UA.job [2012.01.12 16:54:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-887524061-3622075544-3766794456-1000Core.job [2012.01.12 16:48:06 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012.01.12 16:45:39 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.01.12 16:45:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.12 16:45:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.12 16:45:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.12 16:45:16 | 3220,299,776 | -HS- | M] () -- C:\hiberfil.sys [2012.01.12 16:44:10 | 000,000,280 | ---- | M] () -- C:\Windows\Brownie.ini [2012.01.12 14:04:18 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6F431C63-7431-47CF-AF08-25EDC02D635D}.job [2012.01.10 00:16:07 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.10 00:16:07 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.10 00:16:07 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.10 00:16:07 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.08 18:39:43 | 000,001,198 | ---- | M] () -- C:\Users\Nina Saurer\Desktop\Free YouTube to MP3 Converter.lnk [2012.01.08 13:16:50 | 004,374,678 | R--- | M] (Swearware) -- C:\Users\Nina Saurer\Desktop\ComboFix.exe [2012.01.06 22:12:47 | 000,380,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.01.04 13:29:21 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.02 23:00:14 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.02 22:28:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.12.26 11:37:53 | 000,000,000 | ---- | M] () -- C:\Users\Nina Saurer\defogger_reenable [2011.12.26 11:31:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nina Saurer\Desktop\OTL.exe ========== Files Created - No Company Name ========== [2012.01.08 18:39:43 | 000,001,198 | ---- | C] () -- C:\Users\Nina Saurer\Desktop\Free YouTube to MP3 Converter.lnk [2012.01.04 13:29:21 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.02 23:00:14 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.02 22:56:12 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.01.02 22:04:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.01.02 22:04:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.01.02 22:04:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.01.02 22:04:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.01.02 22:04:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.12.26 11:37:53 | 000,000,000 | ---- | C] () -- C:\Users\Nina Saurer\defogger_reenable [2011.01.23 14:37:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.02 20:56:17 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.02.02 20:56:16 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.01.11 10:16:17 | 000,201,488 | ---- | C] () -- C:\Windows\System32\MACD32.DLL [2010.01.11 10:16:17 | 000,144,144 | ---- | C] () -- C:\Windows\System32\MASE32.DLL [2010.01.11 10:16:17 | 000,141,584 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL [2010.01.11 10:16:17 | 000,063,248 | ---- | C] () -- C:\Windows\System32\MASD32.DLL [2010.01.11 10:16:17 | 000,033,040 | ---- | C] () -- C:\Windows\System32\MA32.DLL [2009.11.01 16:39:03 | 000,001,356 | ---- | C] () -- C:\Users\Nina Saurer\AppData\Local\d3d9caps.dat [2009.11.01 16:10:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.11.01 16:10:22 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.09.21 19:49:00 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2009.09.21 19:49:00 | 000,000,040 | ---- | C] () -- C:\Windows\BRDIAG.INI [2009.09.21 19:49:00 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2009.09.21 19:48:59 | 000,026,624 | ---- | C] () -- C:\Windows\System32\BRGSRC32.DLL [2009.09.21 19:48:59 | 000,004,608 | ---- | C] () -- C:\Windows\System32\BRGSRC16.DLL [2009.09.21 19:48:58 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2009.09.21 19:48:57 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2009.09.21 19:47:48 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.09.21 19:43:24 | 000,000,054 | ---- | C] () -- C:\Windows\System32\bd2030.dat [2009.09.21 19:43:00 | 000,000,280 | ---- | C] () -- C:\Windows\Brownie.ini [2009.08.19 16:33:48 | 000,019,456 | ---- | C] () -- C:\Users\Nina Saurer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.12 21:52:09 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2009.07.12 21:43:34 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2009.07.12 21:40:52 | 000,233,128 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys [2009.07.12 21:36:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.12 20:49:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.12 20:49:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.03.19 03:16:09 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.01.08 19:25:27 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.12.06 11:20:10 | 000,013,056 | ---- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS [2008.10.29 23:54:39 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2008.10.21 16:39:59 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2008.10.21 16:39:59 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2008.10.14 22:57:58 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.08.11 03:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.05.22 16:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg [2008.05.12 04:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008.04.16 12:11:34 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.04.16 12:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.04.16 12:11:34 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.04.16 12:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.04.16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008.04.07 07:00:45 | 000,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.09.06 01:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2007.08.23 17:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,380,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1999.01.22 19:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.01.2012 17:10:39 - Run 4 OTL by OldTimer - Version Folder = C:\Users\Nina Saurer\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 52,90% Memory free 6,20 Gb Paging File | 4,71 Gb Available in Paging File | 75,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 128,46 Gb Free Space | 55,16% Space Free | Partition Type: NTFS Drive D: | 221,16 Gb Total Space | 207,08 Gb Free Space | 93,63% Space Free | Partition Type: NTFS Computer Name: NINASAURER-PC | User Name: Nina Saurer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0DE7C555-83FB-4EC2-91BF-37AC2F75DAF1}" = rport=445 | protocol=6 | dir=out | app=system | "{1D686512-EC2C-4FB5-97EC-34E972CDBC29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{25F1B7F2-D408-4D0C-8913-4629061F5A77}" = lport=139 | protocol=6 | dir=in | app=system | "{2B0C8267-B2C8-4994-BD81-811FB945C1AD}" = lport=138 | protocol=17 | dir=in | app=system | "{33433998-F83B-473E-A0B9-165FA62A7282}" = rport=139 | protocol=6 | dir=out | app=system | "{373D150F-EE8F-4655-8204-CF4DB4B608BF}" = rport=137 | protocol=17 | dir=out | app=system | "{3AD137B4-24B5-45F5-9EBB-2BF9446ED078}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{3B966247-BF2F-4EFB-8916-B9EE214CF15A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{59028434-1D51-438B-BE67-667942B94629}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6BD991B5-96C8-46B5-BCFE-64C6FAD69FE6}" = lport=137 | protocol=17 | dir=in | app=system | "{7B176FDC-EF87-4BF4-893F-8F27A6215168}" = rport=138 | protocol=17 | dir=out | app=system | "{9AE7948C-478F-4EAD-9C47-13449BFBB41C}" = lport=445 | protocol=6 | dir=in | app=system | "{B816F4A6-C527-4ADD-B3E4-46EEE4928318}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D7ED0F35-40C9-49F3-B2E3-8FBF54C4306A}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{015929B0-F295-4E73-987A-FCC1EACE94D6}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe | "{015E9869-0B3F-4B0C-A7DE-B7D1A77A0345}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{03D18759-1C0F-418F-870B-29032DE9CF50}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1004C99D-5B99-493B-88FD-B5E4FC66F37A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{138EA518-4CC1-48FA-859C-924B8D41EF2E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{190E8BCF-1B19-4D83-A2B5-EE0E5A6599B7}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe | "{227E44D4-EC11-4805-B91B-315E656E1679}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{244C6E36-888E-4B4C-946E-B4116A74C865}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe | "{2DC06797-BDDC-4D9F-AB11-3992188C2957}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3ED64E5C-36F4-4A4B-9C70-E30A6B1D6516}" = protocol=6 | dir=in | app=c:\program files\360\360safe\safemon\360tray.exe | "{413BCA4F-26F6-4279-8FDF-B9F2CB43198B}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe | "{476F18B3-7C46-47CF-852F-F55A8D910F05}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4E3544AC-E081-4567-B199-F9D13C1374D3}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppliveva_u.exe | "{4E9A3DF3-D14B-4785-B6F5-6C5BA681C3F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{518A0B60-804D-4B4F-A304-A136AF990D5A}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe | "{520031A8-11A0-45F3-9FDE-CE1E1EF7081C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{524AC648-DD38-48F6-8775-43091B487E65}" = protocol=17 | dir=in | app=c:\program files\360\360safe\liveupdate360.exe | "{56C70A91-0C7D-4C87-9ED5-164DB75985A2}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | "{585CDFFE-B3C8-4635-9722-4CCF6D238BC0}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{5DA226CA-7AC1-4991-A5C9-B046535995FE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{61468F42-A4BD-4913-8FD8-017C29F6F748}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{7E626C78-956E-416A-B01B-1BD34ECEF864}" = protocol=17 | dir=in | app=c:\program files\360\360safe\safemon\360tray.exe | "{7F3E1219-6377-4447-B888-8AE0EFDADC49}" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | "{81737670-BD4D-4BE4-B599-2649C3B05385}" = protocol=17 | dir=in | app=c:\program files\sogouexplorer\sogouexplorer.exe | "{84CD2E30-7CC7-42E2-8DB6-742FA0EF126D}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe | "{8A22C48A-4F81-48F7-8674-792A052A7DBC}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe | "{8F77A6B6-DAE4-496C-8EE0-E31E7A6F20B2}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\downloadprogress.exe | "{912C83F5-AAED-4D85-8AA0-ABFEB7756EF0}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\ppliveu.exe | "{984D8246-5253-4DF3-9C02-8348EAD86FFF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{9A94AAEF-1911-4FF9-B2CF-DE3F71B1C497}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\ppliveva.exe | "{9AC414FC-E9BD-4A2D-80E3-76C8C609701A}" = protocol=6 | dir=in | app=c:\program files\360\360safe\liveupdate360.exe | "{9B37C6E7-FB9D-4AD6-AC10-D355A4838DCB}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe | "{A61D033E-FE3F-4955-85B0-D2374606F4E5}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe | "{A76F642F-C8EB-45BE-8278-668AD069617F}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe | "{AD4EDDDE-83AF-44B0-BD62-EE24C098E07B}" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe | "{ADFE9B05-8FD9-43EE-901E-598EE74CFC84}" = protocol=6 | dir=in | app=c:\program files\sogouexplorer\sogouexplorer.exe | "{B1E4F646-D45A-418C-804D-35F674D870E4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C426FB8A-429A-4405-9776-ABC460753E29}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{C877B95C-10EA-4754-8A60-1589BFDB51A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DCFF79DA-546E-4C9B-B8FA-BF9D95BB926D}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\flvpick.exe | "{DE3F3130-4AFB-41CB-9AF3-8E37E1CC7C91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E31F5EBA-1F73-4BC1-850F-593979B9594A}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{EF0EB482-FC7F-4A91-A366-2910359F784E}" = protocol=17 | dir=in | app=c:\program files\pplive\ppva\ppvadownload.exe | "{F3FD2338-8D73-4EA0-99B1-D0BD7DC73823}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F7B896BC-49E7-4948-8091-1EE594BDA6C6}" = protocol=6 | dir=in | app=c:\program files\pplive\ppva\crashreporter.exe | "{FA7E99DC-91C8-4B38-AE33-E2BE8E3C48D8}" = dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{1A3A3093-32CD-4BED-A88A-B3406B5F24EF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{3FBF3A21-5E6B-41D3-8B76-A47075402EF9}C:\users\nina saurer\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\nina saurer\appdata\local\google\chrome\application\chrome.exe | "TCP Query User{754932CC-7F7E-4C3B-B5FF-4E81FE7F7785}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{B2ECA0A2-7F15-4CE6-B80F-4B43E6CFDCE0}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{E1396AF5-8610-44BF-AD43-8AAE32BA4AB0}C:\users\nina saurer\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\nina saurer\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{E758A4BE-5197-4D01-96B7-1819B16FA7C8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software "{17B3A135-BAA4-1953-AEDF-1496A5159E2A}" = CCC Help French "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{206262A9-1646-7014-22A0-41945D93426C}" = CCC Help Dutch "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2677066A-6ACC-8B1B-82C0-7311ED12D73A}" = CCC Help Turkish "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 30 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{29164718-5C73-D67E-8A3F-A00220D98818}" = CCC Help Portuguese "{2DA0C980-2ACE-3F81-0306-131F70BD751B}" = Catalyst Control Center Core Implementation "{2E1AC6B8-F779-F3D3-3683-E0240D576917}" = CCC Help Italian "{30FDAACF-C49B-5AE6-2AA9-2C050F929B37}" = CCC Help Hungarian "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{3460BCDC-B45D-84A7-C8ED-C5041B8E2A2B}" = CCC Help English "{3A608351-5980-4A47-AE08-3742C55B4016}" = Windows Live Family Safety "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}" = Cisco EAP-FAST Module "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{44580BA8-245A-814D-BD25-7EA6FACD5DDC}" = CCC Help Russian "{47C7E3C7-1E38-85DB-887D-F9FF84F2086A}" = CCC Help Chinese Standard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound "{566F3EB2-C09A-F090-F573-169C42E7E381}" = Catalyst Control Center Graphics Full Existing "{567C654B-7FE9-4970-8323-56E8191D1941}" = ASUS FancyStart "{56FB1030-06AD-4158-8EFE-25420987D12A}" = Brother HL-2030 "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = Media Player Utilities 1.58 "{62CA4D04-7DC8-7ED6-7AE4-833A79AE2DF9}" = Catalyst Control Center Graphics Full New "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{655E04FB-E875-4668-D05A-A3CED767DFF8}" = CCC Help Korean "{656C519D-C82C-F7E0-93CE-087D5CA75AEA}" = ccc-core-static "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{7099D2EB-872E-5163-3F00-A893AC905042}" = CCC Help Japanese "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{72E84495-D53C-07FB-76D0-4DD11E710882}" = Catalyst Control Center Localization All "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{806C9880-B087-B336-A86A-5E7E4DB95C39}" = CCC Help Norwegian "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.1 "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8CF3206B-6330-42D6-B35E-CA7098337CB8}_is1" = Helium Audio Converter (build 181) "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{934B3B19-8193-467A-B356-E73F82647D38}" = Cisco LEAP Module "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch "{A10DA03B-9048-48B4-00A2-A71153C3F886}" = Die Sims™ Tiergeschichten "{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter "{A460F932-27CF-76F6-A291-8C4F7337EFE9}" = CCC Help Spanish "{AB429542-1E9D-7479-7ED4-B6D0B5C237E7}" = CCC Help Czech "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch "{B32ECB8E-4532-FD59-02C4-CB0B8F90F68D}" = CCC Help Swedish "{B61F7104-884B-D57D-1626-DE5AD5674B51}" = Skins "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B7606E5A-5D01-789F-F5E1-39D78F04854C}" = Catalyst Control Center Graphics Previews Vista "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes "{BAD1449B-DF0C-4118-B76D-68C54009576C}" = Cisco PEAP Module "{BB1E1B48-6136-1887-7307-2D9414009516}" = CCC Help Thai "{BFDAC740-3ACD-50A5-6259-F14FA93C86A5}" = ccc-utility "{C0AE3E60-6003-AF6F-BF8A-B2829480D39D}" = CCC Help Greek "{C1DFFC18-D91D-0481-0003-5B968F09AFDF}" = CCC Help Chinese Traditional "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C92877A9-9294-334C-0AEB-A1CCA8905FC6}" = CCC Help Finnish "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{D463B523-2F2F-A82D-B980-01C9AD578580}" = CCC Help Danish "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{D7385800-AE69-7527-1615-7DFDC02DF55A}" = Catalyst Control Center Graphics Light "{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader "{DA932D71-E52A-43D5-009E-395A1AEC1474}" = Die Sims™ Lebensgeschichten "{DB7752E0-D5F8-93DA-7C34-3CD8ECB123B5}" = CCC Help Polish "{DBE1E170-3EF6-AAA5-32C4-A78D98DF86A1}" = ATI Catalyst Install Manager "{DC35EF73-C7BD-4452-A793-4269990E1EA3}" = Windows Live Movie Maker-Betaversion "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E59AA04C-67BC-C6F8-E8B9-A9E103E3F49B}" = CCC Help German "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E665E293-442E-4B34-B515-1412F9921B8C}" = tele.ring Mobile Internet "{E665E293-442E-4B34-B515-1412F9921B8C}_x" = tele.ring Mobile Internet "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.29 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "{FC3D5BBB-CDF6-252C-2212-06D61AD2C628}" = Catalyst Control Center InstallProxy "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Elantech" = ETDWare PS/2-x86 WHQL "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube Download 3_is1" = Free YouTube Download 3 version "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25) "PPLive" = PPTV V2.6.0.0033 "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service "Uninstall_is1" = Uninstall "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam "USB Mass Storage Filter Driver" = Multimedia Card Reader "Veetle TV" = Veetle TV 0.9.18 "WinGimp-2.0_is1" = GIMP 2.6.10 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Bericht Rechner: Hm ich merke nicht wirklich viel Veränderung weder schlechter noch besser bzw. auf was willst du hinaus ? lg |
![]() | #18 | |
/// Selecta Jahrusso ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Hilfe bei Trojan.Bnk.win32.keyblogger.genZitat:
Informationen zum Installieren von Windows Vista Service Pack 2 (SP2) Lesen, ausführen und bitte neue OTL Logs posten.
__________________ |
![]() | #19 |
/// Selecta Jahrusso ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Hilfe bei Trojan.Bnk.win32.keyblogger.gen Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
![]() |
Themen zu Hilfe bei Trojan.Bnk.win32.keyblogger.gen |
64 bit system, antivir, avira, babylon toolbar, babylontoolbar, bho, c:\windows\system32\rundll32.exe, conduit, converter, error, excel, firefox, google, google chrome, home, iexplore.exe, install.exe, installation, microsoft office word, mp3, object, office 2007, plug-in, realtek, registry, required, scan, security, security scan, security update, senden, software, stick, studio, svchost.exe, systemzugriff, trojaner, usb, usb 2.0, version=1.0, vista |