| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GUV TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
| |
30.08.2012, 12:19
| #1 |
| |  GUV Trojaner Hallo, Ich bin zum ersten mal hier und versuch mich noch zurecht zu finden! Ich hab den GVU-Trojaner auf meinem PC. Hab jetzt das Malwarebytes Anti-Malware Programm im Quick scan durchgeführt. Unter Quarantäne wurden 4 Sachen abgelegt: Trojan.Ransom.Gen Exploit.Drop.GS Backdoor.Agent Exploit.Drop.GS Dann Hab ich den Defogger Runtergeladen und Ausgeführt der hat allerdings nichts gefunden. Ich mach jetz mit den weiteren Anweisungen auf eurer Seite weiter (OTL usw.). Danke schonmal für die Hilfe. Gruß Christian OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 30.08.2012 13:22:06 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Technoplan\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,80% Memory free 6,22 Gb Paging File | 4,35 Gb Available in Paging File | 70,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 293,33 Gb Total Space | 206,06 Gb Free Space | 70,25% Space Free | Partition Type: NTFS Drive D: | 293,08 Gb Total Space | 292,59 Gb Free Space | 99,83% Space Free | Partition Type: NTFS Computer Name: TECHNOPLAN-PC | User Name: Technoplan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.30 13:20:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Technoplan\Desktop\OTL.exe PRC - [2012.08.29 13:36:10 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012.08.09 08:12:46 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.06.29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.12.16 13:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2009.11.17 18:35:06 | 001,404,808 | ---- | M] (PixelPlanet GmbH) -- C:\Programme\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.06.06 19:17:16 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe PRC - [2008.03.26 15:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.03.05 00:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.02.10 09:29:20 | 000,167,576 | ---- | M] (Autodesk, Inc.) -- C:\Programme\Common Files\Autodesk Shared\WSCommCntr1.exe PRC - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Mail\WinMail.exe PRC - [2008.01.09 19:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.09.06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2006.04.18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE ========== Modules (No Company Name) ========== MOD - [2012.06.14 08:42:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll MOD - [2012.06.14 08:42:09 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012.06.14 08:11:55 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 08:11:48 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.14 10:06:45 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.05.14 09:32:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.14 09:32:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.14 08:09:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.14 08:08:26 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.14 08:08:19 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.03.21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.10.05 18:01:56 | 000,512,000 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepprint.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.09.29 18:49:35 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2971.38833__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.09.29 18:49:35 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2971.38792__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.09.29 18:49:35 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2971.38846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.09.29 18:49:35 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2971.39030__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.09.29 18:49:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2971.38993__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.09.29 18:49:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2971.38825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.09.29 18:49:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.09.29 18:49:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2971.38812__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.09.29 18:49:34 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2971.39063__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.09.29 18:49:23 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:23 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2971.39002__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:23 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2971.39069__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:23 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2971.39009__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.09.29 18:49:23 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2971.38806__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:23 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2971.39089__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2008.09.29 18:49:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2971.39001__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.09.29 18:49:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2971.39061__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2971.38955__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2971.38859__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2971.38947__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2971.38940__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2971.38813__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2971.39022__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.09.29 18:49:22 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2971.38852__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2971.38972__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.09.29 18:49:22 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2971.38946__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2971.38865__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2971.38954__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2971.38971__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.09.29 18:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2971.38986__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.09.29 18:49:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.09.29 18:49:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.09.29 18:49:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.09.29 18:49:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.09.29 18:49:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.09.29 18:49:21 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2939.23744__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2939.23747__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.09.29 18:49:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.09.29 18:49:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.09.29 18:49:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.09.29 18:49:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.09.29 18:49:18 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2971.39044_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008.09.29 18:49:17 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2971.38819__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.09.29 18:49:17 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2971.39044__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.09.29 18:49:17 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2971.39053__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.09.29 18:49:17 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2971.38784__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.09.29 18:49:17 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2971.39051__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.09.29 18:49:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.09.29 18:49:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.09.29 18:49:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2971.39081__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.09.29 18:49:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.09.29 18:49:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.09.29 18:49:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.09.29 18:49:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.09.29 18:49:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.09.29 18:49:17 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2971.39092__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2008.09.29 18:49:17 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2971.38783__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.09.29 18:49:16 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2971.38799__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.09.29 18:49:16 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2971.38784__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.09.29 18:49:16 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2971.38782__90ba9c70f846762e\APM.Server.dll MOD - [2008.09.29 18:49:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2971.38783__90ba9c70f846762e\AEM.Server.dll MOD - [2008.09.29 18:49:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.09.29 18:49:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2971.39053__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.09.29 18:49:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.09.29 18:49:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.03.05 00:38:16 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2008.02.20 17:30:04 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008.02.20 00:08:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe MOD - [2008.01.09 19:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll MOD - [2008.01.09 19:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll MOD - [2007.12.19 19:09:40 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll MOD - [2007.12.19 19:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll MOD - [2007.12.19 19:08:56 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll MOD - [2007.12.19 19:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll MOD - [2007.12.19 19:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll MOD - [2007.12.19 19:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll MOD - [2007.10.17 11:38:22 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\de\ePerformance.Plugin.resources.dll MOD - [2007.10.17 11:38:20 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll MOD - [2007.10.17 11:38:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll MOD - [2007.10.17 11:38:00 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll MOD - [2007.10.17 11:37:58 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll MOD - [2007.10.17 10:55:10 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll MOD - [2007.10.17 10:55:10 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.08.28 08:29:45 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$GW) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2009.10.05 18:04:12 | 000,172,032 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe -- (bepldr6PixelPlanetService) SRV - [2009.02.17 14:06:23 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006.04.18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfusb.sys -- (Tosrfusb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tosrfsnd.sys -- (TosRfSnd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfnds.sys -- (tosrfnds) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Tosrfhid.sys -- (Tosrfhid) DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\tosrfcom.sys -- (Tosrfcom) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\tosrfbnp.sys -- (tosrfbnp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfbd.sys -- (tosrfbd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosporte.sys -- (tosporte) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Toshidpt.sys -- (toshidpt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.06.07 12:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008.06.07 12:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2008.04.28 11:02:42 | 000,042,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.02.20 02:52:50 | 003,514,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.12.21 17:51:08 | 007,629,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.11.18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport) DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport) DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4} IE - HKCU\..\SearchScopes\{02CF09DD-7444-4794-B10F-4D1FB35C8BC5}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3F02C296-1A8E-47AC-AA5A-D09522C07C9E}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{53D15C7F-1907-4535-90D5-7D127D514EB7}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{63C2F400-10A0-4967-BF70-E4095256B4F7}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_deDE499 IE - HKCU\..\SearchScopes\{883EEDA1-02A9-4FC5-A548-23968B0A46B1}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{9C6D4C2F-6E94-41E6-A857-612C2EB6A070}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{B7FBE32F-9899-4926-821C-32774B4CAA2E}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@eleco.com/o2cplayer: C:\Program Files\Eleco\o2c Player\npO2CPlayer.DLL (ELECO Software GmbH) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PixelPlanet PdfPrinter-Monitor] C:\Program Files\PixelPlanet\PdfPrinter 6\PdfPrinterMonitor.exe (PixelPlanet GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Ibfiere] C:\Users\Technoplan\AppData\Roaming\Cooh\xiil.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC76DB2-719C-4570-9177-8E5A30E0FE49}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC76DB2-719C-4570-9177-8E5A30E0FE49}: NameServer = 192.168.0.254 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\Shell - "" = AutoRun O33 - MountPoints2\{b9e75f35-4bad-11e0-a8cf-0021853f0e1b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.30 13:20:01 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Technoplan\Desktop\OTL.exe [2012.08.30 11:07:57 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Malwarebytes [2012.08.30 11:07:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.30 11:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.30 11:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.30 11:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.28 15:19:03 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\UAs [2012.08.28 12:11:18 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\xmldm [2012.08.28 12:11:18 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\kock [2012.08.28 08:31:54 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Google [2012.08.28 08:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.08.28 08:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.08.14 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Tauku [2012.08.14 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Idowx [2012.08.14 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Technoplan\AppData\Roaming\Cooh [2011.08.29 10:24:01 | 053,710,568 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Technoplan\ElsterFormular-12.3.2.6814p.exe [1 C:\Users\Technoplan\AppData\Roaming\*.tmp files -> C:\Users\Technoplan\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.30 13:20:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Technoplan\Desktop\OTL.exe [2012.08.30 13:00:21 | 000,000,000 | ---- | M] () -- C:\Users\Technoplan\defogger_reenable [2012.08.30 12:59:29 | 000,050,477 | ---- | M] () -- C:\Users\Technoplan\Desktop\Defogger.exe [2012.08.30 12:55:52 | 009,507,732 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.30 12:55:52 | 003,298,018 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.30 12:55:52 | 002,983,518 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.30 12:55:52 | 002,664,278 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.30 12:50:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.30 12:50:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 12:50:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 12:50:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.30 12:50:01 | 3220,316,160 | -HS- | M] () -- C:\hiberfil.sys [2012.08.30 12:42:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.30 12:33:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.30 11:11:35 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.08.30 11:07:53 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 09:42:28 | 000,000,016 | ---- | M] () -- C:\Users\Technoplan\AppData\Roaming\blckdom.res [2012.08.28 08:35:48 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.08.20 14:09:52 | 000,000,010 | ---- | M] () -- C:\Windows\SHISETUP.SYS [2012.08.17 08:09:21 | 000,443,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Users\Technoplan\AppData\Roaming\*.tmp files -> C:\Users\Technoplan\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.30 13:00:21 | 000,000,000 | ---- | C] () -- C:\Users\Technoplan\defogger_reenable [2012.08.30 12:59:29 | 000,050,477 | ---- | C] () -- C:\Users\Technoplan\Desktop\Defogger.exe [2012.08.30 11:07:53 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 09:41:41 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.08.28 12:11:30 | 000,000,016 | ---- | C] () -- C:\Users\Technoplan\AppData\Roaming\blckdom.res [2012.08.28 08:31:27 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.08.16 08:09:21 | 000,000,680 | ---- | C] () -- C:\Users\Technoplan\AppData\Local\d3d9caps.dat [2011.04.07 10:16:58 | 000,000,010 | ---- | C] () -- C:\Windows\SHISETUP.SYS [2010.10.26 09:23:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.10.26 09:23:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.10.20 16:25:20 | 000,101,770 | ---- | C] () -- C:\Users\Technoplan\2009.elfo [2010.05.07 11:13:48 | 000,004,096 | -H-- | C] () -- C:\Users\Technoplan\AppData\Local\keyfile3.drm [2009.02.19 17:35:06 | 000,006,355 | ---- | C] () -- C:\Users\Technoplan\AppData\Roaming\Kommagetrennte Werte (Windows).EML [2009.02.19 14:24:04 | 000,000,000 | ---- | C] () -- C:\Users\Technoplan\AppData\Roaming\wklnhst.dat [2009.02.18 17:00:27 | 000,018,944 | ---- | C] () -- C:\Users\Technoplan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.01.16 10:38:12 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\1&1 Mail & Media GmbH [2008.03.21 15:57:57 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Acer GameZone Console [2009.02.19 14:14:40 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Autodesk [2012.08.16 08:07:21 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Cooh [2012.01.20 09:48:56 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\elsterformular [2012.08.14 14:18:28 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Idowx [2011.11.24 09:40:30 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Iqbe [2011.12.16 10:51:39 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\IrfanView [2012.08.28 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\kock [2009.03.09 10:08:33 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Mensch und Maschine [2012.03.15 14:56:24 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\OpenOffice.org [2009.12.11 10:04:09 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\PixelPlanet [2012.08.15 15:52:21 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Tauku [2009.02.27 09:35:04 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\TeamViewer [2012.08.29 10:43:24 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\UAs [2011.11.24 09:43:24 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Uhbeum [2012.08.29 10:43:32 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\xmldm [2010.11.25 10:00:25 | 000,000,000 | ---D | M] -- C:\Users\Technoplan\AppData\Roaming\Zylom [2012.08.30 12:49:02 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 714 bytes -> C:\Users\Technoplan\Documents\Dorndorf Gewerbepark.eml:OECustomProperty < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.08.2012 13:22:07 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Technoplan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,80% Memory free
6,22 Gb Paging File | 4,35 Gb Available in Paging File | 70,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 293,33 Gb Total Space | 206,06 Gb Free Space | 70,25% Space Free | Partition Type: NTFS
Drive D: | 293,08 Gb Total Space | 292,59 Gb Free Space | 99,83% Space Free | Partition Type: NTFS
Computer Name: TECHNOPLAN-PC | User Name: Technoplan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{52639EEF-7156-40A1-9C5A-D03B2780EE2C}" = rport=138 | protocol=17 | dir=out | app=system |
"{6DA92C3F-2AA1-4278-AF88-48B8E3FE42C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{862FEE24-57C0-42F8-95E9-AA36032603FF}" = rport=139 | protocol=6 | dir=out | app=system |
"{86F7E69E-2605-42F3-A68E-BE7294216CAF}" = lport=139 | protocol=6 | dir=in | app=system |
"{99B91ED6-94FD-43C4-A162-3F3D141FF23B}" = lport=138 | protocol=17 | dir=in | app=system |
"{BEC0CCFD-051E-4EDF-B3AF-C1C977FC3A5C}" = lport=137 | protocol=17 | dir=in | app=system |
"{CF946A69-EE1D-4FEA-9465-158EDF1B7DA6}" = rport=445 | protocol=6 | dir=out | app=system |
"{E00B91EE-AFF6-4B26-8BBB-67761FE51B1D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EB7B14B6-7B44-4A6C-B944-736CB705ED8F}" = lport=445 | protocol=6 | dir=in | app=system |
"{FA415279-AFE5-470C-AE79-0E852A41A396}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E26353-4C49-4E6F-ADF1-97B82DE56CD8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{077D2931-DB4D-4CCD-99C5-11DB2FC33C10}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{07C103FA-BB9F-4551-909A-C06EF6C389D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{152A6112-283A-4CBF-BF1B-83021F1C7CB4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1F737DB0-A5FC-4DAA-B056-E3C3DA941552}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2D937DCC-89DF-408A-B5B0-485337D6B49C}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{35D53898-57BE-4F42-B36A-0743BE2F1468}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{4D56D392-50C7-48E8-8CE2-A2FEC81D8D05}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{62DE9854-BE9C-417A-B948-0118FBE7C55C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{64910388-5F15-420D-B067-E2D771EB7525}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D143E9B-9C61-482E-9CC1-05C43667B932}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8636209A-1F83-42A5-8EB0-FEBE59ED42FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A3B416BD-6980-4235-BE55-1B9529AE5EBB}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{BCCE2808-3651-42B2-B6C0-3FC7A8BC2D36}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{C00FD3C5-4BC7-4880-A82F-9A48F7ABA477}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{C8366C07-2131-473C-BBED-D27222D02A87}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{D64B9BE2-AD71-472C-9DB8-D2D6810FAB82}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{DC96B31F-5D1B-4D34-954B-65049D1139C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{0F288857-105E-4B10-B323-C5C7A9B1F58B}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{2A7214A1-5BA9-4526-89D6-497AB1FCA19C}C:\program files\canon\network scangear\sgtool.exe" = protocol=6 | dir=in | app=c:\program files\canon\network scangear\sgtool.exe |
"TCP Query User{2E0552D3-DB20-404A-BF30-54DBAEA06469}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{527CF421-2D99-4A83-B2DA-7C6C7C65B12F}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"TCP Query User{7763B622-94C0-4612-8140-26D258E7D791}C:\program files\cal3k\bin\calmus.exe" = protocol=6 | dir=in | app=c:\program files\cal3k\bin\calmus.exe |
"TCP Query User{82F58F45-3D7F-4E97-B6E3-B56B6C724D85}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{9AA4EAF7-6472-497E-BA5F-E4B2BD2FC1D1}C:\users\technoplan\saved games\aoe\empires2.exe" = protocol=6 | dir=in | app=c:\users\technoplan\saved games\aoe\empires2.exe |
"TCP Query User{A19F342E-7E9C-41FE-B7BD-689492C78F0A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B5E9228F-4161-470E-8136-EAE9DD3EFA4D}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{F8E0566B-D0A9-4F1A-A497-F643FAB22BF0}E:\clicknconnect.exe" = protocol=6 | dir=in | app=e:\clicknconnect.exe |
"TCP Query User{FC729F76-186E-4DD9-A411-324BF14FF422}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{0B8C7F4D-167F-48CB-90F2-630518F1AC8A}C:\program files\canon\network scangear\sgtool.exe" = protocol=17 | dir=in | app=c:\program files\canon\network scangear\sgtool.exe |
"UDP Query User{1358F54E-92BD-4DCC-A9B5-3140415C4E20}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{146499E4-8BB1-4854-A709-94E8DDBB1B7E}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"UDP Query User{5CBE11FD-38F9-45CB-87DB-9DA75090C4A2}C:\program files\cal3k\bin\calmus.exe" = protocol=17 | dir=in | app=c:\program files\cal3k\bin\calmus.exe |
"UDP Query User{6C977F44-8B11-41EC-8B76-7019387A5907}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{6FFA951C-9019-4B30-8D8C-C638F71BD19B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{BCC2CB38-2937-4205-AF9E-60B0348D8AD7}E:\clicknconnect.exe" = protocol=17 | dir=in | app=e:\clicknconnect.exe |
"UDP Query User{D2D893B9-111E-4A32-BD56-F89E4C358FFF}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{DCBE3D7D-DC1D-48F3-B6F8-4EDD218A2BED}C:\users\technoplan\saved games\aoe\empires2.exe" = protocol=17 | dir=in | app=c:\users\technoplan\saved games\aoe\empires2.exe |
"UDP Query User{F03F1016-EAB9-4EB5-A975-ABD1262F1DCF}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{F099E5ED-7D0E-433E-A3B3-921ED174D35F}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00E139DD-A721-6CAD-BD4C-6FF597FC52BD}" = Catalyst Control Center Graphics Light
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (GW)
"{02F1F814-3458-9AE2-B360-6BA8C8DF9049}" = Catalyst Control Center Localization Danish
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{062D3AEE-6E5C-BCE9-4BE4-1190D29EE352}" = CCC Help Thai
"{06A4892F-EC84-7384-B401-52F30FC122FE}" = Catalyst Control Center Localization Japanese
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082F3B93-6515-4230-8303-658FCB12CB62}" = Print2CAD 2012 OCR Standard
"{0CC4C654-6439-52F7-FB58-7A6A720166ED}" = CCC Help Turkish
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{173823FE-9525-76D1-D97B-0FE91E155252}" = Skins
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A214451-2E9B-D3D3-47C6-A5721559CB4C}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{277D09B9-B42D-2AC2-C924-EDDFCF2107A3}" = Catalyst Control Center Core Implementation
"{286062BC-BDD5-9672-C020-136205720097}" = Catalyst Control Center Localization German
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA19C43-B671-8CEE-9354-4045F2CA7EB4}" = Catalyst Control Center Graphics Full Existing
"{2C1F489E-5720-996D-B4C1-EDC85CE1B65E}" = CCC Help Finnish
"{2CF047B3-E199-A69F-6D92-AADFBA7FF661}" = Catalyst Control Center Localization Chinese Traditional
"{2DFF2037-F943-84F0-BE0C-64D0CDD77E58}" = Catalyst Control Center Localization French
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{36CCF09A-3ABB-C137-4EFD-07E91590D001}" = Catalyst Control Center Localization Swedish
"{39140291-BEC7-7D17-B3AC-BA327051FA0B}" = ccc-core-static
"{3A146779-C87B-332C-EBBC-8579497D68BA}" = Catalyst Control Center Localization Greek
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{423C4F57-FABA-53C2-BD7C-2C5A2EFC50B4}" = Catalyst Control Center Localization Spanish
"{4254E189-9BDD-3319-C681-F60AF423A509}" = CCC Help Polish
"{431643EB-1687-CB60-C9C9-E9E60937E87E}" = Catalyst Control Center Graphics Previews Vista
"{4677674C-59CE-41B0-AA32-44A30A9D1EEB}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BBCED26-53AA-B0F9-753C-B7D7822F5B54}" = CCC Help Norwegian
"{4F99A59A-FA06-50CE-720F-983F59D14344}" = Catalyst Control Center Localization Thai
"{5533667F-DDBB-4264-A0AA-E546C2DF844C}" = Symbolbibliothek Haustechnik für AutoCAD
"{555A4211-DCF8-2A4B-8521-F077D1C72E52}" = Catalyst Control Center Localization Turkish
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-7009-0407-0002-0060B0CE6BBA}" = AutoCAD LT 2009 - Deutsch
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F68D4DF-0A31-4D57-AABD-0F2E6CF10C12}" = Network ScanGear Ver.2.2
"{61F260E7-05DE-9EBD-C5F0-4D8AF9FC16A3}" = CCC Help Chinese Traditional
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CFAF45A-F44B-4FCC-B7D8-727BF54685D6}" = Print2CAD 2012 OCR Demo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7C03DBF2-0F03-F9E8-3CBE-B07CB7F59318}" = CCC Help Greek
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{85C89C8C-4FD7-C7E2-97A7-847D947FFDDB}" = Catalyst Control Center Localization Chinese Standard
"{864A44F1-6AB7-5016-B275-DC2AC43D09E7}" = Catalyst Control Center Localization Portuguese
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8E279E44-FBBF-3C62-899C-E8D021697D52}" = ccc-utility
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93D15991-5890-47CF-85A6-83270CEC24D5}" = CALIFORNIA 3000 Arbeitsplatz Runtime
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96C48A0F-0368-554A-6833-F9B7D264B59F}" = CCC Help Italian
"{96C61636-0F21-403C-5348-AAE3C857BD72}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF5B5DE-6161-F211-2052-54BB67F32008}" = Catalyst Control Center Localization Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B075B92E-C60E-57C2-BDA4-A60E5FF71591}" = CCC Help Dutch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B420E03C-A7A8-7142-8BF1-D6798B98AC8A}" = CCC Help Korean
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BE63EA03-29BF-4E9D-73C9-095850F069C8}" = CCC Help Swedish
"{BFFDAD41-BAAB-5602-CD1A-EE1171D14D40}" = Catalyst Control Center Localization Hungarian
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3452F04-DA8E-2119-1925-D0E050A64186}" = ATI Catalyst Install Manager
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8CF9485-B188-A9B0-FEE3-3F423779F89C}" = Catalyst Control Center Localization Dutch
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CEA453C2-40E0-9B65-A90D-DA8611C29F32}" = CCC Help Hungarian
"{D17E2A02-5D61-C6F9-8D78-90FE1112C19A}" = CCC Help Spanish
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D53BAED6-CF1C-FF87-DE1A-D879D22EF67C}" = Catalyst Control Center Localization Czech
"{D5C388EB-9848-80F6-02F4-DBFED2DF02E8}" = CCC Help French
"{D7E3DAA3-78CB-A30F-FD58-94ED333AE524}" = CCC Help English
"{DE44BDEC-6005-6676-DBA4-FC314F53DD49}" = Catalyst Control Center Localization Norwegian
"{E05830A9-573F-8253-C280-921FF1474DA5}" = Catalyst Control Center Localization Russian
"{E0D6A886-A34F-7303-C485-91FA655E83D5}" = CCC Help Japanese
"{E53B1B0E-C8DA-4105-2C41-210571998AB6}" = Catalyst Control Center Localization Korean
"{E927B65C-A081-8B68-705C-932883697B80}" = Catalyst Control Center Localization Italian
"{EF70BC30-AEE6-5C73-DC7C-3C3B9A73D8FE}" = Catalyst Control Center Localization Polish
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F37200BB-2C03-42D9-DBE3-C6240D53DF06}" = CCC Help Portuguese
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F57D72B6-7FBB-3C60-A19D-55C7B8042934}" = CCC Help Russian
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F7FE23D7-980C-6250-6873-4BD1660FE4CB}" = CCC Help Czech
"{F90E2693-78D9-7CCB-4617-2383A0A31CD2}" = CCC Help Danish
"{F917BAC3-BC13-E3A0-EE98-74D9DA33BAE6}" = CCC Help German
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AutoCAD LT 2009 - Deutsch" = AutoCAD LT 2009 - Deutsch
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESP1400_1410 Ben.handbuch" = ESP1400_1410 Ben.handbuch
"Google Chrome" = Google Chrome
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{5F68D4DF-0A31-4D57-AABD-0F2E6CF10C12}" = Network ScanGear Ver.2.2
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NVIDIA Drivers" = NVIDIA Drivers
"o2c Player" = o2c Player
"TeamViewer 4" = TeamViewer 4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.08.2012 06:02:55 | Computer Name = Technoplan-PC | Source = LoadPerf | ID = 3012
Description =
Error - 30.08.2012 06:02:55 | Computer Name = Technoplan-PC | Source = LoadPerf | ID = 3012
Description =
Error - 30.08.2012 06:02:55 | Computer Name = Technoplan-PC | Source = LoadPerf | ID = 3011
Description =
Error - 30.08.2012 06:48:59 | Computer Name = Technoplan-PC | Source = EventSystem | ID = 4621
Description =
Error - 30.08.2012 06:50:19 | Computer Name = Technoplan-PC | Source = MSSQL$GW | ID = 8313
Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren.
SQL Server-Leistungsindikatoren sind deaktiviert.
Error - 30.08.2012 06:50:19 | Computer Name = Technoplan-PC | Source = MSSQL$GW | ID = 3409
Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für
Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz
neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen
Registrierungsberechtigungen verfügt.
Error - 30.08.2012 06:50:19 | Computer Name = Technoplan-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.08.2012 06:55:49 | Computer Name = Technoplan-PC | Source = LoadPerf | ID = 3012
Description =
Error - 30.08.2012 06:55:49 | Computer Name = Technoplan-PC | Source = LoadPerf | ID = 3012
Description =
Error - 30.08.2012 06:55:49 | Computer Name = Technoplan-PC | Source = LoadPerf | ID = 3011
Description =
[ System Events ]
Error - 30.08.2012 02:22:13 | Computer Name = Technoplan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.08.2012 02:22:13 | Computer Name = Technoplan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.08.2012 02:22:13 | Computer Name = Technoplan-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 30.08.2012 03:44:38 | Computer Name = Technoplan-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 30.08.2012 04:10:10 | Computer Name = Technoplan-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 30.08.2012 05:14:39 | Computer Name = Technoplan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 30.08.2012 um 11:12:50 unerwartet heruntergefahren.
Error - 30.08.2012 05:15:01 | Computer Name = Technoplan-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 30.08.2012 05:28:41 | Computer Name = Technoplan-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 30.08.2012 05:57:26 | Computer Name = Technoplan-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 30.08.2012 06:50:29 | Computer Name = Technoplan-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Gmer.txt GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-30 14:01:35
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005a WDC_WD64 rev.01.0
Running: ldl2ovql.exe; Driver: C:\Users\TECHNO~1\AppData\Local\Temp\afdiypoc.sys
---- System - GMER 1.0.15 ----
SSDT 8BC18E76 ZwCreateSection
SSDT 8BC18E80 ZwRequestWaitReplyPort
SSDT 8BC18E7B ZwSetContextThread
SSDT 8BC18E85 ZwSetSecurityObject
SSDT 8BC18E8A ZwSystemDebugControl
SSDT 8BC18E17 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 826F88D8 4 Bytes [76, 8E, C1, 8B]
.text ntkrnlpa.exe!KeSetEvent + 539 826F8BFC 4 Bytes [80, 8E, C1, 8B]
.text ntkrnlpa.exe!KeSetEvent + 56D 826F8C30 4 Bytes [7B, 8E, C1, 8B]
.text ntkrnlpa.exe!KeSetEvent + 5D1 826F8C94 4 Bytes [85, 8E, C1, 8B]
.text ntkrnlpa.exe!KeSetEvent + 619 826F8CDC 4 Bytes [8A, 8E, C1, 8B]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F008000, 0x1F4234, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] kernel32.dll!CreateThread 75EBCB2E 5 Bytes JMP 6A9775E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!SetWindowsHookExW 763987AD 5 Bytes JMP 6A9B25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!CallNextHookEx 76398E3B 5 Bytes JMP 6A9D7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!UnhookWindowsHookEx 763998DB 5 Bytes JMP 6A9FECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!EnableWindow 7639CD8B 5 Bytes JMP 6A9B9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DefWindowProcA 7639DB88 7 Bytes JMP 6A97980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!CreateWindowExA 7639DC2A 5 Bytes JMP 6A983643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!CreateWindowExW 763A1305 5 Bytes JMP 6A9E03B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DefWindowProcW 763B03B4 7 Bytes JMP 6A9D8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxParamW 763C10B0 5 Bytes JMP 6A911893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxIndirectParamW 763C2EF5 5 Bytes JMP 6AB08EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxParamA 763D8152 5 Bytes JMP 6AB08E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxIndirectParamA 763D847D 5 Bytes JMP 6AB08F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxIndirectA 763ED4D9 5 Bytes JMP 6AB08E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxIndirectW 763ED5D3 5 Bytes JMP 6AB08D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxExA 763ED639 5 Bytes JMP 6AB08D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxExW 763ED65D 5 Bytes JMP 6AB08CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] ole32.dll!OleLoadFromStream 75FF1E80 5 Bytes JMP 6AB096B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!EnableWindow 7639CD8B 5 Bytes JMP 6A9B9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!DialogBoxParamW 763C10B0 5 Bytes JMP 6A911893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!DialogBoxIndirectParamW 763C2EF5 5 Bytes JMP 6AB08EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!DialogBoxParamA 763D8152 5 Bytes JMP 6AB08E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!DialogBoxIndirectParamA 763D847D 5 Bytes JMP 6AB08F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!MessageBoxIndirectA 763ED4D9 5 Bytes JMP 6AB08E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!MessageBoxIndirectW 763ED5D3 5 Bytes JMP 6AB08D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!MessageBoxExA 763ED639 5 Bytes JMP 6AB08D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] USER32.dll!MessageBoxExW 763ED65D 5 Bytes JMP 6AB08CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4908] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7679B37C 4 Bytes [50, 26, 7D, 04]
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] kernel32.dll!CreateThread 75EBCB2E 5 Bytes JMP 6A9775E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!SetWindowsHookExW 763987AD 5 Bytes JMP 6A9B25B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!CallNextHookEx 76398E3B 5 Bytes JMP 6A9D7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!UnhookWindowsHookEx 763998DB 5 Bytes JMP 6A9FECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!EnableWindow 7639CD8B 5 Bytes JMP 6A9B9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DefWindowProcA 7639DB88 7 Bytes JMP 6A97980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!CreateWindowExA 7639DC2A 5 Bytes JMP 6A983643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!CreateWindowExW 763A1305 5 Bytes JMP 6A9E03B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DefWindowProcW 763B03B4 7 Bytes JMP 6A9D8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DialogBoxParamW 763C10B0 5 Bytes JMP 6A911893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DialogBoxIndirectParamW 763C2EF5 5 Bytes JMP 6AB08EE6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DialogBoxParamA 763D8152 5 Bytes JMP 6AB08E81 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DialogBoxIndirectParamA 763D847D 5 Bytes JMP 6AB08F4B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!MessageBoxIndirectA 763ED4D9 5 Bytes JMP 6AB08E08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!MessageBoxIndirectW 763ED5D3 5 Bytes JMP 6AB08D8F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!MessageBoxExA 763ED639 5 Bytes JMP 6AB08D2B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!MessageBoxExW 763ED65D 5 Bytes JMP 6AB08CC7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5004] ole32.dll!OleLoadFromStream 75FF1E80 5 Bytes JMP 6AB096B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Geändert von christian2 (30.08.2012 um 13:10 Uhr) |
| Themen zu GUV Trojaner |
| 7-zip, anti-malware, ausgeführt, avira searchfree toolbar, branding, canon, defogger, eurer, gefunde, google earth, guv trojaner, gvu-trojaner, install.exe, malwarebytes, malwarebytes anti-malware, nichts, plug-in, programm, quarantäne, quick, runtergeladen, sache, sachen, safer networking, scan, schonmal, seite, troja, trojane, trojaner, versuch, weiteren |
Baum-Darstellung